CityOfNewYork · johnyu95 · May 2, 2023 · May 2, 2023
diff --git a/.env.example b/.env.example
@@ -6,6 +6,8 @@ BASE_URL=<BASE URL FOR DEPLOYED APP>
 VIEW_REQUEST_ENDPOINT=<ENDPOINT FOR VIEWING A REQUEST>
 APP_TIMEZONE=<LOCAL APPLICATION TIMEZONE>
 SESSION_COOKIE_SECURE=True
+SESSION_TYPE=<FLASK-SESSION SESSION TYPE>
+SESSION_REFRESH_EACH_REQUEST=True
 ERROR_RECIPIENTS=
 
 # Log Settings

diff --git a/app/__init__.py b/app/__init__.py
@@ -12,16 +12,14 @@
 from flask import (Flask, abort, render_template, request as flask_request)
 from flask_bootstrap import Bootstrap
 from flask_elasticsearch import FlaskElasticsearch
-from flask_kvsession import KVSessionExtension
 from flask_login import LoginManager, current_user
 from flask_mail import Mail
 from flask_moment import Moment
 from flask_sqlalchemy import SQLAlchemy
 from flask_tracy import Tracy
 from flask_wtf import CsrfProtect
+from flask_session import Session
 from raven.contrib.flask import Sentry
-from simplekv.decorator import PrefixDecorator
-from simplekv.memory.redisstore import RedisStore
 
 from app import celery_config
 from app.constants import OPENRECORDS_DL_EMAIL
@@ -36,11 +34,12 @@
 mail = Mail()
 tracy = Tracy()
 login_manager = LoginManager()
-store = RedisStore(redis.StrictRedis(db=Config.SESSION_REDIS_DB,
-                                     host=Config.REDIS_HOST, port=Config.REDIS_PORT))
-session_redis = PrefixDecorator('session_', store)
+store = redis.StrictRedis(db=Config.SESSION_REDIS_DB,
+                          host=Config.REDIS_HOST,
+                          port=Config.REDIS_PORT)
 celery = Celery(__name__, broker=Config.CELERY_BROKER_URL)
 sentry = Sentry()
+sess = Session()
 
 upload_redis = redis.StrictRedis(
     db=Config.UPLOAD_REDIS_DB, host=Config.REDIS_HOST, port=Config.REDIS_PORT)
@@ -113,6 +112,7 @@ def create_app(config_name='default'):
     celery.conf.update(app.config)
     celery.config_from_object(celery_config)
     sentry.init_app(app, logging=app.config["USE_SENTRY"], level=logging.INFO)
+    sess.init_app(app)
 
     with app.app_context():
         from app.models import Anonymous
@@ -121,7 +121,6 @@ def create_app(config_name='default'):
         if app.config['USE_SAML']:
             login_manager.login_message = None
             login_manager.login_message_category = None
-        KVSessionExtension(session_redis, app)
 
     # Error Handlers
     @app.errorhandler(400)

diff --git a/app/auth/utils.py b/app/auth/utils.py
@@ -407,7 +407,7 @@ def saml_sls(saml_sp, user_guid):
         Response Object: Redirect the user to the Home Page.
 
     """
-    dscb = session.destroy()
+    dscb = session.clear()
     url = saml_sp.process_slo(delete_session_cb=dscb)
     errors = saml_sp.get_errors()
     logout_user()
@@ -420,7 +420,9 @@ def saml_sls(saml_sp, user_guid):
                 'type': current_app.config['AUTH_TYPE']
             }
         )
-        return redirect(url) if url else redirect(url_for('main.index'))
+        redir = redirect(url) if url else redirect(url_for('main.index'))
+        redir.headers['Clear-Site-Data'] = '"*"'
+        return redir
     else:
         error_message = "Errors on SAML Logout:\n{errors}".format(errors='\n'.join(errors))
         current_app.logger.exception(error_message)
@@ -433,8 +435,10 @@ def saml_sls(saml_sp, user_guid):
                 'errors': error_message
             }
         )
+        redir = redirect(url_for('main.index'))
+        redir.headers['Clear-Site-Data'] = '"*"'
         flash("Sorry! An unexpected error has occurred. Please try again later.", category='danger')
-        return redirect(url_for('main.index'))
+        return redir
 
 
 def saml_slo(saml_sp):

diff --git a/app/auth/views.py b/app/auth/views.py
@@ -116,7 +116,7 @@ def logout():
 
     elif current_app.config["USE_LOCAL_AUTH"]:
         logout_user()
-        session.destroy()
+        session.clear()
         if timeout:
             flash("Your session timed out. Please login again", category="info")
         return redirect(url_for("main.index"))
@@ -259,7 +259,6 @@ def ldap_login():
 
             if authenticated:
                 login_user(user)
-                session.regenerate()
                 session["user_id"] = current_user.get_id()
 
                 create_auth_event(
@@ -332,7 +331,7 @@ def ldap_logout():
             'timed_out': timed_out
         }
     )
-    session.destroy()
+    session.clear()
     if timed_out:
         flash("Your session timed out. Please login again", category="info")
     return redirect(url_for("main.index"))
@@ -360,7 +359,6 @@ def local_login():
 
         if user is not None:
             login_user(user)
-            session.regenerate()
             session["user_id"] = current_user.get_id()
 
             create_auth_event(
@@ -411,7 +409,7 @@ def local_logout(timed_out=False):
             'type': current_app.config['AUTH_TYPE']
         }
     )
-    session.destroy()
+    session.clear()
     if timed_out:
         flash("Your session timed out. Please login again", category="info")
     return redirect(url_for("main.index"))
diff --git a/app/jobs.py b/app/jobs.py
@@ -6,13 +6,13 @@
 from psycopg2 import OperationalError
 from sqlalchemy.exc import SQLAlchemyError
 
-from app import calendar, sentry, db
+from app import calendar, db, store
 from app.constants import OPENRECORDS_DL_EMAIL, request_status
 from app.constants.event_type import EMAIL_NOTIFICATION_SENT, REQ_STATUS_CHANGED
 from app.constants.response_privacy import PRIVATE
 from app.lib.db_utils import create_object, update_object
 from app.lib.email_utils import send_email
-from app.models import Agencies, Emails, Events, Requests
+from app.models import Agencies, Emails, Events, Requests, Users
 
 # NOTE: (For Future Reference)
 # If we find ourselves in need of a request context, app.test_request_context() might come in handy.
@@ -174,3 +174,21 @@ def update_next_request_number():
         db.session.commit()
     except SQLAlchemyError:
         db.session.rollback()
+
+
+def _clear_expired_session_ids():
+    """
+    Celery task to clear session ids that are no longer valid.
+    :return:
+    """
+    users = Users.query.with_entities(Users.guid, Users.session_id).filter(Users.session_id.isnot(None)).all()
+    if users:
+        for user in users:
+            if store.get("session:" + user[1]) is None:
+                update_object(
+                    {
+                        'session_id': None
+                    },
+                    Users,
+                    user[0]
+                )
diff --git a/app/lib/redis_utils.py b/app/lib/redis_utils.py
@@ -1,20 +1,15 @@
 import os
-from app import sentry
 
 try:
     import cPickle as pickle
 except ImportError:
     import pickle
 
-from flask import current_app
 from app import upload_redis as redis
 from app.lib.file_utils import (
     os_get_hash,
     os_get_mime_type
 )
-from flask_kvsession import (
-    KVSession
-)
 
 
 # Redis File Utilities
@@ -58,25 +53,3 @@ def _get_file_metadata_key(request_or_response_id, filepath, is_update):
     return '|'.join((str(request_or_response_id),
                      os.path.basename(filepath),
                      'update' if is_update else 'new'))
-
-
-# Redis Session Utilities
-def redis_get_user_session(session_id):
-    serialization_method = pickle
-    session_class = KVSession
-
-    try:
-        s = session_class(serialization_method.loads(
-            current_app.kvsession_store.get(session_id)
-        ))
-        s.sid_s = session_id
-
-        return s
-
-    except KeyError:
-        sentry.captureException()
-        return None
-
-
-def redis_delete_user_session(session_id):
-    redis.delete(session_id)
diff --git a/app/main/views.py b/app/main/views.py
@@ -30,7 +30,7 @@ def index():
             return render_template('main/home.html', duplicate_session=True)
         update_object(
             {
-                'session_id': session.sid_s
+                'session_id': session.sid
             },
             Users,
             current_user.guid

diff --git a/app/static/js/plugins/bootstrap-session-timeout.min.js b/app/static/js/plugins/bootstrap-session-timeout.min.js