RecentLoginRequiredMixin #138

Closed
mlvn23 opened this Issue May 22, 2014 · 4 comments

Projects

None yet

4 participants

@mlvn23
mlvn23 commented May 22, 2014

When editing sensitive parts of a website (e.g., changing membership or billing info), it is common to ask the user to login again if they haven't logged in recently. I figured something like what follows would be useful. I got this to work, but I'm a django / python noob, so I'm not sure if this is going to work in many versions of django.

class RecentLoginRequiredMixin(LoginRequiredMixin):

    # Maximum time delta since last login in seconds 
    max_last_login_delta = 1800 # default is 30 mins

    def dispatch(self, request, *args, **kwargs):

        user = request.user
        if user.is_authenticated():            
            delta = datetime.timedelta(seconds=self.max_last_login_delta)            
            now = timezone.now() if settings.USE_TZ else datetime.datetime.now()
            if now > (user.last_login + delta):
                logout_then_login(request)            

        return super(RecentLoginRequiredMixin, self).dispatch(
            request, *args, **kwargs)
@blueyed
Contributor
blueyed commented Aug 9, 2014

I like the idea.

You should pass login_url = self.get_login_url() to logout_then_login (which needs to get imported from contrib.auth.views).

@chrisjones-brack3t
Member

This is a decent idea. If you write some tests for it, maybe it can make it into the 1.6 release.

@chrisjones-brack3t chrisjones-brack3t added this to the 1.6 milestone Dec 4, 2014
@chrisjones-brack3t chrisjones-brack3t modified the milestone: 1.6, 1.8 Apr 14, 2015
@kennethlove
Member

Any chance of getting tests for this, @mlvn23 ?

@chrisjones-brack3t
Member

Done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment