do not flatten attributes inplace, and convert expiry to seconds (fixes #9359)
Original datetime must be kept for setting the expiry, but expiry using datetime is not supported when using JSON sessions, so we convert it to seconds expiry before setting it. We also make iso8601 parsed datetime timezone aware, to match with other datetimes in Django.
This commit is contained in:
parent
e18dd7c7e5
commit
dc1e4e56ea
|
@ -9,6 +9,7 @@ import requests
|
|||
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.template.loader import render_to_string
|
||||
from django.utils.timezone import make_aware, utc, now
|
||||
import lasso
|
||||
|
||||
from . import app_settings
|
||||
|
@ -102,6 +103,7 @@ def get_idps():
|
|||
yield idp
|
||||
|
||||
def flatten_datetime(d):
|
||||
d = d.copy()
|
||||
for key, value in d.iteritems():
|
||||
if isinstance(value, datetime.datetime):
|
||||
d[key] = value.isoformat() + 'Z'
|
||||
|
@ -116,7 +118,10 @@ def iso8601_to_datetime(date_string):
|
|||
if not m:
|
||||
raise ValueError('Invalid ISO8601 date')
|
||||
tm = time.strptime(m.group(1)+'Z', "%Y-%m-%dT%H:%M:%SZ")
|
||||
return datetime.datetime.fromtimestamp(time.mktime(tm))
|
||||
return make_aware(datetime.datetime.fromtimestamp(time.mktime(tm)), utc)
|
||||
|
||||
def get_seconds_expiry(datetime_expiry):
|
||||
return (datetime_expiry - now()).total_seconds()
|
||||
|
||||
def to_list(func):
|
||||
@wraps(func)
|
||||
|
|
|
@ -133,7 +133,7 @@ class LoginView(LogMixin, View):
|
|||
unicode(user), attributes['name_id_content'])
|
||||
request.session['mellon_session'] = utils.flatten_datetime(attributes)
|
||||
if 'session_not_on_or_after' in attributes:
|
||||
request.session.set_expiry(attributes['session_not_on_or_after'])
|
||||
request.session.set_expiry(utils.get_seconds_expiry(attributes['session_not_on_or_after']))
|
||||
else:
|
||||
return render(request, 'mellon/inactive_user.html', {
|
||||
'user': user,
|
||||
|
|
Loading…
Reference in New Issue