Received: from mail.netlandish.com (unknown [10.138.202.29]) by code.netlandish.com (Postfix) with ESMTP id 528268019C for <~petersanchez/public-inbox@lists.code.netlandish.com>; Tue, 24 Nov 2020 01:26:53 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.215.195; helo=mail-pg1-f195.google.com; envelope-from=peter@netlandish.com; receiver= Authentication-Results: mail.netlandish.com; dkim=pass (2048-bit key; unprotected) header.d=netlandish-com.20150623.gappssmtp.com header.i=@netlandish-com.20150623.gappssmtp.com header.b=YIqRkNh/ Received: from mail-pg1-f195.google.com (mail-pg1-f195.google.com [209.85.215.195]) by mail.netlandish.com (Postfix) with ESMTP id B06E249E83 for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 23 Nov 2020 17:26:51 -0800 (PST) Received: by mail-pg1-f195.google.com with SMTP id j19so15949752pgg.5 for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 23 Nov 2020 17:26:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netlandish-com.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=KCyv+cSSILxwD39cOqR2xNkPh/vvwq+hYYoFSE9umYY=; b=YIqRkNh/yNqd6F9UeNKvkcZs7sqS9CuIyyjO+Nn9qvu/gaRpCKGbd62j98h9VEjHrr c585elE6p7Ama0dOr23mlFvlPZGTwz3r7XHez3XD2KAh/HRWYaBO31onDc0i2bdXUD8a 0dft9pbSR/oOOJg927jOCkPngjsf8pLB/Do1b420KtsVpJzvys4fUJu5qG4cwPtRlW8Y fyaRbddh3rEn3WQ7vrw8I/XX14S0mRmKZk7xZ//kZNBVv1o7HbNor+5qfhnTrxTQhyCf Ohk4n4HgJjYCXX/acdQRcs6p2yFgI719hDNZGQRpeR5RqZbhSnMxv3XC/b7PlMjT+ibk THGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=KCyv+cSSILxwD39cOqR2xNkPh/vvwq+hYYoFSE9umYY=; b=c9CbFw9XjKIhGkF4l0q0o90OSgeXsshBMHN+gdOdJgRqmpJtlu3j5lkPwgacpEj8pa 420wMhat80pr7/usEdHLmYSg47VOmLkZls5iIbC8UAAJdPR2ms1ZzmLLLZbnf+t9svLA npKAzOcyN8xbUckbln6GtNrNmeftudVeT11Jdvk3XNzMmprGJr9/drUS8OJ+MUq9AtPn 7Zcgvc79O7OYfvIAFkbAzp/JnLNwxrvseZ6NiGfmYAeD6QUM00a7BHztyG9cH9XWlSPI eORdb1iidm/sPu0UZK9wavwqyulzMr8QPbNfo8Tf2NfE4bTDbXfXLPtXWEEHie99WVgI 265g== X-Gm-Message-State: AOAM531d0XM/nQlmgZ5df4g2xd6hp5gE2r+1aVOhBitASV+XAzsFWN+D dTREX0WZ/JSIjGaxQ2xEtAWzFsq5+WupAxgD X-Google-Smtp-Source: ABdhPJwZLwV/oHFr4uQWsIvNSy791m4Gfvs/m2xN+ooSpOGYb/xC0jxCSs2CVYEoHr1SiqM23BUjjA== X-Received: by 2002:aa7:91c7:0:b029:197:e389:fb26 with SMTP id z7-20020aa791c70000b0290197e389fb26mr1985389pfa.20.1606181210583; Mon, 23 Nov 2020 17:26:50 -0800 (PST) Received: from localhost ([47.145.116.220]) by smtp.gmail.com with ESMTPSA id u197sm13359085pfc.127.2020.11.23.17.26.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Nov 2020 17:26:49 -0800 (PST) Date: Mon, 23 Nov 2020 17:26:48 -0800 From: Peter Sanchez To: Leonhard Kuboschek Cc: ~petersanchez/public-inbox@lists.code.netlandish.com Subject: Re: [PATCH django-impersonate] add option for auto-expiring impersonate sesions, implements #45 Message-ID: <20201124012648.dagh3gncwpsnhhvv@thinkpad> X-PGP-Key: https://petersanchez.com/publickey.txt References: <5ae6838bdebd6fa362f7.1606156358@red> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="omz5s77l2pinzj7e" Content-Disposition: inline In-Reply-To: <5ae6838bdebd6fa362f7.1606156358@red> --omz5s77l2pinzj7e Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline On 11/23, Leonhard Kuboschek wrote: >+from datetime import datetime, timedelta I wonder if it's not better to use the `django.utils.timezone` module here? Also use UTC aware timestamps. >+ start_time = datetime.fromtimestamp(request.session['_impersonate_start']) >+ if datetime.now() - start_time > timedelta(seconds=settings.MAX_DURATION): Use `datetime.utcfromtimestamp()` and `timezone.now()` which returns a UTC aware copy of datetime.now(). We'd have to also use `timezone.make_aware()` on the `start_time` variable when subtracting. `if timezone.now() - timezone.make_aware(start_time) > ...` I could be overthinking it but I'm imagining a crazy bug where an app is deployed across multiple time zones, and systems are not setup to use UTC, and then we end up invalidating sessions prematurely. What do you think? > if check_allow_for_user(request, new_user): > request.session['_impersonate'] = new_user.pk >+ request.session['_impersonate_start'] = datetime.now().timestamp() If we make the change, this obviously would also have to move to `timezone.now()` --omz5s77l2pinzj7e Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkJViJRZ6KPWgtGGig4/80jEiNdEFAl+8YVUACgkQg4/80jEi NdEMpRAAonfo1hB1qPZs9l2ZlfGAffWNzq3X95Lrftuxl48I1vPaMtoRoqyPNlUC /2/5t6qBBW1Avg5NhkfHiOh8yQVKs3EWmcaeQTpI6w2n8TjbR+hUuWT1IuX5OiJB iNnch9eB20E8lae7+fX3eArXylm/o0jw4zpVGQB8mdCvTxvqi6SMfQdNwD3ZPeLL EhqYFGBrHHcrBAbylL/BnCras8rEXQfVwBXso1ws/R2+1onIANzNLp7mGwXE66Tw dg8abo+Be4O6phzhB61Aoiw7i32n7Xv1o9NyaJI1ObIePj7ci3F1r5MuvDCkGYYC VCuAyn5vRQ67IeAT9nZojhI4wAxxFAwFijeldIMTo+ifEdSu8G+aRcG0aBDmtr+T vz1sZf8mXPJd+po4qk3XL0ED3h++xM9DjvVqADvaBSup2lNuz+Yr2EJSZgR/Wz9i gjlapcdXsI/h90UofMKv2NxDOOimrlDgkGzpBEtDH2SI+EjIHGwTU4DGn6ypca5W 3euCkybM3PeKFJB9+gyTVUCZpqTwkDJANp03F2wmBXRh8xFs2EoNWPQQ+mGzUUNk I3nfRz5vSv87LhYh91dpaGtGThNhQF1MEza4tZC6Nb4pznuSsHQnVt4E4ryrh+si MK3lqB2v0g6vrHWEQj25+6noxqQo68N1O+xwCxJ2GAjmRe9Dy48= =QcxD -----END PGP SIGNATURE----- --omz5s77l2pinzj7e--