def __call__(self, request: Request):
user = request.user
if user:
try:
session_authenticated_at = request.session.get(
"authenticated_at")
# User was deauthenticatd in this request for some reason
if session_authenticated_at:
if not user.is_valid_session(session_authenticated_at):
request.session.invalidate()
messages.add(
request,
kind="error",
msg=
"Your have been logged out due to authentication changes.",
msg_id="msg-session-invalidated")
logger.info(
"User log out forced due to security sensitive settings change, user %s, session id %s",
user, request.session.session_id)
return HTTPFound(request.application_url)
except sqlalchemy.orm.exc.DetachedInstanceError:
if good_reify:
# pyramid_tm 2.0
raise
# TODO: pyramid_tm 2.0 needed,
# now temporary just kill user object instead of failing with an internal error, so that development server doesn't fail with CSS etc. resources
request.user = None
response = self.handler(request)
return response
def __call__(self, request: Request):
user = request.user
if user:
try:
session_created_at = request.session["created_at"]
if not user.is_valid_session(session_created_at):
request.session.invalidate()
messages.add(
request,
kind="error",
msg=
"Your have been logged out due to authentication changes. ",
msg_id="msg-session-invalidated")
return HTTPFound(request.application_url)
except sqlalchemy.orm.exc.DetachedInstanceError:
if good_reify:
# pyramid_tm 2.0
raise
# TODO: pyramid_tm 2.0 needed,
# now temporary just kill user object instead of failing with an internal error, so that development server doesn't fail with CSS etc. resources
request.user = None
response = self.handler(request)
return response
def __call__(self, request: Request):
user = request.user
if user:
try:
session_created_at = request.session["created_at"]
if not user.is_valid_session(session_created_at):
request.session.invalidate()
messages.add(request, kind="error", msg="Your have been logged out due to authentication changes. ", msg_id="msg-session-invalidated")
return HTTPFound(request.application_url)
except sqlalchemy.orm.exc.DetachedInstanceError:
# TODO: pyramid_tm 2.0 needed,
# now temporary just kill user object instead of failing with an internal error, so that development server doesn't fail with CSS etc. resources
request.user = None
response = self.handler(request)
return response
