From d5c41289d4d238ed9261f4f46d052f4b079b1087 Mon Sep 17 00:00:00 2001 From: joamag Date: Wed, 13 Jan 2016 10:03:02 +0000 Subject: [PATCH] new set and unset session --- src/appier_extras/parts/admin/models/account.py | 17 +++++++++++++++++ src/appier_extras/parts/admin/part.py | 17 ++--------------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/src/appier_extras/parts/admin/models/account.py b/src/appier_extras/parts/admin/models/account.py index 2c729ac5..2547a974 100644 --- a/src/appier_extras/parts/admin/models/account.py +++ b/src/appier_extras/parts/admin/models/account.py @@ -308,6 +308,23 @@ def unpack(cls, password): def is_encrypted(cls, password): return password.count(":") > 0 + @classmethod + def _unset_session(cls): + session = appier.get_session() + if "username" in session: del session["username"] + if "name" in session: del session["name"] + if "email" in session: del session["email"] + if "type" in session: del session["type"] + if "tokens" in session: del session["tokens"] + if "params" in session: del session["params"] + if "fb.access_token" in session: del session["fb.access_token"] + if "tw.oauth_token" in session: del session["tw.oauth_token"] + if "tw.oauth_token_secret" in session: del session["tw.oauth_token_secret"] + if "tw.oauth_temporary" in session: del session["tw.oauth_temporary"] + if "gg.access_token" in session: del session["gg.access_token"] + if "gh.access_token" in session: del session["gh.access_token"] + if "live.access_token" in session: del session["live.access_token"] + def pre_save(self): base.Base.pre_save(self) if hasattr(self, "password"): self.password = self.encrypt(self.password) diff --git a/src/appier_extras/parts/admin/part.py b/src/appier_extras/parts/admin/part.py index 10f2aa2a..bc577371 100644 --- a/src/appier_extras/parts/admin/part.py +++ b/src/appier_extras/parts/admin/part.py @@ -220,17 +220,7 @@ def logout(self): # verifies the existence of the various account related session # attributes and in case they exist removes them from session as # the user is currently logging out from session - if "username" in self.session: del self.session["username"] - if "email" in self.session: del self.session["email"] - if "type" in self.session: del self.session["type"] - if "tokens" in self.session: del self.session["tokens"] - if "fb.access_token" in self.session: del self.session["fb.access_token"] - if "tw.oauth_token" in self.session: del self.session["tw.oauth_token"] - if "tw.oauth_token_secret" in self.session: del self.session["tw.oauth_token_secret"] - if "tw.oauth_temporary" in self.session: del self.session["tw.oauth_temporary"] - if "gg.access_token" in self.session: del self.session["gg.access_token"] - if "gh.access_token" in self.session: del self.session["gh.access_token"] - if "live.access_token" in self.session: del self.session["live.access_token"] + models.Account._unset_session() # runs the proper redirect operation, taking into account if the # next value has been provided or not @@ -945,10 +935,7 @@ def login_api(self): # updates the current session with the proper # values to correctly authenticate the user - self.session["username"] = account.username - self.session["email"] = account.email - self.session["type"] = account.type_s() - self.session["tokens"] = account.tokens() + account._set_session() # retrieves the session identifier (sid) for the currently # assigned session, this is going to be used in the next