Commit d541c8f3 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

renew_token (disregarding renew flag) if logged in user does not have a valid one

Ref: #1921
parent c7563d91
...@@ -49,20 +49,21 @@ def prepare_response(request, user, next='', renew=False, skip_login=False): ...@@ -49,20 +49,21 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
with the 'user' and 'token' as parameters. with the 'user' and 'token' as parameters.
Reissue the token even if it has not yet Reissue the token even if it has not yet
expired, if the 'renew' parameter is present. expired, if the 'renew' parameter is present
or user has not a valid token.
""" """
auth_token = user.auth_token renew = renew or (not user.auth_token)
auth_token_expires = user.auth_token_expires renew = renew or (user.auth_token_expires and user.auth_token_expires < datetime.datetime.now())
if renew or auth_token_expires < datetime.datetime.now(): if renew:
user.renew_token() user.renew_token()
user.save() user.save()
if next: if next:
# TODO: Avoid redirect loops. # TODO: Avoid redirect loops.
parts = list(urlsplit(next)) parts = list(urlsplit(next))
if not parts[1] or (parts[1] and request.get_host() != parts[1]): if not parts[1] or (parts[1] and request.get_host() != parts[1]):
parts[3] = urlencode({'user': user.username, 'token': auth_token}) parts[3] = urlencode({'user': user.username, 'token': user.auth_token})
next = urlunsplit(parts) next = urlunsplit(parts)
if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser: if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser:
...@@ -78,8 +79,8 @@ def prepare_response(request, user, next='', renew=False, skip_login=False): ...@@ -78,8 +79,8 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
response = HttpResponse() response = HttpResponse()
if not next: if not next:
response['X-Auth-User'] = user.username response['X-Auth-User'] = user.username
response['X-Auth-Token'] = auth_token response['X-Auth-Token'] = user.auth_token
response.content = user.username + '\n' + auth_token + '\n' response.content = user.username + '\n' + user.auth_token + '\n'
response.status_code = 200 response.status_code = 200
else: else:
response['Location'] = next response['Location'] = next
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment