user sessions cleanup

2025-06-16 20:15:44 +00:00 · 2024-06-25 20:38:01 +02:00
parent 7fe8062db8
commit 8b1f871b75
8 changed files with 6 additions and 53 deletions
--- a/src/backend/InvenTree/InvenTree/settings.py
+++ b/src/backend/InvenTree/InvenTree/settings.py
@ -204,6 +204,7 @@ INSTALLED_APPS = [
    # Core django modules
    'django.contrib.auth',
    'django.contrib.contenttypes',
+    'django.contrib.sessions',
    'django.contrib.humanize',
    'whitenoise.runserver_nostatic',
    'django.contrib.messages',
@ -246,6 +247,7 @@ MIDDLEWARE = CONFIG.get(
    [
        'django.middleware.security.SecurityMiddleware',
        'x_forwarded_for.middleware.XForwardedForMiddleware',
+        'django.contrib.sessions.middleware.SessionMiddleware',
        'allauth.usersessions.middleware.UserSessionsMiddleware',  # DB user sessions
        'django.middleware.locale.LocaleMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
@ -812,13 +814,7 @@ if GLOBAL_CACHE_ENABLED:  # pragma: no cover
    # as well
    Q_CLUSTER['django_redis'] = 'worker'

-# database user sessions
-SESSION_ENGINE = 'user_sessions.backends.db'
-LOGOUT_REDIRECT_URL = get_setting(
-    'INVENTREE_LOGOUT_REDIRECT_URL', 'logout_redirect_url', 'index'
-)
-
-SILENCED_SYSTEM_CHECKS = ['admin.E410', 'templates.E003', 'templates.W003']
+SILENCED_SYSTEM_CHECKS = ['templates.E003', 'templates.W003']

 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
--- a/src/backend/InvenTree/InvenTree/urls.py
+++ b/src/backend/InvenTree/InvenTree/urls.py
@ -49,8 +49,6 @@ from .views import (
    CustomEmailView,
    CustomLoginView,
    CustomPasswordResetFromKeyView,
-    CustomSessionDeleteOtherView,
-    CustomSessionDeleteView,
    DatabaseStatsView,
    DynamicJsView,
    EditUserView,
@ -357,17 +355,6 @@ classic_frontendpatterns = [
    path('settings/', include(settings_urls)),
    path('about/', AboutView.as_view(), name='about'),
    path('stats/', DatabaseStatsView.as_view(), name='stats'),
-    # DB user sessions
-    path(
-        'accounts/sessions/other/delete/',
-        view=CustomSessionDeleteOtherView.as_view(),
-        name='session_delete_other',
-    ),
-    re_path(
-        r'^accounts/sessions/(?P<pk>\w+)/delete/$',
-        view=CustomSessionDeleteView.as_view(),
-        name='session_delete',
-    ),
    # Single Sign On / allauth
    # overrides of urlpatterns
    path('accounts/email/', CustomEmailView.as_view(), name='account_email'),
--- a/src/backend/InvenTree/InvenTree/views.py
+++ b/src/backend/InvenTree/InvenTree/views.py
@ -4,9 +4,7 @@ In particular these views provide base functionality for rendering Django forms
 as JSON objects and passing them to modal forms (using jQuery / bootstrap).
 """

-from django.contrib.auth import password_validation
 from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
-from django.core.exceptions import ValidationError
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@ -23,14 +21,13 @@ from allauth.account.views import EmailView, LoginView, PasswordResetFromKeyView
 from allauth.socialaccount.forms import DisconnectForm
 from allauth.socialaccount.views import ConnectionsView
 from djmoney.contrib.exchange.models import ExchangeBackend, Rate
-from user_sessions.views import SessionDeleteOtherView, SessionDeleteView

 import common.currency
 import common.models as common_models
 from part.models import PartCategory
 from users.models import RuleSet, check_user_role

-from .forms import EditUserForm, SetPasswordForm
+from .forms import EditUserForm
 from .helpers import is_ajax, remove_non_printable_characters, strip_html_tags


@ -515,26 +512,6 @@ class CustomPasswordResetFromKeyView(PasswordResetFromKeyView):
    success_url = reverse_lazy('account_login')


-class UserSessionOverride:
-    """Overrides sucessurl to lead to settings."""
-
-    def get_success_url(self):
-        """Revert to settings page after success."""
-        return str(reverse_lazy('settings'))
-
-
-class CustomSessionDeleteView(UserSessionOverride, SessionDeleteView):
-    """Revert to settings after session delete."""
-
-    pass
-
-
-class CustomSessionDeleteOtherView(UserSessionOverride, SessionDeleteOtherView):
-    """Revert to settings after session delete."""
-
-    pass
-
-
 class CustomLoginView(LoginView):
    """Custom login view that allows login with urlargs."""

--- a/src/backend/InvenTree/templates/InvenTree/settings/user.html
+++ b/src/backend/InvenTree/templates/InvenTree/settings/user.html
@ -5,7 +5,7 @@
 {% load inventree_extras %}
 {% load socialaccount %}
 {% load crispy_forms_tags %}
-{% load user_sessions i18n %}
+{% load i18n %}

 {% block label %}account{% endblock label %}

@ -194,7 +194,7 @@
            <tr {% if object.session_key == session_key %}class="active"{% endif %}>
            <td>{{ object.ip }}</td>
            {% if object.user_agent or object.device %}
-            <td>{{ object.user_agent|device|default_if_none:unknown_on_unknown|safe }}</td>
+            <td>{{ object.user_agent|default_if_none:unknown_on_unknown|safe }}</td>
            {% else %}
            <td>{{ unknown_on_unknown }}</td>
            {% endif %}
--- a/src/backend/InvenTree/users/models.py
+++ b/src/backend/InvenTree/users/models.py
@ -351,7 +351,6 @@ class RuleSet(models.Model):
            'error_report_error',
            'exchange_rate',
            'exchange_exchangebackend',
-            'user_sessions_session',
            # Django-q
            'django_q_ormq',
            'django_q_failure',
--- a/src/backend/requirements.in
+++ b/src/backend/requirements.in
@ -28,7 +28,6 @@ django-sslserver                        # Secure HTTP development server
 django-stdimage                         # Advanced ImageField management
 django-taggit                           # Tagging support
 django-otp==1.3.0                       # Two-factor authentication (legacy to ensure migrations) https://github.com/inventree/InvenTree/pull/6293
-django-user-sessions                    # user sessions in DB
 django-weasyprint                       # django weasyprint integration
 djangorestframework                     # DRF framework
 djangorestframework-simplejwt[crypto]   # JWT authentication
--- a/src/backend/requirements.txt
+++ b/src/backend/requirements.txt
@ -353,7 +353,6 @@ django==4.2.12 \
    #   django-sslserver
    #   django-stdimage
    #   django-taggit
-    #   django-user-sessions
    #   django-weasyprint
    #   django-xforwardedfor-middleware
    #   djangorestframework
@ -440,9 +439,6 @@ django-stdimage==6.0.2 \
 django-taggit==5.0.1 \
    --hash=sha256:a0ca8a28b03c4b26c2630fd762cb76ec39b5e41abf727a7b66f897a625c5e647 \
    --hash=sha256:edcd7db1e0f35c304e082a2f631ddac2e16ef5296029524eb792af7430cab4cc
-django-user-sessions==2.0.0 \
-    --hash=sha256:0965554279f556b47062965609fa08b3ae45bbc581001dbe84b2ea599cc67748 \
-    --hash=sha256:41b8b1ebeb4736065efbc96437c9cfbf491c39e10fd547a76b98f2312e11fa3e
 django-weasyprint==2.3.0 \
    --hash=sha256:2f849e15bfd6c1b2a58512097b9042eddf3533651d37d2e096cd6f7d8be6442b \
    --hash=sha256:807cb3b16332123d97c8bbe2ac9c70286103fe353235351803ffd33b67284735
--- a/tasks.py
+++ b/tasks.py
@ -85,7 +85,6 @@ def content_excludes(
        'exchange.exchangebackend',
        'common.notificationentry',
        'common.notificationmessage',
-        'user_sessions.session',
        'report.labeloutput',
        'report.reportoutput',
    ]