Logout if logged out and don't allow to get logged in afterwards

cps/admin.py

@@ -34,6 +34,7 @@ from babel.dates import format_datetime
 from flask import Blueprint, flash, redirect, url_for, abort, request, make_response, send_from_directory, g, Response
 from flask_login import login_required, current_user, logout_user, confirm_login
 from flask_babel import gettext as _
+from flask import session as flask_session
 from sqlalchemy import and_
 from sqlalchemy.orm.attributes import flag_modified
 from sqlalchemy.exc import IntegrityError, OperationalError, InvalidRequestError
@@ -98,8 +99,10 @@ def admin_required(f):
 
 @admi.before_app_request
 def before_request():
-    if current_user.is_authenticated:
-        confirm_login()
+    if not ub.check_user_session(current_user.id, flask_session.get('_id')):
+        logout_user()
+    # if current_user.is_authenticated:
+    # confirm_login()
     g.constants = constants
     g.user = current_user
     g.allow_registration = config.config_public_reg

cps/ub.py

@@ -60,6 +60,24 @@ app_DB_path = None
 Base = declarative_base()
 searched_ids = {}
 
+logged_in = dict()
+
+def store_user_session():
+    if flask_session.get('_user_id', ""):
+        if logged_in.get(flask_session.get('_user_id', "")):
+            logged_in[flask_session.get('_user_id', "")].append(flask_session.get('_id', ""))
+        else:
+            logged_in[flask_session.get('_user_id', "")] = [flask_session.get('_id', "")]
+        log.info(flask_session.get('_id', ""))
+
+def delete_user_session(user_id, session_key):
+    try:
+        logged_in.get(str(user_id), []).remove(session_key)
+    except ValueError:
+        pass
+
+def check_user_session(user_id, session_key):
+    return session_key in logged_in.get(str(user_id), [])
 
 def store_ids(result):
     ids = list()
@@ -72,7 +90,7 @@ class UserBase:
 
     @property
     def is_authenticated(self):
-        return True
+        return self.is_active
 
     def _has_role(self, role_flag):
         return constants.has_flag(self.role, role_flag)

cps/web.py

@@ -1513,6 +1513,7 @@ def login():
             login_result, error = services.ldap.bind_user(form['username'], form['password'])
             if login_result:
                 login_user(user, remember=bool(form.get('remember_me')))
+                ub.store_user_session()
                 log.debug(u"You are now logged in as: '%s'", user.name)
                 flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.name),
                       category="success")
@@ -1520,6 +1521,7 @@ def login():
             elif login_result is None and user and check_password_hash(str(user.password), form['password']) \
                 and user.name != "Guest":
                 login_user(user, remember=bool(form.get('remember_me')))
+                ub.store_user_session()
                 log.info("Local Fallback Login as: '%s'", user.name)
                 flash(_(u"Fallback Login as: '%(nickname)s', LDAP Server not reachable, or user not known",
                         nickname=user.name),
@@ -1549,6 +1551,7 @@ def login():
             else:
                 if user and check_password_hash(str(user.password), form['password']) and user.name != "Guest":
                     login_user(user, remember=bool(form.get('remember_me')))
+                    ub.store_user_session()
                     log.debug(u"You are now logged in as: '%s'", user.name)
                     flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.name), category="success")
                     config.config_is_initial = False
@@ -1572,6 +1575,7 @@ def login():
 @login_required
 def logout():
     if current_user is not None and current_user.is_authenticated:
+        ub.delete_user_session(current_user.id, flask_session.get('_id',""))
         logout_user()
         if feature_support['oauth'] and (config.config_login_type == 2 or config.config_login_type == 3):
             logout_oauth_user()