From 6db0ce335fe1a9d838b2a143fdeaf202a4d49b81 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Mon, 8 Mar 2021 14:54:23 +0100
Subject: [PATCH] add session timeout middleware

---
 django_auth_ldap_remoteuser/middleware.py | 48 +++++++++++++++++++++++
 setup.py                                  |  2 +-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 django_auth_ldap_remoteuser/middleware.py

diff --git a/django_auth_ldap_remoteuser/middleware.py b/django_auth_ldap_remoteuser/middleware.py
new file mode 100644
index 0000000..7132d47
--- /dev/null
+++ b/django_auth_ldap_remoteuser/middleware.py
@@ -0,0 +1,48 @@
+# Based on https://github.com/labd/django-session-timeout
+# Copyright (c) 2017 Michael van Tellingen
+
+import time
+
+from django.conf import settings
+from django.contrib.auth.views import redirect_to_login
+from django.shortcuts import redirect
+
+try:
+	from django.utils.deprecation import MiddlewareMixin
+except ImportError:
+	MiddlewareMixin = object
+
+
+SESSION_TIMEOUT_KEY = "_session_init_timestamp_"
+
+
+class SessionTimeoutMiddleware(MiddlewareMixin):
+	def process_request(self, request):
+		if not hasattr(request, "session") or request.session.is_empty():
+			return
+
+		init_time = request.session.setdefault(SESSION_TIMEOUT_KEY, time.time())
+
+		expire_seconds = getattr(
+			settings, "SESSION_EXPIRE_SECONDS", settings.SESSION_COOKIE_AGE
+		)
+
+		session_is_expired = time.time() - init_time > expire_seconds
+
+		if session_is_expired:
+			request.session.flush()
+			redirect_url = getattr(settings, "SESSION_TIMEOUT_REDIRECT", None)
+			if redirect_url:
+				return redirect(redirect_url)
+			else:
+				return redirect_to_login(next=request.path)
+
+		expire_since_last_activity = getattr(
+			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY", False
+		)
+		grace_period = getattr(
+			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY_GRACE_PERIOD", 1
+		)
+
+		if expire_since_last_activity and time.time() - init_time > grace_period:
+			request.session[SESSION_TIMEOUT_KEY] = time.time()
diff --git a/setup.py b/setup.py
index d0ba93f..0d5b992 100644
--- a/setup.py
+++ b/setup.py
@@ -1,7 +1,7 @@
 from setuptools import setup, find_packages
 
 setup(name='django_auth_ldap_remoteuser',
-	version='2.0',
+	version='3.0',
 	description='Combine the RemoteUser and django-auth-ldap backends for django',
 	url='https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser',
 	author='Andreas Valder',
-- 
GitLab