[Fixes #4322] SESSION_EXPIRED_CONTROL_ENABLE=True breaks GeoNode

GeoNode · Apr 4, 2019 · af5c82d · af5c82d
1 parent 704b03d
commit af5c82d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 11 deletions.
diff --git a/geonode/api/views.py b/geonode/api/views.py
@@ -32,20 +32,23 @@
 
 from allauth.account.utils import user_field, user_email, user_username
 
+from ..base.auth import get_token_object_from_session
 from ..utils import json_response
 
 
-def verify_access_token(key):
+def verify_access_token(request, key):
     try:
-        token = AccessToken.objects.get(token=key)
-
+        token = get_token_object_from_session(request.session)
+        if not token or token.key != key:
+            token = AccessToken.objects.get(token=key)
         if not token.is_valid():
             raise OAuthToolkitError('AccessToken is not valid.')
         if token.is_expired():
             raise OAuthToolkitError('AccessToken has expired.')
     except AccessToken.DoesNotExist:
         raise FatalClientError("AccessToken not found at all.")
-
+    except BaseException:
+        return None
     return token
 
 
@@ -141,7 +144,7 @@ def verify_token(request):
         token = None
         try:
             access_token = request.POST.get('token')
-            token = verify_access_token(access_token)
+            token = verify_access_token(request, access_token)
         except Exception as e:
             return HttpResponse(
                 json.dumps({

diff --git a/geonode/security/middleware.py b/geonode/security/middleware.py
@@ -113,12 +113,13 @@ def do_logout(self, request):
         except BaseException:
             pass
         finally:
-            try:
-                from django.contrib import messages
-                from django.utils.translation import ugettext_noop as _
-                messages.warning(request, _("Session is Expired. Please login again!"))
-            except BaseException:
-                pass
+            # AF: Causing DB lock... interesting!
+            # try:
+            #     from django.contrib import messages
+            #     from django.utils.translation import ugettext_noop as _
+            #     messages.warning(request, _("Session is Expired. Please login again!"))
+            # except BaseException:
+            #     pass
 
             if not any(path.match(request.path) for path in white_list):
                 return HttpResponseRedirect(

diff --git a/geonode/settings.py b/geonode/settings.py
@@ -116,6 +116,8 @@
 # 'ENGINE': 'django.contrib.gis.db.backends.postgis'
 # see https://docs.djangoproject.com/en/1.8/ref/contrib/gis/db-api/#module-django.contrib.gis.db.backends for
 # detailed list of supported backends and notes.
+_db_conf = dj_database_url.parse(DATABASE_URL, conn_max_age=600)
+_db_conf.update({'TIMEOUT': 60})
 DATABASES = {
     'default': dj_database_url.parse(DATABASE_URL, conn_max_age=600)
 }