When editing sensitive parts of a website (e.g., changing membership or billing info), it is common to ask the user to login again if they haven't logged in recently. I figured something like what follows would be useful. I got this to work, but I'm a django / python noob, so I'm not sure if this is going to work in many versions of django.
# Maximum time delta since last login in seconds
max_last_login_delta = 1800 # default is 30 mins
def dispatch(self, request, *args, **kwargs):
user = request.user
delta = datetime.timedelta(seconds=self.max_last_login_delta)
now = timezone.now() if settings.USE_TZ else datetime.datetime.now()
if now > (user.last_login + delta):
return super(RecentLoginRequiredMixin, self).dispatch(
request, *args, **kwargs)
I like the idea.
You should pass login_url = self.get_login_url() to logout_then_login (which needs to get imported from contrib.auth.views).
login_url = self.get_login_url()
This is a decent idea. If you write some tests for it, maybe it can make it into the 1.6 release.
Any chance of getting tests for this, @mlvn23 ?