def _user_requires_secure_session(couch_user):
if not couch_user:
return False
domains = couch_user.get_domains()
if any(Domain.is_secure_session_required(domain) for domain in domains):
return True
from corehq.apps.users.models import DomainPermissionsMirror
for domain in domains:
mirrors = DomainPermissionsMirror.mirror_domains(domain)
if any(Domain.is_secure_session_required(m) for m in mirrors):
return True
return False
def process_view(self, request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated:
return
secure_session = request.session.get('secure_session')
timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT
domain = getattr(request, "domain", None)
now = datetime.datetime.utcnow()
# figure out if we want to switch to secure_sessions
change_to_secure_session = (not secure_session and (
(domain and Domain.is_secure_session_required(domain))
or self._user_requires_secure_session(request.couch_user)))
if change_to_secure_session:
timeout = settings.SECURE_TIMEOUT
# force re-authentication if the user has been logged in longer than the secure timeout
if self._session_expired(timeout, request.user.last_login, now):
LogoutView.as_view(
template_name=settings.BASE_TEMPLATE)(request)
# this must be after logout so it is attached to the new session
request.session['secure_session'] = True
request.session.set_expiry(timeout * 60)
return HttpResponseRedirect(
reverse('login') + '?next=' + request.path)
request.session['secure_session'] = True
request.session.set_expiry(timeout * 60)
def process_view(self, request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
secure_session = request.session.get('secure_session')
domain = getattr(request, "domain", None)
now = datetime.datetime.utcnow()
if not secure_session and (
(domain and Domain.is_secure_session_required(domain)) or
self._user_requires_secure_session(request.couch_user)):
if self._session_expired(settings.SECURE_TIMEOUT, request.user.last_login, now):
django_logout(request, template_name=settings.BASE_TEMPLATE)
# this must be after logout so it is attached to the new session
request.session['secure_session'] = True
return HttpResponseRedirect(reverse('login') + '?next=' + request.path)
else:
request.session['secure_session'] = True
request.session['last_request'] = json_format_datetime(now)
return
else:
last_request = request.session.get('last_request')
timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT
if self._session_expired(timeout, last_request, now):
django_logout(request, template_name=settings.BASE_TEMPLATE)
return HttpResponseRedirect(reverse('login') + '?next=' + request.path)
request.session['last_request'] = json_format_datetime(now)
def process_view(self, request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated():
return
secure_session = request.session.get('secure_session')
domain = getattr(request, "domain", None)
now = datetime.datetime.utcnow()
if not secure_session and (
(domain and Domain.is_secure_session_required(domain)) or
self._user_requires_secure_session(request.couch_user)):
if self._session_expired(settings.SECURE_TIMEOUT, request.user.last_login, now):
django_logout(request, template_name=settings.BASE_TEMPLATE)
# this must be after logout so it is attached to the new session
request.session['secure_session'] = True
return HttpResponseRedirect(reverse('login') + '?next=' + request.path)
else:
request.session['secure_session'] = True
request.session['last_request'] = json_format_datetime(now)
return
else:
last_request = request.session.get('last_request')
timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT
if self._session_expired(timeout, last_request, now):
django_logout(request, template_name=settings.BASE_TEMPLATE)
return HttpResponseRedirect(reverse('login') + '?next=' + request.path)
request.session['last_request'] = json_format_datetime(now)
def process_view(self, request, view_func, view_args, view_kwargs):
if not request.user.is_authenticated:
return
secure_session = request.session.get('secure_session')
timeout = settings.SECURE_TIMEOUT if secure_session else settings.INACTIVITY_TIMEOUT
domain = getattr(request, "domain", None)
now = datetime.datetime.utcnow()
# figure out if we want to switch to secure_sessions
change_to_secure_session = (
not secure_session
and (
(domain and Domain.is_secure_session_required(domain))
or self._user_requires_secure_session(request.couch_user)))
if change_to_secure_session:
timeout = settings.SECURE_TIMEOUT
# force re-authentication if the user has been logged in longer than the secure timeout
if self._session_expired(timeout, request.user.last_login, now):
django_logout(request, template_name=settings.BASE_TEMPLATE)
# this must be after logout so it is attached to the new session
request.session['secure_session'] = True
request.session.set_expiry(timeout * 60)
return HttpResponseRedirect(reverse('login') + '?next=' + request.path)
request.session['secure_session'] = True
request.session.set_expiry(timeout * 60)
def _user_requires_secure_session(couch_user):
return couch_user and any(
Domain.is_secure_session_required(domain)
for domain in couch_user.get_domains())
def _user_requires_secure_session(couch_user):
return couch_user and any(Domain.is_secure_session_required(domain)
for domain in couch_user.get_domains())
