auth: delete current sessions on logout

On logout all session from the current bowser window are cleared. We generate
a uuid on login (and safe this in the flask session object) and delete all
padlite session with this uuid on logout.

1 files changed, 15 insertions, 1 deletions

diff --git a/auth.py b/auth.py
index 9b7d43a..5a4790d 100644
--- a/auth.py
+++ b/auth.py
@@ -1,8 +1,11 @@
 from flask_peewee.auth import Auth
-from models import User
+from flask import session
+from models import User, Session
 from app import app, db, pad
 from datetime import datetime
+from padlite import APIException
 import ldap
+import uuid
 
 class LdapAuth(Auth):
     def get_user_model(self):
@@ -36,8 +39,19 @@ class LdapAuth(Auth):
     def login_user(self, user):
         user.last_login = datetime.now()
         user.save()
+        session['uuid'] = uuid.uuid4()
         return super(LdapAuth, self).login_user(user)
 
+    def logout_user(self):
+        if 'uuid' in session:
+            for s in Session.select().where(Session.uuid == session['uuid']):
+                try:
+                    s.delete_instance()
+                except APIException:
+                    pass
+            del session['uuid']
+        return super(LdapAuth, self).logout_user()
+
     def _format_dn(self, attr, with_base_dn = True):
         if with_base_dn:
             attr.extend(app.config['LDAP']['base_dn'])