Fix clearing of user sessions.

Previously, we weren't clearing the users out of memcached (we just
killed them in the database), so in fact users were not logged out
when we deactivated them for an hour (when the memcached caches would
expire).

(imported from commit 0f0a2f70e003c184106c73b22b876f57c1ef3371)

zephyr/lib/actions.py

@@ -9,6 +9,8 @@ from zephyr.models import Realm, Stream, UserProfile, UserActivity, \
 from django.db import transaction, IntegrityError
 from django.db.models import F
 from django.core.exceptions import ValidationError
+from django.utils.importlib import import_module
+session_engine = import_module(settings.SESSION_ENGINE)
 
 from zephyr.lib.initial_password import initial_password
 from zephyr.lib.timestamp import timestamp_to_datetime, datetime_to_timestamp
@@ -70,10 +72,28 @@ def do_create_user(email, password, realm, full_name, short_name,
     tornado_callbacks.send_notification(notice)
     return user_profile
 
-
 def user_sessions(user):
     return [s for s in Session.objects.all() if s.get_decoded().get('_auth_user_id') == user.id]
 
+def delete_session(session):
+    return session_engine.SessionStore(session.session_key).delete()
+
+def delete_user_sessions(user_profile):
+    for session in Session.objects.all():
+        if session.get_decoded().get('_auth_user_id') == user_profile.user.id:
+            delete_session(session)
+
+def delete_realm_sessions(realm):
+    realm_user_ids = [u.user.id for u in
+                      UserProfile.objects.filter(realm=realm)]
+    for session in Session.objects.all():
+        if session.get_decoded().get('_auth_user_id') in realm_user_ids:
+            delete_session(session)
+
+def delete_all_user_sessions():
+    for session in Session.objects.all():
+        delete_session(session)
+
 def do_deactivate(user_profile):
     user_profile.is_active = False;
     user_profile.set_unusable_password()
@@ -83,8 +103,7 @@ def do_deactivate(user_profile):
     user_profile.user.is_active = False
     user_profile.user.save(update_fields=["is_active", "password"])
 
-    for session in user_sessions(user_profile.user):
+    delete_user_sessions(user_profile)
-        session.delete()
 
     log_event({'type': 'user_deactivated',
                'timestamp': time.time(),

zephyr/management/commands/set_message_flags.py

@@ -4,7 +4,7 @@ import sys
 
 from django.core.management.base import BaseCommand
 
-from zephyr.lib.actions import do_deactivate, user_sessions
+from zephyr.lib.actions import do_deactivate
 from zephyr.lib import utils
 from zephyr.models import UserMessage, get_user_profile_by_email
 from django.db import transaction, models

zephyr/management/commands/set_unread_to_pointer.py

@@ -3,7 +3,7 @@ import logging
 
 from django.core.management.base import BaseCommand
 
-from zephyr.lib.actions import do_deactivate, user_sessions
+from zephyr.lib.actions import do_deactivate
 from zephyr.lib import utils
 from zephyr.models import UserMessage, UserProfile, \
     get_user_profile_by_email