Skip to content

Commit

Permalink
session: handle user impersonation
Browse files Browse the repository at this point in the history
  • Loading branch information
lnielsen committed Oct 17, 2023
1 parent f8efc5f commit e26f226
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions invenio_accounts/sessions.py
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,10 @@ def add_user_session(response):
session.regenerate()
# Save the session first so that the sid_s gets generated.
app.session_interface.save_session(app, session, response)
add_session(session)
current_accounts.datastore.commit()
# Don't add impersonation sessions
if "_impersonator_id" not in session:
add_session(session)
current_accounts.datastore.commit()
return response


Expand Down Expand Up @@ -130,8 +132,9 @@ def delete_session(sid_s):
# Remove entries from sessionstore
_sessionstore.delete(sid_s)
# Find and remove the corresponding SessionActivity entry
with db.session.begin_nested():
SessionActivity.query.filter_by(sid_s=sid_s).delete()
if "_impersonator_id" not in session:
with db.session.begin_nested():
SessionActivity.query.filter_by(sid_s=sid_s).delete()
return 1


Expand Down

0 comments on commit e26f226

Please sign in to comment.