pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Attach identity reset to logout signals

Browse source 
Safer than doing it manually
This commit is contained in:
Gina Häußge 2017-07-17 13:14:45 +02:00
parent cf053ddbed
commit 6f5707a0fc
2 changed files with 31 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/octoprint/server/__init__.py
View file

@ -7,9 +7,9 @@ __copyright__ = "Copyright (C) 2014 The OctoPrint Project - Released under terms
import uuid
from sockjs.tornado import SockJSRouter
from flask import Flask, g, request, session, Blueprint, Request, Response
from flask.ext.login import LoginManager, current_user
from flask.ext.principal import Principal, Permission, RoleNeed, identity_loaded, UserNeed
from flask import Flask, g, request, session, Blueprint, Request, Response, current_app
from flask.ext.login import LoginManager, current_user, session_protected, user_logged_out
from flask.ext.principal import Principal, Permission, RoleNeed, identity_loaded, identity_changed, UserNeed, AnonymousIdentity
from flask.ext.babel import Babel, gettext, ngettext
from flask.ext.assets import Environment, Bundle
from babel import Locale
@ -96,6 +96,29 @@ def on_identity_loaded(sender, identity):
if user.is_admin():
identity.provides.add(RoleNeed("admin"))
def _clear_identity(sender):
# Remove session keys set by Flask-Principal
for key in ('identity.id', 'identity.name', 'identity.auth_type'):
if key in session:
del session[key]
# switch to anonymous identity
identity_changed.send(sender, identity=AnonymousIdentity())
@session_protected.connect_via(app)
def on_session_protected(sender):
# session was protected, that means the user is no more and we need to clear our identity
_clear_identity(sender)
@user_logged_out.connect_via(app)
def on_user_logged_out(sender, user=None):
# user was logged out, clear identity
_clear_identity(sender)
def load_user(id):
if id == "_api":
return users.ApiUser()

11
src/octoprint/server/api/__init__.py
View file

@ -222,22 +222,21 @@ def login():
@api.route("/logout", methods=["POST"])
@restricted_access
def logout():
# Remove session keys set by Flask-Principal
for key in ('identity.id', 'identity.name', 'identity.auth_type'):
if key in session:
del session[key]
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
# logout from user manager...
_logout(current_user)
# ... and from flask login (and principal)
logout_user()
return NO_CONTENT
def _logout(user):
if "usersession.id" in session:
del session["usersession.id"]
octoprint.server.userManager.logout_user(user)
@api.route("/util/test", methods=["POST"])
@restricted_access
@admin_permission.require(403)