fix: 三方登录用户无法下线 (#11592)

Co-authored-by: feng <1304903146@qq.com>
2023-09-18 16:20:55 +08:00 · 2023-09-18 16:20:55 +08:00 · 24ed57b98a
parent 04a790c4ee
commit 24ed57b98a
2 changed files with 10 additions and 3 deletions
--- a/apps/audits/signal_handlers/login_log.py
+++ b/apps/audits/signal_handlers/login_log.py
@ -82,7 +82,8 @@ def generate_data(username, request, login_type=None):
    return data


-def create_user_session(session_key, user_id, instance: UserLoginLog):
+def create_user_session(request, user_id, instance: UserLoginLog):
+    session_key = request.session.session_key
    session_store_cls = import_module(settings.SESSION_ENGINE).SessionStore
    session_store = session_store_cls(session_key=session_key)
    cache_key = session_store.cache_key
@ -99,7 +100,8 @@ def create_user_session(session_key, user_id, instance: UserLoginLog):
        'date_created': instance.datetime,
        'date_expired': instance.datetime + timedelta(seconds=ttl),
    }
-    UserSession.objects.create(**online_session_data)
+    user_session = UserSession.objects.create(**online_session_data)
+    request.session['user_session_id'] = user_session.id


@receiver(post_auth_success)
@ -116,7 +118,7 @@ def on_user_auth_success(sender, user, request, login_type=None, **kwargs):
    # TODO 目前只记录 web 登录的 session
    if not session_key or instance.type != LoginTypeChoices.web:
        return
-    create_user_session(session_key, user.id, instance)
+    create_user_session(request, user.id, instance)


@receiver(post_auth_failed)
--- a/apps/authentication/signal_handlers.py
+++ b/apps/authentication/signal_handlers.py
@ -7,6 +7,7 @@ from django.dispatch import receiver
 from django_cas_ng.signals import cas_user_authenticated

 from apps.jumpserver.settings.auth import AUTHENTICATION_BACKENDS_THIRD_PARTY
+from audits.models import UserSession
 from .signals import post_auth_success, post_auth_failed, user_auth_failed, user_auth_success


@ -23,6 +24,9 @@ def on_user_auth_login_success(sender, user, request, **kwargs):
    if not request.session.get("auth_third_party_done") and \
            request.session.get('auth_backend') in AUTHENTICATION_BACKENDS_THIRD_PARTY:
        request.session['auth_third_party_required'] = 1
+
+    user_session_id = request.session.get('user_session_id')
+    UserSession.objects.filter(id=user_session_id).update(key=request.session.session_key)
    # 单点登录，超过了自动退出
    if settings.USER_LOGIN_SINGLE_MACHINE_ENABLED:
        lock_key = 'single_machine_login_' + str(user.id)
@ -30,6 +34,7 @@ def on_user_auth_login_success(sender, user, request, **kwargs):
        if session_key and session_key != request.session.session_key:
            session = import_module(settings.SESSION_ENGINE).SessionStore(session_key)
            session.delete()
+            UserSession.objects.filter(key=session_key).delete()
        cache.set(lock_key, request.session.session_key, None)

    # 标记登录，设置 cookie，前端可以控制刷新, Middleware 会拦截这个生成 cookie