issue #11. It works: add tests, script, context_processor. A bit of refactoring

Author: bugov

README.md

@@ -101,7 +101,14 @@ And add it to your templates (will add a redirect script to your html):
 {{ redirect_to_login_page }}
 ```
 
-It also works with `SESSION_TIME`.
+If you want to use this in your JavaScript code, following template variables will be useful:
+
+```
+var sessionEnd = {{ seconds_until_session_end }};
+var idleEnd = {{ seconds_until_idle_end }};
+```
+
+`REDIRECT_TO_LOGIN_PAGE` works with `SESSION_TIME` too.
 
 ## ⌛ Limit session time
 
@@ -176,5 +183,6 @@ AUTO_LOGOUT = {
     'IDLE_TIME': timedelta(minutes=5),
     'SESSION_TIME': timedelta(minutes=30),
     'MESSAGE': 'The session has expired. Please login again to continue.',
+    'REDIRECT_TO_LOGIN_PAGE': True,
 }
 ```

django_auto_logout/__init__.py

@@ -1 +1 @@
-__version__ = '0.4.0'
+__version__ = '0.5.0'

django_auto_logout/context_processors.py

@@ -0,0 +1,69 @@
+from django.conf import settings
+from django.utils.safestring import mark_safe
+from .utils import now, seconds_until_session_end, seconds_until_idle_time_end
+
+LOGOUT_TIMEOUT_SCRIPT_PATTERN = """
+<script>
+    (function() {
+        var w = window,
+            s = w.localStorage,
+        %s
+        w.addEventListener('load', function() {
+            s['djalLogoutAt'] = at;
+            
+            function upd() {
+                if (s['djalLogoutAt'] > at) {
+                    at = s['djalLogoutAt'];
+                    setTimeout(upd, at - Date.now());
+                }
+                else {
+                    delete s['djalLogoutAt'];
+                    w.location.reload();
+                }
+            }
+            
+            setTimeout(upd, at - Date.now());
+        });
+    })();
+</script>
+"""
+
+
+def _trim(s: str) -> str:
+    return ''.join([line.strip() for line in s.split('\n')])
+
+
+def auto_logout_client(request):
+    if request.user.is_anonymous:
+        return {}
+
+    options = getattr(settings, 'AUTO_LOGOUT')
+    if not options:
+        return {}
+
+    ctx = {}
+    current_time = now()
+
+    if 'SESSION_TIME' in options:
+        ctx['seconds_until_session_end'] = seconds_until_session_end(request, options['SESSION_TIME'], current_time)
+
+    if 'IDLE_TIME' in options:
+        ctx['seconds_until_idle_end'] = seconds_until_idle_time_end(request, options['IDLE_TIME'], current_time)
+
+    if options.get('REDIRECT_TO_LOGIN_PAGE'):
+        at = None
+
+        if 'SESSION_TIME' in options and 'IDLE_TIME' in options:
+            at = (
+                f"at=Date.now()+Math.max(Math.min({ ctx['seconds_until_session_end'] },"
+                f"{ ctx['seconds_until_idle_end'] }),0)*1000+999;"
+            )
+        elif 'SESSION_TIME' in options:
+            at = f"at=Date.now()+Math.max({ ctx['seconds_until_session_end'] },0)*1000+999;"
+        elif 'IDLE_TIME' in options:
+            at = f"at=Date.now()+Math.max({ ctx['seconds_until_idle_end'] },0)*1000+999;"
+
+        if at:
+            ctx['redirect_to_login_page'] = mark_safe(_trim(LOGOUT_TIMEOUT_SCRIPT_PATTERN % at))
+
+    return ctx

django_auto_logout/middleware.py

@@ -1,67 +1,40 @@
-from datetime import datetime, timedelta
 import logging
 from typing import Callable
 from django.conf import settings
 from django.http import HttpRequest, HttpResponse
 from django.contrib.auth import get_user_model, logout
 from django.contrib.messages import info
-from pytz import timezone
+
+from .utils import now, seconds_until_idle_time_end, seconds_until_session_end
 
 UserModel = get_user_model()
 logger = logging.getLogger(__name__)
 
 
 def _auto_logout(request: HttpRequest, options):
-    user = request.user
     should_logout = False
+    current_time = now()
 
-    if settings.USE_TZ:
-        now = datetime.now(tz=timezone(settings.TIME_ZONE))
-    else:
-        now = datetime.now()
-
-    if options.get('SESSION_TIME') is not None:
-        if isinstance(options['SESSION_TIME'], timedelta):
-            ttl = options['SESSION_TIME']
-        elif isinstance(options['SESSION_TIME'], int):
-            ttl = timedelta(seconds=options['SESSION_TIME'])
-        else:
-            raise TypeError(f"AUTO_LOGOUT['SESSION_TIME'] should be `int` or `timedelta`, "
-                            f"not `{type(options['SESSION_TIME']).__name__}`.")
-
-        time_expired = user.last_login < now - ttl
-        should_logout |= time_expired
-        logger.debug('Check SESSION_TIME: %s < %s (%s)', user.last_login, now, time_expired)
-
-    if options.get('IDLE_TIME') is not None:
-        if isinstance(options['IDLE_TIME'], timedelta):
-            ttl = options['IDLE_TIME']
-        elif isinstance(options['IDLE_TIME'], int):
-            ttl = timedelta(seconds=options['IDLE_TIME'])
-        else:
-            raise TypeError(f"AUTO_LOGOUT['IDLE_TIME'] should be `int` or `timedelta`, "
-                            f"not `{type(options['IDLE_TIME']).__name__}`.")
-
-        if 'django_auto_logout_last_request' in request.session:
-            last_req = datetime.fromisoformat(request.session['django_auto_logout_last_request'])
-        else:
-            last_req = now
-            request.session['django_auto_logout_last_request'] = last_req.isoformat()
+    if 'SESSION_TIME' in options:
+        session_time = seconds_until_session_end(request, options['SESSION_TIME'], current_time)
+        should_logout |= session_time < 0
+        logger.debug('Check SESSION_TIME: %ss until session ends.', session_time)
 
-        time_expired = last_req < now - ttl
-        should_logout |= time_expired
-        logger.debug('Check IDLE_TIME: %s < %s (%s)', last_req, now, time_expired)
+    if 'IDLE_TIME' in options:
+        idle_time = seconds_until_idle_time_end(request, options['IDLE_TIME'], current_time)
+        should_logout |= idle_time < 0
+        logger.debug('Check IDLE_TIME: %ss until idle ends.', idle_time)
 
-        if should_logout:
+        if should_logout and 'django_auto_logout_last_request' in request.session:
             del request.session['django_auto_logout_last_request']
         else:
-            request.session['django_auto_logout_last_request'] = now.isoformat()
+            request.session['django_auto_logout_last_request'] = current_time.isoformat()
 
     if should_logout:
-        logger.debug('Logout user %s', user)
+        logger.debug('Logout user %s', request.user)
         logout(request)
 
-        if options.get('MESSAGE') is not None:
+        if 'MESSAGE' in options:
             info(request, options['MESSAGE'])
 
 

django_auto_logout/utils.py

@@ -0,0 +1,66 @@
+from datetime import datetime, timedelta
+from typing import Union
+from django.conf import settings
+from django.http import HttpRequest
+from pytz import timezone
+
+
+def now() -> datetime:
+    """
+    Returns the current time with the Django project timezone.
+    :return: datetime
+    """
+    if settings.USE_TZ:
+        return datetime.now(tz=timezone(settings.TIME_ZONE))
+    return datetime.now()
+
+
+def seconds_until_session_end(
+    request: HttpRequest,
+    session_time: Union[int, timedelta],
+    current_time: datetime
+) -> float:
+    """
+    Get seconds until the end of the session.
+    :param request: django.http.HttpRequest
+    :param session_time: int - for seconds | timedelta
+    :param current_time: datetime - use django_auto_logout.utils.now
+    :return: float
+    """
+    if isinstance(session_time, timedelta):
+        ttl = session_time
+    elif isinstance(session_time, int):
+        ttl = timedelta(seconds=session_time)
+    else:
+        raise TypeError(f"AUTO_LOGOUT['SESSION_TIME'] should be `int` or `timedelta`, "
+                        f"not `{type(session_time).__name__}`.")
+
+    return (request.user.last_login - current_time + ttl).total_seconds()
+
+
+def seconds_until_idle_time_end(
+    request: HttpRequest,
+    idle_time: Union[int, timedelta],
+    current_time: datetime
+) -> float:
+    """
+    Get seconds until the end of downtime.
+    :param request: django.http.HttpRequest
+    :param idle_time: int - for seconds | timedelta
+    :param current_time: datetime - use django_auto_logout.utils.now
+    :return: float
+    """
+    if isinstance(idle_time, timedelta):
+        ttl = idle_time
+    elif isinstance(idle_time, int):
+        ttl = timedelta(seconds=idle_time)
+    else:
+        raise TypeError(f"AUTO_LOGOUT['IDLE_TIME'] should be `int` or `timedelta`, "
+                        f"not `{type(idle_time).__name__}`.")
+
+    if 'django_auto_logout_last_request' in request.session:
+        last_req = datetime.fromisoformat(request.session['django_auto_logout_last_request'])
+    else:
+        last_req = current_time
+
+    return (last_req - current_time + ttl).total_seconds()

example/example/settings.py

@@ -66,6 +66,8 @@
                 'django.template.context_processors.request',
                 'django.contrib.auth.context_processors.auth',
                 'django.contrib.messages.context_processors.messages',
+
+                'django_auto_logout.context_processors.auto_logout_client',
             ],
         },
     },
@@ -159,11 +161,12 @@
 }
 
 LOGIN_URL = '/login/'
-
+LOGIN_REDIRECT_URL = '/login-required/'
 
 # DJANGO AUTO LOGIN
 AUTO_LOGOUT = {
     'IDLE_TIME': 10,  # 10 seconds
     'SESSION_TIME': 120,  # 2 minutes
     'MESSAGE': 'The session has expired. Please login again to continue.',
+    'REDIRECT_TO_LOGIN_PAGE': True,
 }

example/example/urls.py

@@ -1,10 +1,10 @@
 from django.contrib import admin
 from django.urls import path
 
-from some_app_login_required.views import login_page, login_required_view
+from some_app_login_required.views import UserLoginView, login_required_view
 
 urlpatterns = [
     path('admin/', admin.site.urls),
-    path('login/', login_page),
+    path('login/', UserLoginView.as_view()),
     path('login-required/', login_required_view),
 ]

example/some_app_login_required/templates/layout.html

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <title>Title</title>
+    <title>{% block title %}{% endblock %}</title>
 </head>
 <body>
 {% for message in messages %}
@@ -11,6 +11,13 @@
     </div>
 {% endfor %}
 
+<p>
+    <a href="/login-required/">internal link</a>
+    <a href="https://github.com/bugov">external link</a>
+</p>
+
 {% block content %}{% endblock %}
+
+{{ redirect_to_login_page }}
 </body>
 </html>

example/some_app_login_required/templates/login_page.html

@@ -1,7 +1,20 @@
 {% extends 'layout.html' %}
 
+{% block title %}login page{% endblock %}
+
 {% block content %}
-<p>
-    login page
-</p>
+<div class="box">
+    <h4 class="form-header">login page</h4>
+
+    <form method="post">
+        {% csrf_token %}
+        <input type="hidden" name="next" value="{{ next }}">
+        <table>
+            {{ form }}
+            <tr>
+                <td colspan="2"><button type="submit" class="btn btn-primary btn-block">Log in</button></td>
+            </tr>
+        </table>
+    </form>
+</div>
 {% endblock %}

example/some_app_login_required/templates/login_required.html

@@ -1,5 +1,7 @@
 {% extends 'layout.html' %}
 
+{% block title %}login required page{% endblock %}
+
 {% block content %}
 <p>
     login required view

example/some_app_login_required/tests.py

@@ -205,3 +205,59 @@ def test_no_messages_if_no_messages(self):
         resp = self.client.get(resp['location'])
         self.assertContains(resp, 'login page', msg_prefix=resp.content.decode())
         self.assertNotContains(resp, 'class="message info"', msg_prefix=resp.content.decode())
+
+
+class TestAutoLogoutRedirectToLoginPage(TestAutoLogout):
+    def test_script_anon(self):
+        settings.AUTO_LOGOUT = {
+            'IDLE_TIME': 10,  # 10 seconds
+            'SESSION_TIME': 120,  # 2 minutes
+            'REDIRECT_TO_LOGIN_PAGE': True,
+        }
+        resp = self.client.get(settings.LOGIN_URL)
+        self.assertNotContains(resp, '<script>')
+
+        self.client.force_login(self.user)
+        resp = self.client.get(settings.LOGIN_URL)
+        self.assertContains(resp, '<script>')
+
+    def test_session_idle_combinations(self):
+        self.client.force_login(self.user)
+
+        settings.AUTO_LOGOUT = {
+            'IDLE_TIME': 10,  # 10 seconds
+            'SESSION_TIME': 120,  # 2 minutes
+            'REDIRECT_TO_LOGIN_PAGE': True,
+        }
+        self.assertContains(self.client.get(self.url), '<script>')
+        self.assertContains(self.client.get(self.url), 'Math.min')
+
+        settings.AUTO_LOGOUT = {
+            'IDLE_TIME': 10,  # 10 seconds
+            'REDIRECT_TO_LOGIN_PAGE': True,
+        }
+        self.assertContains(self.client.get(self.url), '<script>')
+        self.assertNotContains(self.client.get(self.url), 'Math.min')
+
+        settings.AUTO_LOGOUT = {
+            'SESSION_TIME': 120,  # 2 minutes
+            'REDIRECT_TO_LOGIN_PAGE': True,
+        }
+        self.assertContains(self.client.get(self.url), '<script>')
+        self.assertNotContains(self.client.get(self.url), 'Math.min')
+
+        settings.AUTO_LOGOUT = {
+            'REDIRECT_TO_LOGIN_PAGE': True,
+        }
+        self.assertNotContains(self.client.get(self.url), '<script>')
+
+    def test_no_config(self):
+        self.client.force_login(self.user)
+
+        settings.AUTO_LOGOUT = {
+            'REDIRECT_TO_LOGIN_PAGE': False,
+        }
+        self.assertNotContains(self.client.get(self.url), '<script>')
+
+        settings.AUTO_LOGOUT = {}
+        self.assertNotContains(self.client.get(self.url), '<script>')