Merge "Fix middleware to not access session fields without user auth"

This commit is contained in:
Jenkins 2013-08-14 17:08:38 +00:00 committed by Gerrit Code Review
commit 7e7965f875

View File

@ -46,24 +46,25 @@ class HorizonMiddleware(object):
def process_request(self, request):
""" Adds data necessary for Horizon to function to the request. """
# Activate timezone handling
tz = request.session.get('django_timezone')
if tz:
timezone.activate(tz)
if hasattr(request, "user") and request.user.is_authenticated():
# Activate timezone handling
tz = request.session.get('django_timezone')
if tz:
timezone.activate(tz)
# Check for session timeout
timeout = 1800
try:
timeout = settings.SESSION_TIMEOUT
except AttributeError:
pass
# Check for session timeout
timeout = 1800
try:
timeout = settings.SESSION_TIMEOUT
except AttributeError:
pass
last_activity = request.session.get('last_activity', None)
timestamp = datetime.datetime.now()
if last_activity and (timestamp - last_activity).seconds > timeout:
request.session.pop('last_activity')
return HttpResponseRedirect(settings.LOGOUT_URL)
request.session['last_activity'] = timestamp
last_activity = request.session.get('last_activity', None)
timestamp = datetime.datetime.now()
if last_activity and (timestamp - last_activity).seconds > timeout:
request.session.pop('last_activity')
return HttpResponseRedirect(settings.LOGOUT_URL)
request.session['last_activity'] = timestamp
request.horizon = {'dashboard': None,
'panel': None,