Feature/339 better sessions

requirements/base.in

@@ -25,7 +25,7 @@ maykin-django-two-factor-auth
 phonenumbers
 django-localflavor
 django-privates
-git+https://bitbucket.org/maykinmedia/django-digid-eherkenning.git@02ac61c42f6dd2f229ba9f0f687fa1a4160511be#egg=digid_eherkenning
+django-digid-eherkenning
 django-cors-headers
 dj-rest-auth
 django-allauth

requirements/base.txt

@@ -40,25 +40,23 @@ cssselect2==0.4.1
     # via weasyprint
 defusedxml==0.7.1
     # via
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   odfpy
     #   python3-openid
 diff-match-patch==20200713
     # via django-import-export
-digid-eherkenning @ git+https://bitbucket.org/maykinmedia/django-digid-eherkenning.git@02ac61c42f6dd2f229ba9f0f687fa1a4160511be
-    # via -r requirements/base.in
 dj-rest-auth==2.1.11
     # via -r requirements/base.in
 django==3.2.12
     # via
     #   -r requirements/base.in
-    #   digid-eherkenning
     #   dj-rest-auth
     #   django-allauth
     #   django-appconf
     #   django-axes
     #   django-choices
     #   django-cors-headers
+    #   django-digid-eherkenning
     #   django-extra-fields
     #   django-filer
     #   django-filter
@@ -100,7 +98,7 @@ django-better-admin-arrayfield==1.4.2
 django-choices==1.7.2
     # via
     #   -r requirements/base.in
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   mail-editor
     #   zgw-consumers
 django-ckeditor==6.2.0
@@ -109,6 +107,8 @@ django-colorfield==0.4.5
     # via -r requirements/base.in
 django-cors-headers==3.10.0
     # via -r requirements/base.in
+django-digid-eherkenning==0.3.1
+    # via -r requirements/base.in
 django-elasticsearch-dsl==7.2.1
     # via -r requirements/base.in
 django-extra-fields==3.0.2
@@ -198,7 +198,9 @@ fontawesomefree==6.1.1
 fonttools[woff]==4.29.1
     # via weasyprint
 furl==2.1.3
-    # via -r requirements/base.in
+    # via
+    #   -r requirements/base.in
+    #   django-digid-eherkenning
 gemma-zds-client==1.0.1
     # via zgw-consumers
 geographiclib==1.52
@@ -223,6 +225,7 @@ jsonschema==4.1.0
     # via drf-spectacular
 lxml==4.6.3
     # via
+    #   django-digid-eherkenning
     #   python3-saml
     #   xmlsec
 mail-editor @ git+https://github.com/maykinmedia/mail-editor.git@0b4621b5c7f434586115b8e722af8940cfa70195

requirements/ci.txt

@@ -76,18 +76,14 @@ defusedxml==0.7.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   odfpy
     #   python3-openid
 diff-match-patch==20200713
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-import-export
-digid-eherkenning @ git+https://bitbucket.org/maykinmedia/django-digid-eherkenning.git@02ac61c42f6dd2f229ba9f0f687fa1a4160511be
-    # via
-    #   -c requirements/base.txt
-    #   -r requirements/base.txt
 dj-rest-auth==2.1.11
     # via
     #   -c requirements/base.txt
@@ -96,13 +92,13 @@ django==3.2.12
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-    #   digid-eherkenning
     #   dj-rest-auth
     #   django-allauth
     #   django-appconf
     #   django-axes
     #   django-choices
     #   django-cors-headers
+    #   django-digid-eherkenning
     #   django-extra-fields
     #   django-filer
     #   django-filter
@@ -158,7 +154,7 @@ django-choices==1.7.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   mail-editor
     #   zgw-consumers
 django-ckeditor==6.2.0
@@ -174,6 +170,10 @@ django-cors-headers==3.10.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+django-digid-eherkenning==0.3.1
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
 django-elasticsearch-dsl==7.2.1
     # via
     #   -c requirements/base.txt
@@ -360,6 +360,7 @@ furl==2.1.3
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   django-digid-eherkenning
 gemma-zds-client==1.0.1
     # via
     #   -c requirements/base.txt
@@ -420,6 +421,7 @@ lxml==4.6.3
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   django-digid-eherkenning
     #   pyquery
     #   python3-saml
     #   xmlsec

requirements/dev.txt

@@ -96,18 +96,14 @@ defusedxml==0.7.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   odfpy
     #   python3-openid
 diff-match-patch==20200713
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   django-import-export
-digid-eherkenning @ git+https://bitbucket.org/maykinmedia/django-digid-eherkenning.git@02ac61c42f6dd2f229ba9f0f687fa1a4160511be
-    # via
-    #   -c requirements/ci.txt
-    #   -r requirements/ci.txt
 dj-rest-auth==2.1.11
     # via
     #   -c requirements/ci.txt
@@ -117,14 +113,14 @@ django==3.2.12
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   ddt-api-calls
-    #   digid-eherkenning
     #   dj-rest-auth
     #   django-allauth
     #   django-appconf
     #   django-axes
     #   django-choices
     #   django-cors-headers
     #   django-debug-toolbar
+    #   django-digid-eherkenning
     #   django-extensions
     #   django-extra-fields
     #   django-filer
@@ -181,7 +177,7 @@ django-choices==1.7.2
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
-    #   digid-eherkenning
+    #   django-digid-eherkenning
     #   mail-editor
     #   zgw-consumers
 django-ckeditor==6.2.0
@@ -199,6 +195,10 @@ django-cors-headers==3.10.0
     #   -r requirements/ci.txt
 django-debug-toolbar==3.2.2
     # via -r requirements/dev.in
+django-digid-eherkenning==0.3.1
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
 django-elasticsearch-dsl==7.2.1
     # via
     #   -c requirements/ci.txt
@@ -399,6 +399,7 @@ furl==2.1.3
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
+    #   django-digid-eherkenning
 gemma-zds-client==1.0.1
     # via
     #   -c requirements/ci.txt
@@ -470,6 +471,7 @@ lxml==4.6.3
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
+    #   django-digid-eherkenning
     #   pyquery
     #   python3-saml
     #   xmlsec

src/open_inwoner/accounts/migrations/0030_message_file.py

@@ -1,6 +1,7 @@
 # Generated by Django 3.2.12 on 2022-03-07 15:33
 
 from django.db import migrations, models
+
 import privates.storages
 
 

src/open_inwoner/accounts/migrations/0031_message_uuid.py

@@ -1,8 +1,9 @@
 # Generated by Django 3.2.12 on 2022-03-14 10:54
 
-from django.db import migrations, models
 import uuid
 
+from django.db import migrations, models
+
 
 class Migration(migrations.Migration):
 

src/open_inwoner/accounts/migrations/0033_alter_message_uuid.py

@@ -1,8 +1,9 @@
 # Generated by Django 3.2.12 on 2022-03-14 10:57
 
-from django.db import migrations, models
 import uuid
 
+from django.db import migrations, models
+
 
 class Migration(migrations.Migration):
 

src/open_inwoner/conf/base.py

@@ -159,6 +159,7 @@
     "open_inwoner.haalcentraal",
     "open_inwoner.openzaak",
     "open_inwoner.questionnaire",
+    "open_inwoner.extended_sessions",
 ]
 
 MIDDLEWARE = [
@@ -175,6 +176,7 @@
     "hijack.middleware.HijackUserMiddleware",
     "django_otp.middleware.OTPMiddleware",
     "django.contrib.flatpages.middleware.FlatpageFallbackMiddleware",
+    "open_inwoner.extended_sessions.middleware.SessionTimeoutMiddleware",
 ]
 
 ROOT_URLCONF = "open_inwoner.urls"
@@ -358,6 +360,9 @@
 
 SESSION_COOKIE_NAME = "open_inwoner_sessionid"
 SESSION_ENGINE = "django.contrib.sessions.backends.cache"
+ADMIN_SESSION_COOKIE_AGE = 86400
+SESSION_WARN_DELTA = 60  # Warn 1 minute before end of session.
+SESSION_COOKIE_AGE = 900  # Set to 15 minutes
 
 LOGIN_REDIRECT_URL = reverse_lazy("root")
 LOGOUT_REDIRECT_URL = reverse_lazy("root")

src/open_inwoner/extended_sessions/middleware.py

@@ -0,0 +1,27 @@
+from datetime import timedelta
+
+from django.conf import settings
+
+SESSION_EXPIRES_IN_HEADER = "X-Session-Expires-In"
+
+
+class SessionTimeoutMiddleware:
+    """
+    Allows us to set the expiry time of the session based on what
+    is configured in our GlobalConfiguration
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        timeout = (
+            settings.ADMIN_SESSION_COOKIE_AGE
+            if request.user.is_staff
+            else settings.SESSION_COOKIE_AGE
+        )
+        # https://docs.djangoproject.com/en/2.2/topics/http/sessions/#django.contrib.sessions.backends.base.SessionBase.set_expiry
+        request.session.set_expiry(timeout)
+        response = self.get_response(request)
+        response[SESSION_EXPIRES_IN_HEADER] = timeout
+        return response

src/open_inwoner/extended_sessions/templates/sessions/session_timeout.html

@@ -0,0 +1,10 @@
+{% load l10n %}
+
+{% if user.is_authenticated %}
+    <div
+        id="session-timeout"
+        data-expiry-age="{{ expiry_age|unlocalize }}"
+        data-warn-time="{{ warn_time|unlocalize }}"
+    >
+    </div>
+{% endif %}