Skip to content

Commit

Permalink
Finish rollover to session logins. Closes #201.
Browse files Browse the repository at this point in the history
  • Loading branch information
@onyxfish
onyxfish committed Aug 7, 2012
1 parent 1cfe081 commit d4153d9
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Original file line Diff line number Diff line change
@@ -1,6 +1,7 @@
1.0.1 1.0.1
----- -----


* Improve security implemention to prevent API key theft. (#201)
* Notifications list fixed in IE9. (#822) * Notifications list fixed in IE9. (#822)
* Fix for searching categories with many datasets. (#849) * Fix for searching categories with many datasets. (#849)
* Fixed broken cross-dataset export link. (#848) * Fixed broken cross-dataset export link. (#848)
Expand Down
8 changes: 8 additions & 0 deletions client/static/js/views/root.js
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -373,8 +373,16 @@ PANDA.views.Root = Backbone.View.extend({
}, },


goto_logout: function() { goto_logout: function() {
// Request a session logout
$.ajax({
url: '/logout/',
type: 'POST'
});

// Blow away local cookies
this.set_current_user(null); this.set_current_user(null);


// Back to the login screen
this.goto_login(); this.goto_login();
}, },


Expand Down
4 changes: 3 additions & 1 deletion panda/tests/test_views.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -25,9 +25,11 @@ def test_login_success(self):
body = json.loads(response.content) body = json.loads(response.content)


self.assertEqual(body['email'], 'user@pandaproject.net') self.assertEqual(body['email'], 'user@pandaproject.net')
self.assertEqual(body['api_key'], 'edfe6c5ffd1be4d3bf22f69188ac6bc0fc04c84c')
self.assertEqual(body['notifications'], []) self.assertEqual(body['notifications'], [])


# Verify old code is dead
self.assertNotIn('api_key', body)

def test_login_disabled(self): def test_login_disabled(self):
self.user.is_active = False self.user.is_active = False
self.user.save() self.user.save()
Expand Down
1 change: 1 addition & 0 deletions panda/urls.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@


urlpatterns = patterns('', urlpatterns = patterns('',
url(r'^login%s$' % trailing_slash(), views.panda_login, name="login"), url(r'^login%s$' % trailing_slash(), views.panda_login, name="login"),
url(r'^logout%s$' % trailing_slash(), views.panda_logout, name="logout"),
url(r'^check_activation_key/(?P<activation_key>[\w\d]+)%s$' % trailing_slash(), views.check_activation_key, name="check_activation_key"), url(r'^check_activation_key/(?P<activation_key>[\w\d]+)%s$' % trailing_slash(), views.check_activation_key, name="check_activation_key"),
url(r'^activate%s$' % trailing_slash(), views.activate, name="activate"), url(r'^activate%s$' % trailing_slash(), views.activate, name="activate"),
url(r'^forgot_password%s$' % trailing_slash(), views.forgot_password, name="forgot_password"), url(r'^forgot_password%s$' % trailing_slash(), views.forgot_password, name="forgot_password"),
Expand Down
10 changes: 9 additions & 1 deletion panda/views.py
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from ajaxuploader.views import AjaxFileUploader from ajaxuploader.views import AjaxFileUploader
from csvkit.exceptions import FieldSizeLimitError from csvkit.exceptions import FieldSizeLimitError
from django.conf import settings from django.conf import settings
from django.contrib.auth import authenticate, login from django.contrib.auth import authenticate, login, logout
from django.http import HttpResponse from django.http import HttpResponse
from django.utils.timezone import now from django.utils.timezone import now
from livesettings import config_value from livesettings import config_value
Expand Down Expand Up @@ -103,6 +103,14 @@ def panda_login(request):
# Invalid request # Invalid request
return JSONResponse(None, status=400) return JSONResponse(None, status=400)


def panda_logout(request):
"""
Logout any active session.
"""
logout(request)

return JSONResponse({ '__all__': 'Successfully logged out' }, status=200)

def check_activation_key(request, activation_key): def check_activation_key(request, activation_key):
""" """
Test if an activation key is valid and if so fetch information Test if an activation key is valid and if so fetch information
Expand Down

0 comments on commit d4153d9

Please sign in to comment.