From c43060776724f22b55c92e3b744aa4d74486e2ed Mon Sep 17 00:00:00 2001
From: Gael Le Mignot <gael@pilotsystems.net>
Date: Fri, 15 Jun 2018 10:11:52 +0200
Subject: [PATCH] Added an optional whitelist

---
 README.rst                                 |  4 +++-
 unique_session/backends/session_backend.py | 15 +++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/README.rst b/README.rst
index 9558161..5535eb0 100644
--- a/README.rst
+++ b/README.rst
@@ -20,7 +20,9 @@ How to use
 
 3. (Optional) Add ``"UNIQUE_SESSION_BLOCK_TIME = <seconds>"`` to enable the timeout.
 
-4. Run syncdb.
+4. (Optional) Add ``"UNIQUE_SESSION_WHITELIST = (<uid1>, <uid2>,...)"`` to whitelist some users (from their numeric id) so that they'll be exempt to the blocking mechanism.
+
+5. Run syncdb.
 
 License
 =======
diff --git a/unique_session/backends/session_backend.py b/unique_session/backends/session_backend.py
index 08e9b14..5fe2b00 100644
--- a/unique_session/backends/session_backend.py
+++ b/unique_session/backends/session_backend.py
@@ -14,6 +14,8 @@ import datetime
 TIME_DELTA = getattr(settings, 'UNIQUE_SESSION_BLOCK_TIME', None)
 TIME_DELTA = TIME_DELTA and datetime.timedelta(seconds = TIME_DELTA)
 
+WHITELIST = set(getattr(settings, 'UNIQUE_SESSION_WHITELIST', []))
+
 class SessionStore(SessionStoreBase):
     """
     Implements database session store.
@@ -56,7 +58,7 @@ class SessionStore(SessionStoreBase):
         sid = transaction.savepoint(using=using)
         try:
             # Also delete all other sessions of that user
-            if user_id:
+            if user_id and not user_id in WHITELIST:
                 exitsing = Session.objects.filter(user_id = user_id)
                 exitsing.exclude(session_key = obj.session_key).delete()
             obj.save(force_insert=must_create, using=using)
@@ -83,11 +85,12 @@ class SessionStore(SessionStoreBase):
         to log in as long as there is a session updated that number of
         seconds ago
         """
-        limit = timezone.now() + TIME_DELTA
-        s = Session.objects.filter(user_id = user.id,
-                                   updated_date__lt = limit)
-        if s.exists():
-            raise PermissionDenied
+        if not user.id in UNIQUE_SESSION_WHITELIST:
+            limit = timezone.now() + TIME_DELTA
+            s = Session.objects.filter(user_id = user.id,
+                                       updated_date__lt = limit)
+            if s.exists():
+                raise PermissionDenied
 
 if TIME_DELTA:
     user_logged_in.connect(SessionStore.ensure_unique_login)
-- 
2.39.5