archive/pillar
0
0
Fork 0
Code Issues 42 Pull Requests Projects Releases Wiki Activity

Clear session when token is invalid

Browse Source 
Before this, the user's authentication token would still be stored in
the session even when it's found to be invalid. This caused a login
action to fail, but not in such a way that we would redirect to the login
page of Blender ID. Rather, it would keep you not logged in. By clearing
the session we're sure that the invalid token is forgotten, and the next
request will handle the login properly.
This commit is contained in:
Sybren A. Stüvel 2017-09-13 15:23:38 +02:00
parent 6488f4677e
commit 896784a351
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pillar/auth/__init__.py
View File

@ -171,8 +171,13 @@ def _load_user(token) -> typing.Union[UserClass, AnonymousUser]:
from ..api.utils import authentication
if not token:
return AnonymousUser()
db_user = authentication.validate_this_token(token)
if not db_user:
# There is a token, but it's not valid. We should reset the user's session.
session.clear()
return AnonymousUser()
user = UserClass.construct(token, db_user)