From 303e77c07d73ca94e4c4c1a4c697fee80d87bead Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Tue, 2 Apr 2013 11:54:57 -0400 Subject: [PATCH] Fix clearing of user sessions. Previously, we weren't clearing the users out of memcached (we just killed them in the database), so in fact users were not logged out when we deactivated them for an hour (when the memcached caches would expire). (imported from commit 0f0a2f70e003c184106c73b22b876f57c1ef3371) --- zephyr/lib/actions.py | 25 ++++++++++++++++--- .../management/commands/set_message_flags.py | 2 +- .../commands/set_unread_to_pointer.py | 2 +- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/zephyr/lib/actions.py b/zephyr/lib/actions.py index c7c4f75f7e..8570553337 100644 --- a/zephyr/lib/actions.py +++ b/zephyr/lib/actions.py @@ -9,6 +9,8 @@ from zephyr.models import Realm, Stream, UserProfile, UserActivity, \ from django.db import transaction, IntegrityError from django.db.models import F from django.core.exceptions import ValidationError +from django.utils.importlib import import_module +session_engine = import_module(settings.SESSION_ENGINE) from zephyr.lib.initial_password import initial_password from zephyr.lib.timestamp import timestamp_to_datetime, datetime_to_timestamp @@ -70,10 +72,28 @@ def do_create_user(email, password, realm, full_name, short_name, tornado_callbacks.send_notification(notice) return user_profile - def user_sessions(user): return [s for s in Session.objects.all() if s.get_decoded().get('_auth_user_id') == user.id] +def delete_session(session): + return session_engine.SessionStore(session.session_key).delete() + +def delete_user_sessions(user_profile): + for session in Session.objects.all(): + if session.get_decoded().get('_auth_user_id') == user_profile.user.id: + delete_session(session) + +def delete_realm_sessions(realm): + realm_user_ids = [u.user.id for u in + UserProfile.objects.filter(realm=realm)] + for session in Session.objects.all(): + if session.get_decoded().get('_auth_user_id') in realm_user_ids: + delete_session(session) + +def delete_all_user_sessions(): + for session in Session.objects.all(): + delete_session(session) + def do_deactivate(user_profile): user_profile.is_active = False; user_profile.set_unusable_password() @@ -83,8 +103,7 @@ def do_deactivate(user_profile): user_profile.user.is_active = False user_profile.user.save(update_fields=["is_active", "password"]) - for session in user_sessions(user_profile.user): - session.delete() + delete_user_sessions(user_profile) log_event({'type': 'user_deactivated', 'timestamp': time.time(), diff --git a/zephyr/management/commands/set_message_flags.py b/zephyr/management/commands/set_message_flags.py index 6d4a752f76..a38e222c07 100644 --- a/zephyr/management/commands/set_message_flags.py +++ b/zephyr/management/commands/set_message_flags.py @@ -4,7 +4,7 @@ import sys from django.core.management.base import BaseCommand -from zephyr.lib.actions import do_deactivate, user_sessions +from zephyr.lib.actions import do_deactivate from zephyr.lib import utils from zephyr.models import UserMessage, get_user_profile_by_email from django.db import transaction, models diff --git a/zephyr/management/commands/set_unread_to_pointer.py b/zephyr/management/commands/set_unread_to_pointer.py index d4a8eb7604..9fbaf809cb 100644 --- a/zephyr/management/commands/set_unread_to_pointer.py +++ b/zephyr/management/commands/set_unread_to_pointer.py @@ -3,7 +3,7 @@ import logging from django.core.management.base import BaseCommand -from zephyr.lib.actions import do_deactivate, user_sessions +from zephyr.lib.actions import do_deactivate from zephyr.lib import utils from zephyr.models import UserMessage, UserProfile, \ get_user_profile_by_email