1. 20 May, 2013 24 commits
  2. 17 May, 2013 14 commits
  3. 16 May, 2013 2 commits
    • Sofia Papagiannaki's avatar
      astakos: fix incomplete previous commit · 34f3fca9
      Sofia Papagiannaki authored
      commit 1439d6383113b151b6a3316e320a0418fa30d421
      34f3fca9
    • Sofia Papagiannaki's avatar
      astakos: api calls authenticated via X-Auth-Token shall not affect cookie · d350c42a
      Sofia Papagiannaki authored
      CookieAuthenticationMiddleware.process_request() synchronizes
      the astakos cookie with the request user.
      If an astakos cookie is set but there is no logged in user,
      the middleware deletes the cookie.
      Respectively, if there is a logged in user but the astakos cookie
      is not set, the middleware setis the cookie.
      In order to set/delete the cookie, redirects to the request path.
      
      For checking whether the user is logged in or not,
      utilized the django.contrib.auth.models.User.is_authenticated() method.
      This returns always True for django.contrib.auth.models.User instances
      (request.user for non authenticated requests is
       django.contrib.auth.models.AnonymousUser instance)
      
      Some astakos api calls are decorated by
      astakos.api.utils.user_for_token()
      which checks the X-Auth-Token request header and if its valid
      sets the request.user to the respective AstakosUser instance.
      
      Therefore, the above check succeeded for these calls
      and the middleware used to set the cookie.
      Subsequent requests read the cookie and
      if it did not comform with the request.user
      (no authentication info supplied)
      redirected to request path for deleting it.
      
      In order to resolve this undesired behavior
      the cookie fix() method has been changed
      and if it is actually an api call request
      it returns immediately without affecting the cookie.
      d350c42a