Received: from mail.netlandish.com (unknown [10.138.202.29])
	by code.netlandish.com (Postfix) with ESMTP id 528268019C
	for <~petersanchez/public-inbox@lists.code.netlandish.com>; Tue, 24 Nov 2020 01:26:53 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.215.195; helo=mail-pg1-f195.google.com; envelope-from=peter@netlandish.com; receiver=<UNKNOWN> 
Authentication-Results: mail.netlandish.com;
	dkim=pass (2048-bit key; unprotected) header.d=netlandish-com.20150623.gappssmtp.com header.i=@netlandish-com.20150623.gappssmtp.com header.b=YIqRkNh/
Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195])
	by mail.netlandish.com (Postfix) with ESMTP id B06E249E83
	for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 23 Nov 2020 17:26:51 -0800 (PST)
Received: by mail-pg1-f195.google.com with SMTP id j19so15949752pgg.5
        for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 23 Nov 2020 17:26:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=netlandish-com.20150623.gappssmtp.com; s=20150623;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=KCyv+cSSILxwD39cOqR2xNkPh/vvwq+hYYoFSE9umYY=;
        b=YIqRkNh/yNqd6F9UeNKvkcZs7sqS9CuIyyjO+Nn9qvu/gaRpCKGbd62j98h9VEjHrr
         c585elE6p7Ama0dOr23mlFvlPZGTwz3r7XHez3XD2KAh/HRWYaBO31onDc0i2bdXUD8a
         0dft9pbSR/oOOJg927jOCkPngjsf8pLB/Do1b420KtsVpJzvys4fUJu5qG4cwPtRlW8Y
         fyaRbddh3rEn3WQ7vrw8I/XX14S0mRmKZk7xZ//kZNBVv1o7HbNor+5qfhnTrxTQhyCf
         Ohk4n4HgJjYCXX/acdQRcs6p2yFgI719hDNZGQRpeR5RqZbhSnMxv3XC/b7PlMjT+ibk
         THGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=KCyv+cSSILxwD39cOqR2xNkPh/vvwq+hYYoFSE9umYY=;
        b=c9CbFw9XjKIhGkF4l0q0o90OSgeXsshBMHN+gdOdJgRqmpJtlu3j5lkPwgacpEj8pa
         420wMhat80pr7/usEdHLmYSg47VOmLkZls5iIbC8UAAJdPR2ms1ZzmLLLZbnf+t9svLA
         npKAzOcyN8xbUckbln6GtNrNmeftudVeT11Jdvk3XNzMmprGJr9/drUS8OJ+MUq9AtPn
         7Zcgvc79O7OYfvIAFkbAzp/JnLNwxrvseZ6NiGfmYAeD6QUM00a7BHztyG9cH9XWlSPI
         eORdb1iidm/sPu0UZK9wavwqyulzMr8QPbNfo8Tf2NfE4bTDbXfXLPtXWEEHie99WVgI
         265g==
X-Gm-Message-State: AOAM531d0XM/nQlmgZ5df4g2xd6hp5gE2r+1aVOhBitASV+XAzsFWN+D
	dTREX0WZ/JSIjGaxQ2xEtAWzFsq5+WupAxgD
X-Google-Smtp-Source: ABdhPJwZLwV/oHFr4uQWsIvNSy791m4Gfvs/m2xN+ooSpOGYb/xC0jxCSs2CVYEoHr1SiqM23BUjjA==
X-Received: by 2002:aa7:91c7:0:b029:197:e389:fb26 with SMTP id z7-20020aa791c70000b0290197e389fb26mr1985389pfa.20.1606181210583;
        Mon, 23 Nov 2020 17:26:50 -0800 (PST)
Received: from localhost ([47.145.116.220])
        by smtp.gmail.com with ESMTPSA id u197sm13359085pfc.127.2020.11.23.17.26.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 23 Nov 2020 17:26:49 -0800 (PST)
Date: Mon, 23 Nov 2020 17:26:48 -0800
From: Peter Sanchez <peter@netlandish.com>
To: Leonhard Kuboschek <leo@jacobs-alumni.de>
Cc: ~petersanchez/public-inbox@lists.code.netlandish.com
Subject: Re: [PATCH django-impersonate] add option for auto-expiring
 impersonate sesions, implements #45
Message-ID: <20201124012648.dagh3gncwpsnhhvv@thinkpad>
X-PGP-Key: https://petersanchez.com/publickey.txt
References: <5ae6838bdebd6fa362f7.1606156358@red>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="omz5s77l2pinzj7e"
Content-Disposition: inline
In-Reply-To: <5ae6838bdebd6fa362f7.1606156358@red>


--omz5s77l2pinzj7e
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline

On 11/23, Leonhard Kuboschek wrote:
>+from datetime import datetime, timedelta

I wonder if it's not better to use the `django.utils.timezone` module
here? Also use UTC aware timestamps.

>+                start_time = datetime.fromtimestamp(request.session['_impersonate_start'])
>+                if datetime.now() - start_time > timedelta(seconds=settings.MAX_DURATION):

Use `datetime.utcfromtimestamp()` and `timezone.now()` which returns a
UTC aware copy of datetime.now(). We'd have to also use
`timezone.make_aware()` on the `start_time` variable when subtracting.

`if timezone.now() - timezone.make_aware(start_time) > ...`

I could be overthinking it but I'm imagining a crazy bug where an app is
deployed across multiple time zones, and systems are not setup to use
UTC, and then we end up invalidating sessions prematurely.

What do you think?

>     if check_allow_for_user(request, new_user):
>         request.session['_impersonate'] = new_user.pk
>+        request.session['_impersonate_start'] = datetime.now().timestamp()

If we make the change, this obviously would also have to move to
`timezone.now()`

--omz5s77l2pinzj7e
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkJViJRZ6KPWgtGGig4/80jEiNdEFAl+8YVUACgkQg4/80jEi
NdEMpRAAonfo1hB1qPZs9l2ZlfGAffWNzq3X95Lrftuxl48I1vPaMtoRoqyPNlUC
/2/5t6qBBW1Avg5NhkfHiOh8yQVKs3EWmcaeQTpI6w2n8TjbR+hUuWT1IuX5OiJB
iNnch9eB20E8lae7+fX3eArXylm/o0jw4zpVGQB8mdCvTxvqi6SMfQdNwD3ZPeLL
EhqYFGBrHHcrBAbylL/BnCras8rEXQfVwBXso1ws/R2+1onIANzNLp7mGwXE66Tw
dg8abo+Be4O6phzhB61Aoiw7i32n7Xv1o9NyaJI1ObIePj7ci3F1r5MuvDCkGYYC
VCuAyn5vRQ67IeAT9nZojhI4wAxxFAwFijeldIMTo+ifEdSu8G+aRcG0aBDmtr+T
vz1sZf8mXPJd+po4qk3XL0ED3h++xM9DjvVqADvaBSup2lNuz+Yr2EJSZgR/Wz9i
gjlapcdXsI/h90UofMKv2NxDOOimrlDgkGzpBEtDH2SI+EjIHGwTU4DGn6ypca5W
3euCkybM3PeKFJB9+gyTVUCZpqTwkDJANp03F2wmBXRh8xFs2EoNWPQQ+mGzUUNk
I3nfRz5vSv87LhYh91dpaGtGThNhQF1MEza4tZC6Nb4pznuSsHQnVt4E4ryrh+si
MK3lqB2v0g6vrHWEQj25+6noxqQo68N1O+xwCxJ2GAjmRe9Dy48=
=QcxD
-----END PGP SIGNATURE-----

--omz5s77l2pinzj7e--