Commit 7663cc59 authored by Vincent Pelletier's avatar Vincent Pelletier

erp5_auto_logout: Do not depend on __ac_name cookie presence.

parent 02541501
......@@ -2,4 +2,4 @@ from AccessControl import getSecurityManager
from zExceptions import Unauthorized
if REQUEST is not None: # Cheap "do not call from URL" protection - not that the session key is secret
raise Unauthorized
return 'ac_cookie_%s' % context.REQUEST.get('__ac_name', 'Anonymous User')
return 'ac_cookie_' + username
......@@ -50,7 +50,7 @@
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>REQUEST=None</string> </value>
<value> <string>username, REQUEST=None</string> </value>
</item>
<item>
<key> <string>id</string> </key>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>value</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Base_getUsernameFromAuthenticationCookie</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
from AccessControl import getSecurityManager
portal = context.getPortalObject()
portal.portal_sessions.manage_delObjects(portal.Base_getAutoLogoutSessionKey())
portal.portal_sessions.manage_delObjects(
portal.Base_getAutoLogoutSessionKey(
username=getSecurityManager().getUser().getUserName(),
)
)
REQUEST = portal.REQUEST
if REQUEST.has_key('portal_skin'):
portal.portal_skins.clearSkinCookie()
......
......@@ -8,7 +8,13 @@ else:
now = DateTime()
kw['expires'] = (now + expire_interval).toZone('GMT').rfc822()
ac_renew = (now + expire_interval / 2).millis()
portal.portal_sessions[portal.Base_getAutoLogoutSessionKey()]['ac_renew'] = ac_renew
portal.portal_sessions[
portal.Base_getAutoLogoutSessionKey(
username=portal.Base_getUsernameFromAuthenticationCookie(
cookie_value,
)
)
]['ac_renew'] = ac_renew
resp.setCookie(
name=cookie_name,
value=cookie_value,
......
portal = context.getPortalObject()
if DateTime().millis() >= portal.portal_sessions[portal.Base_getAutoLogoutSessionKey()].get('ac_renew', 0):
if DateTime().millis() >= portal.portal_sessions[
portal.Base_getAutoLogoutSessionKey(
username=portal.Base_getUsernameFromAuthenticationCookie(
cookie_value,
)
)
].get('ac_renew', 0):
portal.setAuthCookie(resp, cookie_name, cookie_value)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment