2017-03-08 11:46:12 +01:00
|
|
|
import logging
|
2020-02-06 18:25:15 +01:00
|
|
|
from datetime import timedelta
|
2020-06-11 00:54:34 +02:00
|
|
|
from importlib import import_module
|
2020-07-01 00:31:28 +02:00
|
|
|
from typing import Any, List, Mapping, Optional, Type, cast
|
2020-06-11 00:54:34 +02:00
|
|
|
|
2017-03-08 11:46:12 +01:00
|
|
|
from django.conf import settings
|
2015-08-19 20:53:55 +02:00
|
|
|
from django.contrib.auth import SESSION_KEY, get_user_model
|
2020-07-01 00:31:28 +02:00
|
|
|
from django.contrib.sessions.backends.base import SessionBase
|
2016-06-04 19:52:48 +02:00
|
|
|
from django.contrib.sessions.models import Session
|
2017-04-15 04:03:56 +02:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2020-07-01 00:31:28 +02:00
|
|
|
from typing_extensions import Protocol
|
2016-06-04 20:38:42 +02:00
|
|
|
|
2020-02-06 18:25:15 +01:00
|
|
|
from zerver.lib.timestamp import datetime_to_timestamp, timestamp_to_datetime
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.models import Realm, UserProfile, get_user_profile_by_id
|
2017-03-08 11:46:12 +01:00
|
|
|
|
2020-07-01 00:31:28 +02:00
|
|
|
|
|
|
|
class SessionEngine(Protocol):
|
|
|
|
SessionStore: Type[SessionBase]
|
|
|
|
|
|
|
|
session_engine = cast(SessionEngine, import_module(settings.SESSION_ENGINE))
|
2015-08-19 20:53:55 +02:00
|
|
|
|
2018-05-10 19:13:36 +02:00
|
|
|
def get_session_dict_user(session_dict: Mapping[str, int]) -> Optional[int]:
|
2015-08-19 20:53:55 +02:00
|
|
|
# Compare django.contrib.auth._get_user_session_key
|
|
|
|
try:
|
|
|
|
return get_user_model()._meta.pk.to_python(session_dict[SESSION_KEY])
|
|
|
|
except KeyError:
|
|
|
|
return None
|
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def get_session_user(session: Session) -> Optional[int]:
|
2015-08-19 20:53:55 +02:00
|
|
|
return get_session_dict_user(session.get_decoded())
|
2017-03-08 11:46:12 +01:00
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def user_sessions(user_profile: UserProfile) -> List[Session]:
|
2017-03-08 11:46:12 +01:00
|
|
|
return [s for s in Session.objects.all()
|
|
|
|
if get_session_user(s) == user_profile.id]
|
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def delete_session(session: Session) -> None:
|
2020-07-01 00:31:28 +02:00
|
|
|
session_engine.SessionStore(session.session_key).delete()
|
2017-03-08 11:46:12 +01:00
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def delete_user_sessions(user_profile: UserProfile) -> None:
|
2017-03-08 11:46:12 +01:00
|
|
|
for session in Session.objects.all():
|
|
|
|
if get_session_user(session) == user_profile.id:
|
|
|
|
delete_session(session)
|
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def delete_realm_user_sessions(realm: Realm) -> None:
|
2017-03-08 11:46:12 +01:00
|
|
|
realm_user_ids = [user_profile.id for user_profile in
|
|
|
|
UserProfile.objects.filter(realm=realm)]
|
2017-04-15 04:03:56 +02:00
|
|
|
for session in Session.objects.filter(expire_date__gte=timezone_now()):
|
2017-03-08 11:46:12 +01:00
|
|
|
if get_session_user(session) in realm_user_ids:
|
|
|
|
delete_session(session)
|
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def delete_all_user_sessions() -> None:
|
2017-03-08 11:46:12 +01:00
|
|
|
for session in Session.objects.all():
|
|
|
|
delete_session(session)
|
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def delete_all_deactivated_user_sessions() -> None:
|
2017-03-08 11:46:12 +01:00
|
|
|
for session in Session.objects.all():
|
|
|
|
user_profile_id = get_session_user(session)
|
2018-12-01 19:05:53 +01:00
|
|
|
if user_profile_id is None: # nocoverage # TODO: Investigate why we lost coverage on this
|
2018-12-01 00:54:13 +01:00
|
|
|
continue
|
2017-03-08 11:46:12 +01:00
|
|
|
user_profile = get_user_profile_by_id(user_profile_id)
|
|
|
|
if not user_profile.is_active or user_profile.realm.deactivated:
|
2020-05-02 08:44:14 +02:00
|
|
|
logging.info("Deactivating session for deactivated user %s", user_profile.id)
|
2017-03-08 11:46:12 +01:00
|
|
|
delete_session(session)
|
2020-02-06 18:25:15 +01:00
|
|
|
|
|
|
|
def set_expirable_session_var(session: Session, var_name: str, var_value: Any, expiry_seconds: int) -> None:
|
|
|
|
expire_at = datetime_to_timestamp(timezone_now() + timedelta(seconds=expiry_seconds))
|
|
|
|
session[var_name] = {'value': var_value, 'expire_at': expire_at}
|
|
|
|
|
|
|
|
def get_expirable_session_var(session: Session, var_name: str, default_value: Any=None,
|
|
|
|
delete: bool=False) -> Any:
|
|
|
|
if var_name not in session:
|
|
|
|
return default_value
|
|
|
|
|
|
|
|
try:
|
|
|
|
value, expire_at = (session[var_name]['value'], session[var_name]['expire_at'])
|
2020-06-12 01:35:37 +02:00
|
|
|
except (KeyError, TypeError):
|
|
|
|
logging.warning("get_expirable_session_var: error getting %s", var_name, exc_info=True)
|
2020-02-06 18:25:15 +01:00
|
|
|
return default_value
|
|
|
|
|
|
|
|
if timestamp_to_datetime(expire_at) < timezone_now():
|
|
|
|
del session[var_name]
|
|
|
|
return default_value
|
|
|
|
|
|
|
|
if delete:
|
|
|
|
del session[var_name]
|
|
|
|
return value
|