Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
N
Nuovo sito
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
16
Issues
16
List
Boards
Labels
Milestones
Merge Requests
2
Merge Requests
2
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Gruppo Web
Nuovo sito
Commits
565f65c7
Commit
565f65c7
authored
May 02, 2018
by
Pietro Albini
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add creation date for sessions and don't delete them
parent
28ede21f
Pipeline
#82
passed with stage
in 0 seconds
Changes
4
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
62 additions
and
30 deletions
+62
-30
uitwww/auth.py
uitwww/auth.py
+36
-28
uitwww/db.py
uitwww/db.py
+4
-0
uitwww/templates/auth/session.html
uitwww/templates/auth/session.html
+20
-2
uitwww/templates/auth/sessions.html
uitwww/templates/auth/sessions.html
+2
-0
No files found.
uitwww/auth.py
View file @
565f65c7
...
...
@@ -43,18 +43,19 @@ class Sessions:
id
=
str
(
uuid
.
uuid4
())
ip
=
flask
.
request
.
remote_addr
now
=
int
(
time
.
time
())
self
.
db
.
update
(
"INSERT INTO auth_sessions (id, nickname, teams, ip,
expires_at)
"
"
VALUES (?, ?, ?, ?, ?)"
,
id
,
nickname
,
","
.
join
(
teams
),
ip
,
int
(
time
.
time
())
+
SESSION_EXPIRES_AFTER
,
"INSERT INTO auth_sessions (id, nickname, teams, ip,
created_at,
"
"
expires_at) VALUES (?, ?, ?, ?, ?, ?)"
,
id
,
nickname
,
","
.
join
(
teams
),
ip
,
now
,
now
+
SESSION_EXPIRES_AFTER
,
)
return
id
def
check
(
self
,
id
):
"""Check if a session is valid and return its data"""
data
=
self
.
db
.
query
(
"SELECT nickname, teams, ip, expires_at
FROM auth_sessions
"
"WHERE id = ?"
,
id
,
"SELECT nickname, teams, ip, expires_at
, created_at
"
"
FROM auth_sessions
WHERE id = ?"
,
id
,
)
if
not
data
:
raise
SessionError
(
"La tua sessione è scaduta, accedi di nuovo."
)
...
...
@@ -65,7 +66,6 @@ class Sessions:
expires_at
=
data
[
0
][
3
]
if
expires_at
is
None
or
expires_at
<
time
.
time
():
self
.
delete
(
id
)
raise
SessionError
(
"La tua sessione è scaduta, accedi di nuovo."
)
else
:
# Bump the session every time a new page is visited
...
...
@@ -82,50 +82,58 @@ class Sessions:
"teams"
:
data
[
0
][
1
].
split
(
","
),
}
def
delete
(
self
,
id
):
"""Delete a session"""
self
.
db
.
update
(
"DELETE FROM auth_sessions WHERE id = ?;"
,
id
)
def
disable
(
self
,
id
):
"""Disable a session"""
self
.
db
.
update
(
"UPDATE auth_sessions SET expires_at = ? WHERE id = ?;"
,
int
(
time
.
time
()),
id
,
)
def
delete_all
(
self
,
except_id
):
"""Delete every session except this one"""
self
.
db
.
update
(
"DELETE FROM auth_sessions WHERE id != ?;"
,
except_id
)
def
disable_all
(
self
,
except_id
):
"""Disable every active session except this one"""
now
=
int
(
time
.
time
())
self
.
db
.
update
(
"UPDATE auth_sessions SET expires_at = ? WHERE id != ? AND "
"expires_at IS NOT NULL AND expires_at >= ?;"
,
now
,
id
,
now
,
)
def
all
(
self
):
"""Return all the sessions"""
rows
=
self
.
db
.
query
(
"SELECT id, nickname, teams, ip, expires_at FROM auth_sessions;"
)
now
=
time
.
time
()
rows
=
self
.
db
.
query
(
"SELECT id, nickname, teams, ip, expires_at, created_at "
"FROM auth_sessions WHERE expires_at IS NOT NULL "
"AND expires_at >= ?;"
,
now
,
)
result
=
[]
for
row
in
rows
:
# Delete expired sessions
if
row
[
0
]
is
None
or
row
[
4
]
<
now
:
self
.
delete
(
row
[
0
])
continue
result
.
append
({
"id"
:
row
[
0
],
"nickname"
:
row
[
1
],
"teams"
:
row
[
2
].
split
(
","
),
"ip"
:
row
[
3
],
"expires_at"
:
row
[
4
],
"created_at"
:
row
[
5
],
})
return
result
def
get
(
self
,
id
):
"""Return details about a session"""
row
=
self
.
db
.
query
(
"SELECT nickname, teams, ip, expires_at FROM auth_sessions WHERE id = ?;"
,
id
)
row
=
self
.
db
.
query
(
"SELECT nickname, teams, ip, expires_at, created_at "
"FROM auth_sessions WHERE id = ?;"
,
id
,
)
if
row
:
# Delete expired sessions
if
row
[
0
][
3
]
is
None
or
row
[
0
][
3
]
<
time
.
time
():
self
.
delete
(
id
)
return
return
{
"id"
:
id
,
"nickname"
:
row
[
0
][
0
],
"teams"
:
row
[
0
][
1
].
split
(
","
),
"ip"
:
row
[
0
][
2
],
"expires_at"
:
row
[
0
][
3
],
"created_at"
:
row
[
0
][
4
],
"active"
:
row
[
0
][
3
]
>=
time
.
time
(),
}
def
count
(
self
):
...
...
@@ -258,7 +266,7 @@ def prepare_blueprint(app):
@
bp
.
route
(
"/logout"
)
@
permission
(
"auth.logout"
)
def
logout
():
sessions
.
d
elet
e
(
flask
.
session
[
"auth"
])
sessions
.
d
isabl
e
(
flask
.
session
[
"auth"
])
del
flask
.
session
[
"auth"
]
flask
.
flash
(
"La sessione è stata terminata correttamente."
,
"success"
)
...
...
@@ -276,7 +284,7 @@ def prepare_blueprint(app):
@
bp
.
route
(
"/sessions/+all/revoke"
)
@
permission
(
"auth.sessions.manage"
)
def
sessions_revoke_all
():
sessions
.
d
elet
e_all
(
flask
.
g
.
auth_id
)
sessions
.
d
isabl
e_all
(
flask
.
g
.
auth_id
)
return
flask
.
redirect
(
flask
.
url_for
(
".sessions_list"
))
@
bp
.
route
(
"/sessions/<id>"
)
...
...
@@ -308,7 +316,7 @@ def prepare_blueprint(app):
"auth.sessions.own"
:
lambda
id
:
flask
.
g
.
auth_id
==
id
,
})
def
sessions_revoke
(
id
):
sessions
.
d
elet
e
(
id
)
sessions
.
d
isabl
e
(
id
)
return
flask
.
redirect
(
flask
.
url_for
(
".sessions_list"
))
return
bp
uitwww/db.py
View file @
565f65c7
...
...
@@ -85,4 +85,8 @@ MIGRATIONS = [
(
"add_auth_sessions_expires_at_column"
,
"""
ALTER TABLE auth_sessions ADD COLUMN expires_at INTEGER;
"""
),
(
"add_auth_sessions_created_at_column"
,
"""
ALTER TABLE auth_sessions ADD COLUMN created_at INTEGER;
"""
),
]
uitwww/templates/auth/session.html
View file @
565f65c7
...
...
@@ -31,12 +31,24 @@
<td>
Nome utente
</td>
<td><b>
{{ session.nickname }}
</b></td>
</tr>
<tr>
<td>
Stato
</td>
<td>
{% if session.active -%}
<span
class=
"text-green"
>
Attiva
</span>
{%- else -%}
<span
class=
"text-red"
>
Scaduta
</span>
{%- endif %}
</td>
</tr>
<tr>
<td>
Indirizzo IP
</td>
<td>
{{ session.ip }}
</td>
</tr>
<tr>
<td>
Scadenza
</td>
<td>
Inizio
</td>
<td>
{{ session.created_at|format_timestamp }}
</td>
</tr>
<tr>
<td>
{% if session.active %}Scadenza{% else %}Fine{% endif %}
</td>
<td>
{{ session.expires_at|format_timestamp }}
</td>
</tr>
<tr>
...
...
@@ -53,7 +65,7 @@
</table>
</div>
{% if g.auth_id != session.id %}
{% if g.auth_id != session.id
and session.active
%}
<a
class=
"btn"
href=
"{{ url_for("
.
sessions_revoke
",
id=
session.id)
}}"
>
Disabilita sessione
</a>
...
...
@@ -63,11 +75,16 @@
{% if others %}
<div
class=
"row"
>
<div
class=
"col"
>
{% if session.active %}
<h2>
Altre sessioni dell'utente
</h2>
{% else %}
<h2>
Sessioni correnti dell'utente
</h2>
{% endif %}
<div
class=
"table"
>
<table>
<tr>
<th>
Indirizzo IP
</th>
<th>
Inizio
</th>
<th>
Scadenza
</th>
<th></th>
<th></th>
...
...
@@ -75,6 +92,7 @@
{% for session in others %}
<tr>
<td>
{{ session.ip }}
</td>
<td>
{{ session.created_at|format_timestamp }}
<td>
{{ session.expires_at|format_timestamp }}
<td>
<a
href=
"{{ url_for("
.
sessions_show
",
id=
session.id)
}}"
>
...
...
uitwww/templates/auth/sessions.html
View file @
565f65c7
...
...
@@ -40,6 +40,7 @@
<tr>
<th>
Nome utente
</th>
<th>
Indirizzo IP
</th>
<th>
Inizio
</th>
<th>
Scadenza
</th>
<th></th>
<th></th>
...
...
@@ -48,6 +49,7 @@
<tr>
<td>
{{ session.nickname }}
</td>
<td>
{{ session.ip }}
</td>
<td>
{{ session.created_at|format_timestamp }}
</td>
<td>
{{ session.expires_at|format_timestamp }}
</td>
<td>
<a
href=
"{{ url_for("
.
sessions_show
",
id=
session.id)
}}"
>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment