Received: from mail.netlandish.com (mail.netlandish.com [174.136.98.166])
	by code.netlandish.com (Postfix) with ESMTP id 67A1C80F0F
	for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 16 Oct 2023 16:42:20 +0000 (UTC)
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.219.43; helo=mail-qv1-f43.google.com; envelope-from=matt@jellyfish.co; receiver=<UNKNOWN> 
Authentication-Results: mail.netlandish.com;
	dkim=pass (1024-bit key; unprotected) header.d=jellyfish.co header.i=@jellyfish.co header.b=P9EYYoy8
Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43])
	by mail.netlandish.com (Postfix) with ESMTP id 8B708152E8A
	for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 16 Oct 2023 16:42:18 +0000 (UTC)
Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-66d0169cf43so31473806d6.3
        for <~petersanchez/public-inbox@lists.code.netlandish.com>; Mon, 16 Oct 2023 09:42:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=jellyfish.co; s=google; t=1697474538; x=1698079338; darn=lists.code.netlandish.com;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=/x46e0Un9uJxMAB/sp1XT76BXBXrcg/jStMDMt0HigQ=;
        b=P9EYYoy8nXo03KzEtM1R2dUPqc4maUlOXVEXl9I3BkERwNTQ9gI/OEMtU/gfg5mZ3N
         dat223FQUmfqaNV3pEPf045oWrtv3fU3K6jHWrfxrvUSTcD/nD985gQStdv1amcmHtK5
         Van17FqMKHdF+ai5EJgiAnjHBtCurrKW4jxjo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1697474538; x=1698079338;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=/x46e0Un9uJxMAB/sp1XT76BXBXrcg/jStMDMt0HigQ=;
        b=GEHN9cSn5LwJa8Z6Wsb0M31rk3FEPE+qZKYEefERCccVE58xO6rjwTZFNuF4FrCGPR
         C/rAotFYOxtMDRoPVIBUs292DCKiunvJJ2ApKbAlcU+gsk2cZt2fThQRyoynr4mdSIn2
         dNMXzRYINiRW6gkFQh9hZAKn2PWPa4ieCQZNIxmRNSNUuPQRptIIjLXYLiVsLx8KiJmD
         viLCKGmxeQXow6JTzur2IyrkzrL/nst5J/XpfJPr7sWhJWvAD1uC2D7mnYpRzq5Fs9tK
         B9GzRSIa5eoReA4uR96yl35E/jATb6m7l9cPu9CUGnUQ+/u7tWNOgZtEa7GF/xSNVcA2
         cgFQ==
X-Gm-Message-State: AOJu0YwR79kNGLMC/PgohXFhu18VTVAoUPqi25s/55D1CMIXi1eku7Yn
	xluXeiyurTIC7G7Cd4cGdbGrlKUHYQuNFatiakziPQxs95Eb7DYi4bZZIA==
X-Google-Smtp-Source: AGHT+IHQxksSjjSDqVawElzksagL3Z/VJYWlObtrx9zSIc2u1moVtsyQDqqn3yj2mTroPiuArZaNpYbrcjshft25/gg=
X-Received: by 2002:ad4:5b8f:0:b0:66d:3165:f978 with SMTP id
 15-20020ad45b8f000000b0066d3165f978mr10313959qvp.6.1697474537939; Mon, 16 Oct
 2023 09:42:17 -0700 (PDT)
MIME-Version: 1.0
References: <CADiSC1=sr8LDkQRvjfL_VuC+Y66eeBeTnGQccyZMg99mwC4UOA@mail.gmail.com>
In-Reply-To: <CADiSC1=sr8LDkQRvjfL_VuC+Y66eeBeTnGQccyZMg99mwC4UOA@mail.gmail.com>
From: Matt Klein <matt@jellyfish.co>
Date: Mon, 16 Oct 2023 12:42:07 -0400
Message-ID: <CADiSC1k-yUQeJRFwVzpuT1uin5bYMiYXOvETuSWTGmQqtcquEQ@mail.gmail.com>
Subject: Re: [PATCH django-impersonate] Ensure an impersonation session is
 marked as ended if it's timed out
To: ~petersanchez/public-inbox@lists.code.netlandish.com
Content-Type: text/plain; charset="UTF-8"

We've noticed that, in the event an impersonation session ends by
timing out (i.e., reaching MAX_DURATION), the session's log record in
impersonate_impersonationlog isn't handled appropriately.
Specifically, the log row for that session is not given any value for
session_ended_at, making it appear as if the impersonation session
never ended. This behavior is also seen if we use code in our
CUSTOM_ALLOW function to directly call
impersonate.views.stop_impersonate.

In these cases we can see that the on_session_end signal handler logs
the message "Unfinished ImpersonationLog could not be found for
None...", indicating that the impersonator is assigned to "None"
rather than the actual user. This patch fixes that behavior by calling
the on_session_end signal handler using the request.user instead of
request.impersonator.

Thanks,
Matt Klein

--- a/vendor/django-impersonate-1.9.1/impersonate/views.py
+++ b/vendor/django-impersonate-1.9.1/impersonate/views.py
@@ -85,7 +85,12 @@ def stop_impersonate(request):
     if impersonating is not None:
         session_end.send(
             sender=None,
-            impersonator=request.impersonator,
+            # mpk 10/4/23 bug fix: set the impersonator to
request.user instead of request.impersonator,
+            # since request.impersonator might not have actually been
set for this request -- e.g., in
+            # the case where we're calling stop_impersonate directly,
or where the impersonation session
+            # is timing out because it's reached MAX_DURATION
+            # impersonator=request.impersonator,
+            impersonator=request.user,
             impersonating=impersonating,
             request=request,
         )