renew_token (disregarding renew flag) if logged in user does not have a valid one

Ref: #1921

diff --git a/astakos/im/target/util.py b/astakos/im/target/util.py
index 5281c06..fa43cce 100644 (file)
--- a/astakos/im/target/util.py
+++ b/astakos/im/target/util.py
@@ -49,20 +49,21 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
        with the 'user' and 'token' as parameters.
        
        Reissue the token even if it has not yet
-       expired, if the 'renew' parameter is present.
+       expired, if the 'renew' parameter is present
+       or user has not a valid token.
     """
     
-    auth_token = user.auth_token
-    auth_token_expires = user.auth_token_expires
-    if renew or auth_token_expires < datetime.datetime.now():
+    renew = renew or (not user.auth_token)
+    renew = renew or (user.auth_token_expires and user.auth_token_expires < datetime.datetime.now())
+    if renew:
         user.renew_token()
         user.save()
-        
+    
     if next:
         # TODO: Avoid redirect loops.
         parts = list(urlsplit(next))
         if not parts[1] or (parts[1] and request.get_host() != parts[1]):
-            parts[3] = urlencode({'user': user.username, 'token': auth_token})
+            parts[3] = urlencode({'user': user.username, 'token': user.auth_token})
             next = urlunsplit(parts)
     
     if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser:
@@ -78,8 +79,8 @@ def prepare_response(request, user, next='', renew=False, skip_login=False):
     response = HttpResponse()
     if not next:
         response['X-Auth-User'] = user.username
-        response['X-Auth-Token'] = auth_token
-        response.content = user.username + '\n' + auth_token + '\n'
+        response['X-Auth-Token'] = user.auth_token
+        response.content = user.username + '\n' + user.auth_token + '\n'
         response.status_code = 200
     else:
         response['Location'] = next