update user login functionality and add Redis session management

opensipkd/base/scripts/data/routes.csv

@@ -8,7 +8,7 @@ base-password,/password,base,user_login,ViewPassword,change_password,1,view,,Cha
 base-password-request,/password/{code}/request,base,user_login,ViewPassword,change_password_request,1,,,Change Password,1,0,,0,form8.pt,
 base-password-request,/password/{code}/request,base,user_login,ViewPassword,change_password_request,1,,,Change Password,1,0,,0,form8.pt,
 base-profile,/profile,base,register,,view_profile,,view,,Profile,1,0,,0,form8.pt,
 base-profile,/profile,base,register,,view_profile,,view,,Profile,1,0,,0,form8.pt,
 base-register,/register,base,register,,view_register,,,,Register,1,0,,0,form8.pt,
 base-register,/register,base,register,,view_register,,,,Register,1,0,,0,form8.pt,
-base-recreate-api-key,/recreate-api-key,base,register,ViewPassword,recreate-api-key,,,,Get Api Key,1,0,,0,recreate-api-key.pt,
+base-recreate-api-key,/recreate-api-key,base,user_login,ViewPassword,recreate-api-key,,,,Get Api Key,1,0,,0,recreate-api-key.pt,
 base-admin,#,base,,,,,admin,,Administrator,1,0,,1,,
 base-admin,#,base,,,,,admin,,Administrator,1,0,,1,,
 base-user,/user,base,user,,view_list,,user-view,base-admin,User,1,0,,1,form.pt,
 base-user,/user,base,user,,view_list,,user-view,base-admin,User,1,0,,1,form.pt,
 base-user-act,/user/{act}/act,base,user,,,,user-view,base-user,User Action,1,0,,,json,
 base-user-act,/user/{act}/act,base,user,,,,user-view,base-user,User Action,1,0,,,json,

opensipkd/base/views/user_login.py

@@ -55,6 +55,15 @@ _ = TranslationStringFactory('login')
 
 
 log = __import__("logging").getLogger(__name__)
 log = __import__("logging").getLogger(__name__)
 
 
+# import redis
+
+# # Configuration (ideally from environment variables)
+# redis_client = redis.Redis(
+#     host='localhost', 
+#     port=6379, 
+#     db=0, 
+#     decode_responses=True # Returns strings instead of bytes
+# )
 
 
 class Login(CSRFSchema):
 class Login(CSRFSchema):
     username = colander.SchemaNode(
     username = colander.SchemaNode(
@@ -477,12 +486,34 @@ def redirect_login(request, user):
     set_user_log("Login Sukses", request, log, user.user_name)
     set_user_log("Login Sukses", request, log, user.user_name)
     for g in user.groups:
     for g in user.groups:
         log.debug(f"Group: {g.id} as {g.group_name}")
         log.debug(f"Group: {g.id} as {g.group_name}")
+        
+    # active_session_key = f"user_session:{user.id}"
+    # existing_session = redis_client.get(active_session_key)
+
+    # if existing_session:
+    #     # Option A: Block Login
+    #     # return {'error': 'User already logged in elsewhere.'}
+        
+    #     # Option B: Or, implement "kick old session" logic here
+    #     # DBSession.invalidate
+    #     session_factory.invalidate(existing_session)
+
+    # # 3. Create new session
+    # session_id = request.session.session_id
+    # headers = remember(request, user.id)
+    
+    # # 4. Map user to this session in Redis
+    # redis_client.set(active_session_key, session_id)
+    
+    # return HTTPFound(location='/dashboard', headers=headers)
 
 
     headers = get_login_headers(request, user)
     headers = get_login_headers(request, user)
     log.debug(request.headers)
     log.debug(request.headers)
     if request.is_xhr:
     if request.is_xhr:
         return xhr_response(user, headers)
         return xhr_response(user, headers)
     next_url = request.params.get('next')
     next_url = request.params.get('next')
+    
+
 
 
     if not next_url and request.matched_route.name == 'login':
     if not next_url and request.matched_route.name == 'login':
         url = get_params('modules_default', 'base-home')
         url = get_params('modules_default', 'base-home')
@@ -570,14 +601,29 @@ class ViewPassword(BaseView):
         try:
         try:
             c = form.validate(items)
             c = form.validate(items)
         except ValidationFailure as e:
         except ValidationFailure as e:
-            return dict(form=e.render())
+            return dict(form=e.render(), scripts="")
 
 
         user = request.user
         user = request.user
         user.security_code = None
         user.security_code = None
+        
+        if get_params('external-uim'):
+            pckgs = get_params('external-uim')
+            m = import_module(pckgs)
+            try:
+                m.change_password(user.user_name, c['password'], c['new_password'])
+            except Exception as e:
+                log.warn(str(e))
+                request.session.flash(str(e), "error")
+                return HTTPFound(location=request.route_url('base-password'))  
+            headers = forget(request)
+            request.session.delete()
+            request.response.headers.update(headers)
+            request.session.flash("Password berhasil diubah, Silahkan login ulang")
+            return HTTPFound(location=request.route_url('base-login'), headers=headers)
+        
         if not UserService.check_password(user, c['password']):
         if not UserService.check_password(user, c['password']):
             request.session.flash('Password lama tidak sesuai', 'error')
             request.session.flash('Password lama tidak sesuai', 'error')
             return HTTPFound(location=request.route_url('base-password'))
             return HTTPFound(location=request.route_url('base-password'))
-
         UserService.set_password(user, c['new_password'])
         UserService.set_password(user, c['new_password'])
         self.db_session.add(user)
         self.db_session.add(user)
         self.db_session.flush()
         self.db_session.flush()