summaryrefslogtreecommitdiffstats
path: root/virtualenv/pffedportal
diff options
context:
space:
mode:
authorThomas NOEL <tnoel@entrouvert.com>2013-10-31 16:12:13 (GMT)
committerThomas NOEL <tnoel@entrouvert.com>2013-10-31 16:12:13 (GMT)
commitb43a78203cb1102f8484fef1585d86c14a1bd148 (patch)
treeb748aa5027bdb65794d77e117200afc559204b69 /virtualenv/pffedportal
parentf6dbea879f23aab0cbf7db77a7fe659b5e828f18 (diff)
downloadunivnautes-old-b43a78203cb1102f8484fef1585d86c14a1bd148.zip
univnautes-old-b43a78203cb1102f8484fef1585d86c14a1bd148.tar.gz
univnautes-old-b43a78203cb1102f8484fef1585d86c14a1bd148.tar.bz2
pffedportal: use sessions.backends.file
Diffstat (limited to 'virtualenv/pffedportal')
-rwxr-xr-xvirtualenv/pffedportal/cleanup_sessions.py48
-rwxr-xr-xvirtualenv/pffedportal/del_sessions_by_pfsenseid.py26
-rw-r--r--virtualenv/pffedportal/settings.py9
3 files changed, 56 insertions, 27 deletions
diff --git a/virtualenv/pffedportal/cleanup_sessions.py b/virtualenv/pffedportal/cleanup_sessions.py
new file mode 100755
index 0000000..47976e4
--- /dev/null
+++ b/virtualenv/pffedportal/cleanup_sessions.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+'''
+delete all django sessions:
+* if pfsenseid exists in session but is not in captiveportal.db
+* if session is expired
+'''
+
+# initialise django environnement for pffedportal
+# note : the script must be launch into the pffedportal direcory
+import os
+os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
+
+import csv
+import datetime
+from django.conf import settings
+from django.contrib.sessions.backends.file import SessionStore
+
+# load pfsenseid list from captiveportal.db
+pfsenseids = [l[5] for l in csv.reader(open('/var/db/captiveportal.db'))]
+
+storage_path = settings.SESSION_FILE_PATH
+file_prefix = settings.SESSION_COOKIE_NAME
+
+for session_file in os.listdir(storage_path):
+ if not session_file.startswith(file_prefix):
+ continue
+ session_key = session_file[len(file_prefix):]
+ session = SessionStore(session_key)
+ # When an expired session is loaded, its file is removed, and a
+ # new file is immediately created. Prevent this by disabling
+ # the create() method.
+ session.create = lambda: None
+
+ session_data = session.load()
+
+ # pfsenseid doesn't exist in captiveportal.db
+ if session_data.get('pfsenseid') and session_data['pfsenseid'] not in pfsenseids:
+ session.delete()
+ continue
+
+ # expired
+ modification = os.stat(session._key_to_file()).st_ctime
+ age = datetime.datetime.now() - datetime.datetime.fromtimestamp(modification)
+ if age.seconds > session.get_expiry_age():
+ session.delete()
+ continue
+
diff --git a/virtualenv/pffedportal/del_sessions_by_pfsenseid.py b/virtualenv/pffedportal/del_sessions_by_pfsenseid.py
deleted file mode 100755
index 3ec7e4b..0000000
--- a/virtualenv/pffedportal/del_sessions_by_pfsenseid.py
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-
-'''
-delete all pffedportal (django) sessions relative to a (list of) sessionid from
-the pfsense captive portal.
-syntax : del_sessions_by_pfsenseid.py [sessionid_from_pfsense] [...]
-'''
-
-# initialise django environnement for pffedportal
-# note : the script must be launch into the pffedportal direcory
-import os
-os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
-
-import sys
-from django.contrib.sessions.models import Session
-
-pfsenseids = sys.argv[1::]
-
-# delete each session containing a sessionid in argv
-for s in Session.objects.all():
- d = s.get_decoded()
- if 'pfsenseid' in d:
- if d['pfsenseid'] in pfsenseids:
- print "delete session %s (pfsenseid=%s)" % (s.pk, d['pfsenseid'])
- s.delete()
-
diff --git a/virtualenv/pffedportal/settings.py b/virtualenv/pffedportal/settings.py
index 06268ae..4f5c11c 100644
--- a/virtualenv/pffedportal/settings.py
+++ b/virtualenv/pffedportal/settings.py
@@ -105,7 +105,14 @@ INSTALLED_APPS = (
'base',
)
-SESSION_COOKIE_NAME = "pffedportalsessionid"
+SESSION_COOKIE_NAME = 'pffedportalsessionid'
+
+SESSION_ENGINE = 'django.contrib.sessions.backends.file'
+SESSION_FILE_PATH = '/var/tmp/pffedportalsessions'
+try:
+ os.mkdir(SESSION_FILE_PATH)
+except:
+ pass
AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)