diff --git a/tailbone/auth.py b/tailbone/auth.py index 6ab26209..d13f8b7d 100644 --- a/tailbone/auth.py +++ b/tailbone/auth.py @@ -1,4 +1,4 @@ -# -*- coding: utf-8 -*- +# -*- coding: utf-8; -*- ################################################################################ # # Rattail -- Retail Software Framework @@ -34,7 +34,7 @@ from rattail.util import prettify, NOTSET from zope.interface import implementer from pyramid.interfaces import IAuthorizationPolicy -from pyramid.security import remember, Everyone, Authenticated +from pyramid.security import remember, forget, Everyone, Authenticated from tailbone.db import Session @@ -55,6 +55,17 @@ def login_user(request, user, timeout=NOTSET): return headers +def logout_user(request): + """ + Perform the logout action for the given request. Note that this returns a + ``headers`` dict which you should pass to the redirect. + """ + request.session.delete() + request.session.invalidate() + headers = forget(request) + return headers + + def session_timeout_for_user(user): """ Returns the "max" session timeout for the user, according to roles diff --git a/tailbone/views/auth.py b/tailbone/views/auth.py index 0a11d358..75fa2662 100644 --- a/tailbone/views/auth.py +++ b/tailbone/views/auth.py @@ -1,8 +1,8 @@ -# -*- coding: utf-8 -*- +# -*- coding: utf-8; -*- ################################################################################ # # Rattail -- Retail Software Framework -# Copyright © 2010-2016 Lance Edgar +# Copyright © 2010-2017 Lance Edgar # # This file is part of Rattail. # @@ -30,14 +30,13 @@ from rattail.db.auth import authenticate_user, set_user_password import formencode as fe from pyramid.httpexceptions import HTTPForbidden -from pyramid.security import remember, forget from pyramid_simpleform import Form from webhelpers.html import tags, literal from tailbone import forms from tailbone.db import Session from tailbone.views import View -from tailbone.auth import login_user +from tailbone.auth import login_user, logout_user class UserLogin(fe.Schema): @@ -137,9 +136,7 @@ class AuthenticationView(View): This deletes/invalidates the current session and then redirects to the login page. """ - self.request.session.delete() - self.request.session.invalidate() - headers = forget(self.request) + headers = logout_user(self.request) if self.rattail_config.getbool('tailbone', 'home_after_logout', default=False): return self.redirect(self.request.route_url('home'), headers=headers) login = 'mobile.login' if mobile else 'login' diff --git a/tailbone/views/core.py b/tailbone/views/core.py index 4f989b2d..67d270dd 100644 --- a/tailbone/views/core.py +++ b/tailbone/views/core.py @@ -35,6 +35,7 @@ from pyramid.renderers import render_to_response from pyramid.response import FileResponse from tailbone.db import Session +from tailbone.auth import logout_user class View(object): @@ -44,6 +45,9 @@ class View(object): def __init__(self, request): self.request = request + if request.user and not request.user.active: + headers = logout_user(request) + raise self.redirect(request.route_url('home')) config = self.rattail_config if config: self.enum = config.get_enum() diff --git a/tailbone/views/users.py b/tailbone/views/users.py index f68d658b..40ec8eb7 100644 --- a/tailbone/views/users.py +++ b/tailbone/views/users.py @@ -187,6 +187,7 @@ class UsersView(PrincipalMasterView): fs.username, fs.person, fs.active, + fs.active_sticky, fs.password, fs.confirm_password, fs.roles,