From 6825b8bf749cec6c2c4a2f8399741624c2416ef4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Tue, 29 Aug 2017 12:31:52 +0200
Subject: [PATCH] Fixed infinite recursion.

---
 pillar/auth/__init__.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/pillar/auth/__init__.py b/pillar/auth/__init__.py
index 5ea1b25d..b4b5d0ad 100644
--- a/pillar/auth/__init__.py
+++ b/pillar/auth/__init__.py
@@ -212,8 +212,14 @@ def force_logout_user():
 
     from flask import g
 
-    flask_login.logout_user()
-    g.current_user = flask_login.current_user._get_current_object()
+    # Force the current user to be the anonymous user. Calling
+    # flask_login.logout_user() here would cause infinite recursion, because
+    # that calls _load_user(), which in turn tries to validate the current
+    # token, which in turn starts by calling force_logout_user() just to be
+    # safe.
+    anon_user = AnonymousUser()
+    flask_login.current_user = anon_user
+    g.current_user = anon_user
 
 
 def get_blender_id_oauth_token():