From 8fad7b1e1fbd3ffc7355fdb9c8ebee757d45efce Mon Sep 17 00:00:00 2001
From: Matthias Mair <code@mjmair.com>
Date: Wed, 26 Jun 2024 12:10:09 +0200
Subject: [PATCH] reimplement session ending
---
src/backend/InvenTree/InvenTree/urls.py | 17 +++++++++++------
src/backend/InvenTree/InvenTree/views.py | 10 ++++++++++
.../templates/InvenTree/settings/user.html | 2 +-
3 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/backend/InvenTree/InvenTree/urls.py b/src/backend/InvenTree/InvenTree/urls.py
index 99b9814d99..62ded2c50f 100644
--- a/src/backend/InvenTree/InvenTree/urls.py
+++ b/src/backend/InvenTree/InvenTree/urls.py
@@ -47,6 +47,7 @@ from .views import (
AppearanceSelectView,
CustomConnectionsView,
CustomEmailView,
+ CustomListUserSessionsView,
CustomLoginView,
CustomPasswordResetFromKeyView,
DatabaseStatsView,
@@ -356,6 +357,12 @@ classic_frontendpatterns = [
path('about/', AboutView.as_view(), name='about'),
path('stats/', DatabaseStatsView.as_view(), name='stats'),
# Single Sign On / allauth
+ path(
+ 'accounts/sessions/',
+ view=CustomListUserSessionsView.as_view(),
+ name='usersessions_list',
+ ),
+ path('accounts/', include('allauth.urls')),
# overrides of urlpatterns
path('accounts/email/', CustomEmailView.as_view(), name='account_email'),
path(
@@ -392,21 +399,19 @@ frontendpatterns = []
if settings.ENABLE_CLASSIC_FRONTEND:
frontendpatterns += classic_frontendpatterns
-# Add auth
-frontendpatterns += [
- path('accounts/', include('allauth.urls')) # Always needed as we need providers
-]
-
if settings.ENABLE_PLATFORM_FRONTEND:
frontendpatterns += platform_urls
if not settings.ENABLE_CLASSIC_FRONTEND:
# Add a redirect for login views
frontendpatterns += [
+ path(
+ 'accounts/', include('allauth.urls')
+ ), # Still needed for provider login
path(
'accounts/login/',
RedirectView.as_view(url=settings.FRONTEND_URL_BASE, permanent=False),
name='account_login',
- )
+ ),
]
urlpatterns += frontendpatterns
diff --git a/src/backend/InvenTree/InvenTree/views.py b/src/backend/InvenTree/InvenTree/views.py
index d43383af54..c428be3335 100644
--- a/src/backend/InvenTree/InvenTree/views.py
+++ b/src/backend/InvenTree/InvenTree/views.py
@@ -20,6 +20,7 @@ from allauth.account.models import EmailAddress
from allauth.account.views import EmailView, LoginView, PasswordResetFromKeyView
from allauth.socialaccount.forms import DisconnectForm
from allauth.socialaccount.views import ConnectionsView
+from allauth.usersessions.views import ListUserSessionsView
from djmoney.contrib.exchange.models import ExchangeBackend, Rate
import common.currency
@@ -582,6 +583,15 @@ class AboutView(AjaxView):
ajax_form_title = _('About InvenTree')
+class CustomListUserSessionsView(ListUserSessionsView):
+ """A view to delete all other sessions."""
+
+ def form_valid(self, form):
+ """Delete all other sessions."""
+ super().form_valid(form)
+ return HttpResponseRedirect(reverse_lazy('settings'))
+
+
class NotificationsView(TemplateView):
"""View for showing notifications."""
diff --git a/src/backend/InvenTree/templates/InvenTree/settings/user.html b/src/backend/InvenTree/templates/InvenTree/settings/user.html
index d621b3d5b3..aa06bf3e60 100644
--- a/src/backend/InvenTree/templates/InvenTree/settings/user.html
+++ b/src/backend/InvenTree/templates/InvenTree/settings/user.html
@@ -168,7 +168,7 @@
{% include "spacer.html" %}
<div class='btn-group' role='group'>
{% if session_list.count > 1 %}
- <form method="post" action="{% url 'session_delete_other' %}">
+ <form method="post" action="{% url 'usersessions_list' %}">
{% csrf_token %}
<button type="submit" class="btn btn-sm btn-default btn-danger" title='{% trans "Log out active sessions (except this one)" %}'>
<span class='fas fa-sign-out-alt'></span> {% trans "Log Out Active Sessions" %}