[AIRFLOW-6352] security - ui - add login timeout (#6912)

(cherry picked from commit 0721d62)
apache · Dec 30, 2019 · d12d400 · d12d400
1 parent b8a3e26
commit d12d400
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/airflow/config_templates/default_airflow.cfg b/airflow/config_templates/default_airflow.cfg
@@ -368,10 +368,13 @@ default_wrap = False
 # on webserver startup
 update_fab_perms = True
 
+# Minutes of non-activity before logged out from UI
+# 0 means never get forcibly logged out
+force_log_out_after = 0
+
 [email]
 email_backend = airflow.utils.email.send_email_smtp
 
-
 [smtp]
 # If you want airflow to send emails on retries, failure, and you want to use
 # the airflow.utils.email.send_email_smtp function, you have to configure an

diff --git a/airflow/www/app.py b/airflow/www/app.py
@@ -183,6 +183,15 @@ def jinja_globals():
                 'navbar_color': conf.get('webserver', 'NAVBAR_COLOR'),
             }
 
+        @app.before_request
+        def before_request():
+            _force_log_out_after = conf.getint('webserver', 'FORCE_LOG_OUT_AFTER', fallback=0)
+            if _force_log_out_after > 0:
+                flask.session.permanent = True
+                app.permanent_session_lifetime = datetime.timedelta(minutes=_force_log_out_after)
+                flask.session.modified = True
+                flask.g.user = flask_login.current_user
+
         @app.teardown_appcontext
         def shutdown_session(exception=None):
             settings.Session.remove()