From b89e8574e187c058431c3c2f504ad4c0b96146c1 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Mon, 13 Feb 2017 19:23:24 -0600
Subject: [PATCH] Add way for `login_user()` to set different timeout depending
 on nature of login

This was added for the sake of a "clock in/out" mechanism
---
 tailbone/auth.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/tailbone/auth.py b/tailbone/auth.py
index 1fc46d68..ae64ff17 100644
--- a/tailbone/auth.py
+++ b/tailbone/auth.py
@@ -30,7 +30,7 @@ import logging
 
 from rattail.db import model
 from rattail.db.auth import has_permission
-from rattail.util import prettify
+from rattail.util import prettify, NOTSET
 
 from zope.interface import implementer
 from pyramid.interfaces import IAuthorizationPolicy
@@ -42,19 +42,20 @@ from tailbone.db import Session
 log = logging.getLogger(__name__)
 
 
-def login_user(request, user):
+def login_user(request, user, type_='default', timeout=NOTSET):
     """
     Perform the steps necessary to login the given user.  Note that this
     returns a ``headers`` dict which you should pass to the redirect.
     """
     headers = remember(request, user.uuid)
-    timeout = get_session_timeout_for_user(request.rattail_config, user) or None
+    if timeout is NOTSET:
+        timeout = get_session_timeout_for_user(request.rattail_config, user, type_) or None
     log.debug("setting session timeout for '{}' to {}".format(user.username, timeout))
     set_session_timeout(request, timeout)
     return headers
 
 
-def get_session_timeout_for_user(config, user):
+def get_session_timeout_for_user(config, user, type_='default'):
     """
     Must return a value to be used to set the session timeout for the given
     user.  By default this will return ``None`` if the user has the
@@ -66,14 +67,19 @@ def get_session_timeout_for_user(config, user):
        [tailbone]
 
        # set session timeout to 10 minutes:
-       session.default_timeout = 600
+       session.timeout.default = 600
 
        # or, set to 0 to disable:
-       #session.default_timeout = 0
+       #session.timeout.default = 0
     """
     if not has_permission(Session(), user, 'general.forever_session'):
-        return config.getint('tailbone', 'session.default_timeout',
-                             default=300) # 5 minutes
+        timeout = config.getint('tailbone', 'session.timeout.{}'.format(type_))
+
+        # TODO: remove this hack after no longer needed
+        if timeout is None and type_ == 'default':
+            timeout = config.getint('tailbone', 'session.default_timeout')
+
+        return timeout if timeout is not None else 300 # 5 minutes
 
 
 def set_session_timeout(request, timeout):