External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-09 18:37:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Use Django's own logic to invalidate sessions of users when changing passwords

Browse Source 
The key is django.contrib.auth.update_session_auth_hash(), which knows
how to inject a recalculated session hash back into the session if the
requesting user is changing their own password, in order to keep that
user logged in.
This commit is contained in:
Jeff Bradberry
2019-03-26 17:22:16 -04:00
parent 2129f12085
commit f2be4de544
5 changed files with 22 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
awx/main/models/organization.py
View File

@@ -183,12 +183,6 @@ class UserSessionMembership(BaseModel):
non_expire_memberships = [x for x in query_set if x.session.expire_date > now]
return non_expire_memberships[settings.SESSIONS_PER_USER:]
@staticmethod
def clear_session_for_user(user):
query_set = UserSessionMembership.objects.select_related('session').filter(user=user)
sessions_to_delete = [obj.session.pk for obj in query_set]
Session.objects.filter(pk__in=sessions_to_delete).delete()
# Add get_absolute_url method to User model if not present.
if not hasattr(User, 'get_absolute_url'):