Skip to content

Commit

Permalink
Merge branch 'master' into update-readme
Browse files Browse the repository at this point in the history
  • Loading branch information
jpic authored Apr 12, 2024
2 parents 9154872 + e282d5e commit b2dea0b
Show file tree
Hide file tree
Showing 8 changed files with 102 additions and 36 deletions.
6 changes: 3 additions & 3 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@
:alt: License

Supported python versions
Python 3.8, 3.9, 3.10
Python 3.8, 3.9, 3.10, 3.11
Supported django versions
Django 1.8, 1.9, 1.10, 1.11, 2.2, 3.2, 4.0, 4.1
Django 3.2, 4.0, 4.1

A little javascript and middleware work together to ensure that the user was
active during the past X minutes in any tab he has open.
Expand Down Expand Up @@ -89,7 +89,7 @@ Requirements

- Python 3.8+
- jQuery 1.7+
- Django 1.8 to 4.1
- Django 3.2 to 4.0
- django.contrib.staticfiles or #YoYo

Resources
Expand Down
56 changes: 45 additions & 11 deletions docs/source/quick.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,32 +7,66 @@ because your time matters and you probably have other things to worry about.
Install the package::

pip install django-session-security
# or the development version
pip install -e git+git://github.com/yourlabs/django-session-security.git#egg=django-session-security

For static file service, add to ``settings.INSTALLED_APPS``::
For static file service, add ``session_security`` to your ``INSTALLED_APPS`` settings:

'session_security',
.. code-block:: python
Add to ``settings.MIDDLEWARE_CLASSES``, **after** django's AuthenticationMiddleware::
INSTALLED_APPS = [
# ...
'session_security',
# ...
]
'session_security.middleware.SessionSecurityMiddleware',
Add ``session_security.middleware.SessionSecurityMiddleware`` to your ``MIDDLEWARE`` settings:

Ensure settings.TEMPLATE_CONTEXT_PROCESSORS has::
.. code-block:: python
'django.core.context_processors.request'
MIDDLEWARE = [
# ...
'session_security.middleware.SessionSecurityMiddleware',
# ...
]
Add to urls::
.. warning::

url(r'session_security/', include('session_security.urls')),
The order of ``MIDDLEWARE`` is important. You should include the ``django-session-security`` middleware
after the authentication middleware, such as :class:`~django.contrib.auth.middleware.AuthenticationMiddleware`.

Ensure ``django.template.context_processors.request`` is added to the template context processors:

.. code-block:: python
TEMPLATES = [
{
"OPTIONS": {
"context_processors": [
"django.template.context_processors.request",
# ...
]
}
# ...
}
]
Add ``session_security`` URLs to your project’s URLconf:

.. code-block:: python
from django.urls import include, path
urlpatterns = [
# ...
path('session_security/', include('session_security.urls')),
]
At this point, we're going to assume that you have `django.contrib.staticfiles
<https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/>`_ working.
This means that `static files are automatically served with runserver
<https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/#runserver>`_,
and that you have to run `collectstatic when using another server
<https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/#collectstatic>`_
(fastcgi, uwsgi, and whatnot). If you don't use django.contrib.staticfiles,
(fastcgi, uwsgi, and whatnot). If you don't use `django.contrib.staticfiles`,
then you're on your own to manage staticfiles.

After jQuery, add to your base template::
Expand Down
29 changes: 29 additions & 0 deletions session_security/locale/de/LC_MESSAGES/django.po
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Copyright (C) 2013 James Pic
# This file is distributed under the same license as the
# django-session-security package.
# James Pic <[email protected]> 2013
msgid ""
msgstr ""
"Project-Id-Version: 2.0.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-03-18 11:41-0400\n"
"PO-Revision-Date: 2024-03-18 16:26+0100\n"
"Last-Translator: Daniel Zielinski <[email protected]>\n"
"Language: German\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"

#: templates/session_security/all.html:32
msgid "You have unsaved changes in a form of this page."
msgstr ""
"Sie haben nicht gespeicherte Änderungen in einem Formular auf dieser Seite."

#: templates/session_security/dialog.html:6
msgid "Your session is about to expire"
msgstr "Ihre Sitzung läuft in Kürze ab."

#: templates/session_security/dialog.html:7
msgid "Click or type to extend your session."
msgstr "Klicken oder tippen Sie, um nicht automatisch ausgeloggt zu werden."
27 changes: 18 additions & 9 deletions session_security/middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
from datetime import datetime, timedelta

import django
from django.contrib.auth import logout
try: # Django 2.0
from django.urls import reverse, resolve, Resolver404
except: # Django < 2.0
Expand Down Expand Up @@ -55,13 +54,7 @@ def get_expire_seconds(self, request):

def process_request(self, request):
""" Update last activity time or logout. """

if django.VERSION < (1, 10):
is_authenticated = request.user.is_authenticated()
else:
is_authenticated = request.user.is_authenticated

if not is_authenticated:
if not self.is_authenticated(request):
return

now = datetime.now()
Expand All @@ -72,7 +65,7 @@ def process_request(self, request):
delta = now - get_last_activity(request.session)
expire_seconds = self.get_expire_seconds(request)
if delta >= timedelta(seconds=expire_seconds):
logout(request)
self.do_logout(request)
elif (request.path == reverse('session_security_ping') and
'idleFor' in request.GET):
self.update_last_activity(request, now)
Expand Down Expand Up @@ -104,3 +97,19 @@ def update_last_activity(self, request, now):

# Update the session
set_last_activity(request.session, last_activity)

def is_authenticated(self, request):
# This is a separate method to allow for subclasses to override the
# behavior, mostly.
if django.VERSION < (1, 10):
is_authenticated = request.user.is_authenticated()
else:
is_authenticated = request.user.is_authenticated

return is_authenticated

def do_logout(self, request):
# This is a separate method to allow for subclasses to override the
# behavior, mostly.
from django.contrib.auth import logout
logout(request)
4 changes: 4 additions & 0 deletions session_security/static/session_security/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,7 @@
overflow: auto;
text-align: center;
}

.session_security {
display: none;
}
2 changes: 1 addition & 1 deletion session_security/templates/session_security/all.html
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@

{# Bootstrap a SessionSecurity instance as the sessionSecurity global variable #}
{% localize off %}
<script type="text/javascript">
<script type="text/javascript"{% if request.csp_nonce %} nonce="{{ request.csp_nonce }}"{% endif %}>
var sessionSecurity = new yourlabs.SessionSecurity({
pingUrl: '{% url 'session_security_ping' %}',
warnAfter: {{ request|warn_after|unlocalize }},
Expand Down
2 changes: 1 addition & 1 deletion session_security/templates/session_security/dialog.html
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{% load i18n %}

<div id="session_security_warning" class="session_security" style="display:none" aria-hidden="true" role="dialog">
<div id="session_security_warning" class="session_security" aria-hidden="true" role="dialog">
<div class="session_security_overlay"></div>
<div class="session_security_modal" role="document" tabindex="-1">
<h3>{% trans 'Your session is about to expire' %}</h3>
Expand Down
12 changes: 1 addition & 11 deletions tox.ini
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
[tox]
envlist =
py{27,35,36}-django{18,19,110,111}
py{35,36,37,38}-django{111,22}
py{36,37,38,39,310}-django{30,31,32}
py{38,39,310}-django{40,41}
py{38,39,310}-django{32,40,41}
[testenv]
usedevelop = true
commands =
Expand All @@ -12,13 +9,6 @@ deps =
coverage
unittest-data-provider
selenium<4.3.0
django18: Django>=1.8,<1.9
django19: Django>=1.9,<1.10
django110: Django>=1.10,<1.11
django111: Django>=1.11,<1.12
django22: Django>=2.2,<2.3
django30: Django>=3.0,<3.1
django31: Django>=3.1,<3.2
django32: Django>=3.2,<3.3
django40: Django>=4.0,<4.1
django41: Django>=4.1,<4.2
Expand Down

0 comments on commit b2dea0b

Please sign in to comment.