Add auto logout on SESSION_TIME expired

bugov · bugov · commit de9d1e563ac6 · 2021-10-13T00:27:31.000+05:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,7 @@
+/.*
+!.gitignore
+!.travis.yml
+__pycache__
+*.egg-info
+venv
+htmlcov
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,12 @@
+language: python
+python:
+  - "3.5"
+  - "3.6"
+  - "3.7"
+  - "3.8"
+  - "3.9"
+  - "3.10"
+install:
+  - pip install -r requirements.txt
+script:
+  - tox
diff --git a/README.rst b/README.rst
@@ -0,0 +1,36 @@
+django-auto-logout
+==================
+
+.. figure:: https://travis-ci.org/bugov/django-auto-logout.svg?branch=master
+
+Auto logout a user after specific time in Django.
+
+Works with Python ≥ 3.5, Django ≥ 3.0.
+
+Installation
+------------
+
+.. code:: bash
+
+    pip install django-auto-logout
+
+
+Append to `settings` middlewares:
+
+.. code:: python
+
+    MIDDLEWARE = (
+    ...
+        'django_auto_logout.middleware.auto_logout',
+    )
+
+Limit session time
+------------------
+
+Logout a user after 3600 seconds (hour) from the last login.
+
+Add to `settings`:
+
+.. code:: python
+
+    AUTO_LOGOUT = {'SESSION_TIME': 3600}
diff --git a/django_auto_logout/__init__.py b/django_auto_logout/__init__.py
@@ -0,0 +1 @@
+__version__ = '0.1.0'
diff --git a/django_auto_logout/middleware.py b/django_auto_logout/middleware.py
@@ -0,0 +1,38 @@
+from datetime import datetime, timedelta
+import logging
+from typing import Callable
+from django.conf import settings
+from django.http import HttpRequest, HttpResponse
+from django.contrib.auth import get_user_model, logout
+from pytz import timezone
+
+UserModel = get_user_model()
+logger = logging.getLogger(__name__)
+
+
+def _auto_logout(request: HttpRequest, options):
+    user = request.user
+    should_logout = False
+
+    if settings.USE_TZ:
+        now = datetime.now(tz=timezone(settings.TIME_ZONE))
+    else:
+        now = datetime.now()
+
+    if 'SESSION_TIME' in options:
+        ttl = options['SESSION_TIME']
+        should_logout = user.last_login < now - timedelta(seconds=ttl)
+        logger.debug('Check SESSION_TIME: %s < %s (%s)', user.last_login, now, should_logout)
+
+    if should_logout:
+        logger.debug('Logout user %s', user)
+        logout(request)
+
+
+def auto_logout(get_response: Callable[[HttpRequest], HttpResponse]) -> Callable:
+    def middleware(request: HttpRequest) -> HttpResponse:
+        if not request.user.is_anonymous and hasattr(settings, 'AUTO_LOGOUT'):
+            _auto_logout(request, settings.AUTO_LOGOUT)
+
+        return get_response(request)
+    return middleware
diff --git a/example/example/__init__.py b/example/example/__init__.py
diff --git a/example/example/asgi.py b/example/example/asgi.py
@@ -0,0 +1,16 @@
+"""
+ASGI config for example project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.2/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'example.settings')
+
+application = get_asgi_application()
diff --git a/example/example/settings.py b/example/example/settings.py
@@ -0,0 +1,163 @@
+"""
+Django settings for example project.
+
+Generated by 'django-admin startproject' using Django 3.2.8.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.2/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/3.2/ref/settings/
+"""
+
+from pathlib import Path
+
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'django-insecure-1d*y)p@6kwiv_oh+6wh(k=z3+mb90+z3)3oyzkz67*8lb^(*-9'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = []
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+
+    'some_app_login_required',
+]
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'django_auto_logout.middleware.auto_logout',
+]
+
+ROOT_URLCONF = 'example.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'example.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': BASE_DIR / 'db.sqlite3',
+    }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/3.2/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/3.2/howto/static-files/
+
+STATIC_URL = '/static/'
+
+# Default primary key field type
+# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
+
+DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'filters': {
+        'require_debug_false': {
+            '()': 'django.utils.log.RequireDebugFalse'
+        }
+    },
+    'formatters': {
+        'standard': {
+            'format': '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
+        },
+    },
+    'handlers': {
+        'default': {
+            'level': 'DEBUG',
+            'formatter': 'standard',
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        '': {
+            'handlers': ['default'],
+            'level': 'DEBUG',
+            'propagate': False,
+        },
+    },
+}
+
+LOGIN_URL = '/login/'
+
+
+# DJANGO AUTO LOGIN
diff --git a/example/example/urls.py b/example/example/urls.py
@@ -0,0 +1,10 @@
+from django.contrib import admin
+from django.urls import path
+
+from some_app_login_required.views import login_page, login_required_view
+
+urlpatterns = [
+    path('admin/', admin.site.urls),
+    path('login/', login_page),
+    path('login-required/', login_required_view),
+]
diff --git a/example/example/wsgi.py b/example/example/wsgi.py
@@ -0,0 +1,16 @@
+"""
+WSGI config for example project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/3.2/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'example.settings')
+
+application = get_wsgi_application()
diff --git a/example/manage.py b/example/manage.py
@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'example.settings')
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/example/some_app_login_required/__init__.py b/example/some_app_login_required/__init__.py
diff --git a/example/some_app_login_required/admin.py b/example/some_app_login_required/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
diff --git a/example/some_app_login_required/apps.py b/example/some_app_login_required/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class SomeAppLoginRequiredConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'some_app_login_required'
diff --git a/example/some_app_login_required/migrations/__init__.py b/example/some_app_login_required/migrations/__init__.py
diff --git a/example/some_app_login_required/models.py b/example/some_app_login_required/models.py
@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
diff --git a/example/some_app_login_required/tests.py b/example/some_app_login_required/tests.py
@@ -0,0 +1,34 @@
+from time import sleep
+from django.test import TestCase
+from django.conf import settings
+from django.contrib.auth import get_user_model
+
+UserModel = get_user_model()
+
+
+class TestAutoLogout(TestCase):
+    def setUp(self):
+        self.user = UserModel.objects.create_user('user', 'user@localhost', 'pass')
+        self.superuser = UserModel.objects.create_superuser('superuser', 'superuser@localhost', 'pass')
+        self.url = '/login-required/'
+
+    def _logout_session_time(self):
+        settings.AUTO_LOGOUT = {'SESSION_TIME': 1}
+        resp = self.client.get(self.url)
+        self.assertRedirects(resp, f'{settings.LOGIN_URL}?next={self.url}', msg_prefix='Redirect for anonymous')
+
+        self.client.force_login(self.user)
+        resp = self.client.get(self.url)
+        self.assertContains(resp, 'login required view', msg_prefix='Fine with authorized')
+
+        sleep(1)
+        resp = self.client.get(self.url)
+        self.assertRedirects(resp, f'{settings.LOGIN_URL}?next={self.url}', msg_prefix='Logout on session time expired')
+
+    def test_logout_session_time(self):
+        settings.USE_TZ = False
+        self._logout_session_time()
+
+    def test_logout_session_time_using_tz(self):
+        settings.USE_TZ = True
+        self._logout_session_time()
diff --git a/example/some_app_login_required/views.py b/example/some_app_login_required/views.py
@@ -0,0 +1,11 @@
+from django.http import HttpResponse
+from django.contrib.auth.decorators import login_required
+
+
+def login_page(request):
+    return HttpResponse(b'login page')
+
+
+@login_required
+def login_required_view(request):
+    return HttpResponse(b'login required view')
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -0,0 +1,3 @@
+coverage==6.0.2
+Django==3.2.8
+tox==3.24.4
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+Django>=3.2
diff --git a/runtests.py b/runtests.py
diff --git a/setup.py b/setup.py
diff --git a/tox.ini b/tox.ini
