SILVER
/
NODEDC_TASKMANAGER
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ИСПРАВЛЕНИЕ - NODEDC TASK: жестко очищать сессию при logout

This commit is contained in:
DCCONSTRUCTIONS 2026-05-05 09:58:23 +03:00
parent f02865512f
commit ed18a07154
3 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plane-src/apps/api/plane/authentication/views/app/signout.py
View File

@ -8,13 +8,16 @@ from django.http import HttpResponseRedirect
# Module imports # Module imports
from plane.authentication.utils.host import base_host from plane.authentication.utils.host import base_host
from plane.authentication.views.nodedc_logout import get_logout_redirect_url, logout_current_user from plane.authentication.views.nodedc_logout import clear_nodedc_auth_cookies, get_logout_redirect_url, logout_current_user
class SignOutAuthEndpoint(View): class SignOutAuthEndpoint(View):
def post(self, request): def post(self, request):
redirect_url = get_logout_redirect_url(base_host(request=request, is_app=True))
try: try:
logout_current_user(request) logout_current_user(request)
return HttpResponseRedirect(get_logout_redirect_url(base_host(request=request, is_app=True)))
except Exception: except Exception:
return HttpResponseRedirect(get_logout_redirect_url(base_host(request=request, is_app=True))) pass
response = HttpResponseRedirect(redirect_url)
return clear_nodedc_auth_cookies(response, request)

40
plane-src/apps/api/plane/authentication/views/nodedc_logout.py
View File

@ -1,6 +1,7 @@
import os import os
from django.contrib.auth import logout from django.contrib.auth import logout
from django.conf import settings
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
from django.utils import timezone from django.utils import timezone
from django.views import View from django.views import View
@ -31,14 +32,49 @@ def logout_current_user(request):
logout(request) logout(request)
def clear_nodedc_auth_cookies(response, request=None):
cookie_names = (
getattr(settings, "SESSION_COOKIE_NAME", "session-id"),
getattr(settings, "CSRF_COOKIE_NAME", "csrftoken"),
getattr(settings, "ADMIN_SESSION_COOKIE_NAME", "admin-session-id"),
"sessionid",
"session-id",
"csrftoken",
)
domain = getattr(settings, "SESSION_COOKIE_DOMAIN", None) or getattr(settings, "CSRF_COOKIE_DOMAIN", None)
if request is not None:
host = request.get_host().split(":", 1)[0].lower()
for suffix in (".local.nodedc", ".local.notdc", ".notdc.ru", ".nodedc.ru"):
if host.endswith(suffix):
domain = domain or suffix
break
for cookie_name in filter(None, cookie_names):
response.delete_cookie(cookie_name, path="/")
if domain:
session_cookie_name = getattr(settings, "SESSION_COOKIE_NAME", "session-id")
response["Set-Cookie"] = (
f'{session_cookie_name}=""; Domain={domain}; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/'
)
response["Cache-Control"] = "no-store, no-cache, must-revalidate, max-age=0"
response["Clear-Site-Data"] = '"cookies", "storage"'
response["Pragma"] = "no-cache"
return response
class NodeDCFrontChannelLogoutEndpoint(View): class NodeDCFrontChannelLogoutEndpoint(View):
def get(self, request): def get(self, request):
logout_current_user(request) logout_current_user(request)
return HttpResponse( response = HttpResponse(
"<!doctype html><html><head><meta charset='utf-8'></head><body>NODE.DC Task session closed.</body></html>", "<!doctype html><html><head><meta charset='utf-8'></head><body>NODE.DC Task session closed.</body></html>",
content_type="text/html", content_type="text/html",
) )
return clear_nodedc_auth_cookies(response, request)
def post(self, request): def post(self, request):
logout_current_user(request) logout_current_user(request)
return HttpResponseRedirect(get_logout_redirect_url("/")) response = HttpResponseRedirect(get_logout_redirect_url("/"))
return clear_nodedc_auth_cookies(response, request)

12
plane-src/apps/api/plane/authentication/views/space/signout.py
View File

@ -8,18 +8,20 @@ from django.http import HttpResponseRedirect
# Module imports # Module imports
from plane.authentication.utils.host import base_host from plane.authentication.utils.host import base_host
from plane.authentication.views.nodedc_logout import get_logout_redirect_url, logout_current_user from plane.authentication.views.nodedc_logout import clear_nodedc_auth_cookies, get_logout_redirect_url, logout_current_user
from plane.utils.path_validator import get_safe_redirect_url from plane.utils.path_validator import get_safe_redirect_url
class SignOutAuthSpaceEndpoint(View): class SignOutAuthSpaceEndpoint(View):
def post(self, request): def post(self, request):
next_path = request.POST.get("next_path") next_path = request.POST.get("next_path")
url = get_safe_redirect_url(base_url=base_host(request=request, is_space=True), next_path=next_path)
redirect_url = get_logout_redirect_url(url)
try: try:
logout_current_user(request) logout_current_user(request)
url = get_safe_redirect_url(base_url=base_host(request=request, is_space=True), next_path=next_path)
return HttpResponseRedirect(get_logout_redirect_url(url))
except Exception: except Exception:
url = get_safe_redirect_url(base_url=base_host(request=request, is_space=True), next_path=next_path) pass
return HttpResponseRedirect(get_logout_redirect_url(url))
response = HttpResponseRedirect(redirect_url)
return clear_nodedc_auth_cookies(response, request)