Commit d541c8f3 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

renew_token (disregarding renew flag) if logged in user does not have a valid one

Ref: #1921
parent c7563d91
......@@ -49,20 +49,21 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
with the 'user' and 'token' as parameters.
Reissue the token even if it has not yet
expired, if the 'renew' parameter is present.
expired, if the 'renew' parameter is present
or user has not a valid token.
"""
auth_token = user.auth_token
auth_token_expires = user.auth_token_expires
if renew or auth_token_expires < datetime.datetime.now():
renew = renew or (not user.auth_token)
renew = renew or (user.auth_token_expires and user.auth_token_expires < datetime.datetime.now())
if renew:
user.renew_token()
user.save()
if next:
# TODO: Avoid redirect loops.
parts = list(urlsplit(next))
if not parts[1] or (parts[1] and request.get_host() != parts[1]):
parts[3] = urlencode({'user': user.username, 'token': auth_token})
parts[3] = urlencode({'user': user.username, 'token': user.auth_token})
next = urlunsplit(parts)
if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser:
......@@ -78,8 +79,8 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
response = HttpResponse()
if not next:
response['X-Auth-User'] = user.username
response['X-Auth-Token'] = auth_token
response.content = user.username + '\n' + auth_token + '\n'
response['X-Auth-Token'] = user.auth_token
response.content = user.username + '\n' + user.auth_token + '\n'
response.status_code = 200
else:
response['Location'] = next
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment