Add the concept of require_fresh_login to both the backend and frontend. Sensitive methods will now be marked with the annotation, which requires that the user has performed a login within 10 minutes or they are asked to do so in the UI before running the operation again.
This commit is contained in:
Joseph Schorr
parent
1e7e012b92
commit
e783df31e0
9 changed files with 174 additions and 61 deletions
|
|
@ -2,8 +2,9 @@ import logging
|
|||
import urlparse
|
||||
import json
|
||||
import string
|
||||
import datetime
|
||||
|
||||
from flask import make_response, render_template, request, abort
|
||||
from flask import make_response, render_template, request, abort, session
|
||||
from flask.ext.login import login_user, UserMixin
|
||||
from flask.ext.principal import identity_changed
|
||||
from random import SystemRandom
|
||||
|
|
@ -112,6 +113,7 @@ def common_login(db_user):
|
|||
logger.debug('Successfully signed in as: %s' % db_user.username)
|
||||
new_identity = QuayDeferredPermissionUser(db_user.username, 'username', {scopes.DIRECT_LOGIN})
|
||||
identity_changed.send(app, identity=new_identity)
|
||||
session['login_time'] = datetime.datetime.now()
|
||||
return True
|
||||
else:
|
||||
logger.debug('User could not be logged in, inactive?.')
|
||||
|
|
|
|||
Reference in a new issue