summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorAleš Smodiš <aless@guru.si>2015-10-15 18:46:54 +0200
committerAleš Smodiš <aless@guru.si>2015-10-15 18:46:54 +0200
commit4a781b21db10f82e35b9945109b5f4d41ad0e8c3 (patch)
tree3907cb657aeb9bf4ba27dcc630935329bac1a5b6 /server
parentde2ea4c96a007cd1c6545f0b4a063d3392a1a0d3 (diff)
Server-side support for SAML logout, sessions are destroyed only using an AJAX call.
Diffstat (limited to 'server')
-rw-r--r--server/handlers.py13
-rw-r--r--server/user_session.py15
2 files changed, 26 insertions, 2 deletions
diff --git a/server/handlers.py b/server/handlers.py
index 5df7161..42f53b4 100644
--- a/server/handlers.py
+++ b/server/handlers.py
@@ -27,6 +27,12 @@ class CreateSession(CodeqService):
request.reply({'code': 0, 'message': 'OK', 'sid': server.user_session.UserSession().get_sid()})
+class DestroySession(CodeqService):
+ def process(self, request):
+ request.session.destroy()
+ request.reply({'code': 0, 'message': 'OK'})
+
+
class Login(CodeqService):
"""Logs in a client, authenticating the session.
"""
@@ -48,9 +54,10 @@ class Login(CodeqService):
settings = session.get_settings()
request.reply({'code': 0, 'message': 'OK', 'name': name, 'email' : email, 'joined' : date_joined.isoformat(), 'last-login' : last_login.isoformat(), 'settings': settings})
+
class Logout(CodeqService):
def process(self, request):
- request.session.destroy()
+ request.session.logout()
request.reply({'code': 0, 'message': 'OK'})
@@ -302,6 +309,7 @@ class SamlLogin(CodeqService):
# maps actions to their handlers
incoming_handlers = {
'create_session': CreateSession(),
+ 'destroy_session': DestroySession(),
'login': Login(),
'signup': Signup(),
'change_password': ChangePassword(),
@@ -318,7 +326,8 @@ incoming_handlers = {
'load_problem': LoadProblem(),
'end_problem': EndProblem(),
'user_stat': GetUserStat(),
- 'saml_login': SamlLogin()
+ 'saml_login': SamlLogin(),
+ 'saml_logout': Logout()
}
diff --git a/server/user_session.py b/server/user_session.py
index 739da9a..dbf886c 100644
--- a/server/user_session.py
+++ b/server/user_session.py
@@ -154,6 +154,21 @@ class UserSession(object):
pass
db.return_connection(conn)
+ def logout(self):
+ """Logs out the session, rendering it anonymous."""
+ with self._access_lock:
+ lang_session = self._lang_session
+ self._lang_session = None
+ uid = self.uid
+ sid = self.sid
+ username = self.username
+ self.uid = None
+ self.username = None
+ self.settings = {}
+ if lang_session is not None: # do not handle the language session holding the lock: we may deadlock if the callee calls the caller
+ lang_session.destroy()
+ logging.debug('User session logged out: username={0}, uid={1}, sid={2}'.format(username, uid, sid))
+
def destroy(self):
"""Destroys the session."""
with module_access_lock: