implement remember_me checkbox in the login view

if checked, we use a permanent cookie as configured in settings. if not, we use a session cookie that gets cleared at the end of the session.
2013-11-16 04:50:48 +01:00 · 2013-11-16 04:50:48 +01:00 · 56341d0581
commit 56341d0581
parent d3724032e1
3 changed files with 19 additions and 3 deletions
--- a/nsupdate/accounts/templates/registration/login.html
+++ b/nsupdate/accounts/templates/registration/login.html
@ -11,6 +11,10 @@
        <form method="post" action="{% url 'auth_login' %}">
            {% csrf_token %}
            {{ form|bootstrap }}
+            <div class="form-group">
+                <input id="id_remember_me" name="remember_me" type="checkbox">
+                <label class="control-label " for="id_remember_me">Keep me logged in</label>
+            </div>
            <p><a href="{% url 'auth_password_reset' %}">Forgot</a> your password?
               <a href="{% url 'registration_register' %}">Need an account</a>?</p>
            <button type="submit" class="btn btn-primary">login</button>
--- a/nsupdate/settings.py
+++ b/nsupdate/settings.py
@ -253,8 +253,8 @@ SESSION_COOKIE_NAME = 'sessionid'
 SESSION_COOKIE_PATH = '/'
 SESSION_COOKIE_SECURE = False  # use True here if you have set WE_HAVE_SSL = True
 SESSION_COOKIE_HTTPONLY = True
-SESSION_COOKIE_AGE = 14 * 24 * 3600  # 2 weeks, in seconds
-SESSION_EXPIRE_AT_BROWSER_CLOSE = True  # more safe than False
+SESSION_COOKIE_AGE = 14 * 24 * 3600  # 2 weeks, in seconds (remember_me is True)
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False  # more safe (remember_me is False)

 SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'

--- a/nsupdate/urls.py
+++ b/nsupdate/urls.py
@ -9,6 +9,18 @@ from registration.backends.default.views import RegistrationView
 from registration.forms import RegistrationForm


+def remember_me_login(request, *args, **kw):
+    """
+    Wraps the default login view function. If user does not want to be
+    remembered, we change the cookie to a session cookie that gets cleared
+    when the browser is closed.
+    """
+    if request.method == 'POST':
+        if not request.POST.get('remember_me'):
+            request.session.set_expiry(0)
+    return auth_views.login(request, *args, **kw)
+
+
 class Html5RegistrationForm(RegistrationForm):
    def __init__(self, *args, **kwargs):
        super(Html5RegistrationForm, self).__init__(*args, **kwargs)
@ -37,7 +49,7 @@ urlpatterns = patterns(
        name='registration_register'),
    # from registration.auth_urls:
    url(r'^accounts/login/$',
-        auth_views.login,
+        remember_me_login,
        {'authentication_form': Html5AuthenticationForm,
         'template_name': 'registration/login.html'},
        name='auth_login'),