Add Session Origins for Knox tokens (!13) · Merge requests · iuvia / boxui

Santiago Saavedra requested to merge feature/authsessions into master Oct 16, 2019

Mostly using Django Signals, we add a KnoxSessionOrigin model that tracks the user agent and that may in the future track session names if we want to give names to the sessions, but also locations, in order to assess whether the user is being logged in from far away.

Add KnoxSessionOrigin to the Admin site for debugging purposes.

Knox LoginView is altered to include the AuthToken instance in the user_logged_in signal in order to add the Session information when processing the signal.

A SessionView is added to alter session information. When sessions ared destroyed such tokens are logged out via another signal. This allows explicit remote-logout procedures that the Knox login functionality does not provide. However, we now have two different logout mechanisms: /users/logout with the token, but also /users/sessions/destroy/{token_digest}.

We could likely want to address the tokens by the token_key instead of digest in the future.

Add test for Knox + Sessions to see the Signals at work

Edited Oct 17, 2019 by Santiago Saavedra

Add Session Origins for Knox tokens

Merge request reports