From 31098aa6569bb40beb23d92d63704cee33ee85b6 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Tue, 18 Nov 2014 05:36:58 +0100
Subject: auth: delete current sessions on logout

On logout all session from the current bowser window are cleared. We generate
a uuid on login (and safe this in the flask session object) and delete all
padlite session with this uuid on logout.
---
 auth.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/auth.py b/auth.py
index 9b7d43a..5a4790d 100644
--- a/auth.py
+++ b/auth.py
@@ -1,8 +1,11 @@
 from flask_peewee.auth import Auth
-from models import User
+from flask import session
+from models import User, Session
 from app import app, db, pad
 from datetime import datetime
+from padlite import APIException
 import ldap
+import uuid
 
 class LdapAuth(Auth):
     def get_user_model(self):
@@ -36,8 +39,19 @@ class LdapAuth(Auth):
     def login_user(self, user):
         user.last_login = datetime.now()
         user.save()
+        session['uuid'] = uuid.uuid4()
         return super(LdapAuth, self).login_user(user)
 
+    def logout_user(self):
+        if 'uuid' in session:
+            for s in Session.select().where(Session.uuid == session['uuid']):
+                try:
+                    s.delete_instance()
+                except APIException:
+                    pass
+            del session['uuid']
+        return super(LdapAuth, self).logout_user()
+
     def _format_dn(self, attr, with_base_dn = True):
         if with_base_dn:
             attr.extend(app.config['LDAP']['base_dn'])
-- 
cgit v1.2.3-1-g7c22