with the 'user' and 'token' as parameters.
Reissue the token even if it has not yet
- expired, if the 'renew' parameter is present.
+ expired, if the 'renew' parameter is present
+ or user has not a valid token.
"""
- auth_token = user.auth_token
- auth_token_expires = user.auth_token_expires
- if renew or auth_token_expires < datetime.datetime.now():
+ renew = renew or (not user.auth_token)
+ renew = renew or (user.auth_token_expires and user.auth_token_expires < datetime.datetime.now())
+ if renew:
user.renew_token()
user.save()
-
+
if next:
# TODO: Avoid redirect loops.
parts = list(urlsplit(next))
if not parts[1] or (parts[1] and request.get_host() != parts[1]):
- parts[3] = urlencode({'user': user.username, 'token': auth_token})
+ parts[3] = urlencode({'user': user.username, 'token': user.auth_token})
next = urlunsplit(parts)
if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser:
response = HttpResponse()
if not next:
response['X-Auth-User'] = user.username
- response['X-Auth-Token'] = auth_token
- response.content = user.username + '\n' + auth_token + '\n'
+ response['X-Auth-Token'] = user.auth_token
+ response.content = user.username + '\n' + user.auth_token + '\n'
response.status_code = 200
else:
response['Location'] = next