ac4d6ae9f6
* providers/oauth2: cleanup tokens when user is deactivated Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * use signal Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * use post_save signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * delete access tokens too Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
26 lines
1012 B
Python
26 lines
1012 B
Python
from django.contrib.auth.signals import user_logged_out
|
|
from django.db.models.signals import post_save
|
|
from django.dispatch import receiver
|
|
from django.http import HttpRequest
|
|
|
|
from authentik.core.models import User
|
|
from authentik.providers.oauth2.models import AccessToken, DeviceToken, RefreshToken
|
|
|
|
|
|
@receiver(user_logged_out)
|
|
def user_logged_out_oauth_access_token(sender, request: HttpRequest, user: User, **_):
|
|
"""Revoke access tokens upon user logout"""
|
|
if not request.session or not request.session.session_key:
|
|
return
|
|
AccessToken.objects.filter(user=user, session__session_key=request.session.session_key).delete()
|
|
|
|
|
|
@receiver(post_save, sender=User)
|
|
def user_deactivated(sender, instance: User, **_):
|
|
"""Remove user tokens when deactivated"""
|
|
if instance.is_active:
|
|
return
|
|
AccessToken.objects.filter(session__user=instance).delete()
|
|
RefreshToken.objects.filter(session__user=instance).delete()
|
|
DeviceToken.objects.filter(session__user=instance).delete()
|