Skip to content
Snippets Groups Projects
Select Git revision
  • 50548dc9c87a642a513966a25107d03ad55c7b45
  • master default protected
2 results

middleware.py

Blame
  • Julian Rother's avatar
    Julian authored
    Previously, users imported from LDAP had no verified mail address causing
    many problems with Postorius and Hyperkitty.
    
    Also prevents users from changing their username, first name or last name.
    
    Fixes #3
    50548dc9
    History
    middleware.py 1.33 KiB
    # Based on https://github.com/labd/django-session-timeout
    # Copyright (c) 2017 Michael van Tellingen
    
    import time
    
    from django.conf import settings
    from django.contrib.auth.views import redirect_to_login
    from django.shortcuts import redirect
    
    try:
    	from django.utils.deprecation import MiddlewareMixin
    except ImportError:
    	MiddlewareMixin = object
    
    SESSION_TIMEOUT_KEY = "_session_init_timestamp_"
    
    class SessionTimeoutMiddleware(MiddlewareMixin):
    	def process_request(self, request):
    		if not hasattr(request, "session") or request.session.is_empty():
    			return
    
    		init_time = request.session.setdefault(SESSION_TIMEOUT_KEY, time.time())
    
    		expire_seconds = getattr(
    			settings, "SESSION_EXPIRE_SECONDS", settings.SESSION_COOKIE_AGE
    		)
    
    		session_is_expired = time.time() - init_time > expire_seconds
    
    		if session_is_expired:
    			request.session.flush()
    			redirect_url = getattr(settings, "SESSION_TIMEOUT_REDIRECT", None)
    			if redirect_url:
    				return redirect(redirect_url)
    			else:
    				return redirect_to_login(next=request.path)
    
    		expire_since_last_activity = getattr(
    			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY", False
    		)
    		grace_period = getattr(
    			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY_GRACE_PERIOD", 1
    		)
    
    		if expire_since_last_activity and time.time() - init_time > grace_period:
    			request.session[SESSION_TIMEOUT_KEY] = time.time()