From d541c8f33ffc39bf77991ed6e881ae3c845a7dd1 Mon Sep 17 00:00:00 2001 From: Sofia Papagiannaki Date: Tue, 24 Jan 2012 12:36:37 +0200 Subject: [PATCH] renew_token (disregarding renew flag) if logged in user does not have a valid one Ref: #1921 --- astakos/im/target/util.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/astakos/im/target/util.py b/astakos/im/target/util.py index 5281c06..fa43cce 100644 --- a/astakos/im/target/util.py +++ b/astakos/im/target/util.py @@ -49,20 +49,21 @@ def prepare_response(request, user, next='', renew=False, skip_login=False): with the 'user' and 'token' as parameters. Reissue the token even if it has not yet - expired, if the 'renew' parameter is present. + expired, if the 'renew' parameter is present + or user has not a valid token. """ - auth_token = user.auth_token - auth_token_expires = user.auth_token_expires - if renew or auth_token_expires < datetime.datetime.now(): + renew = renew or (not user.auth_token) + renew = renew or (user.auth_token_expires and user.auth_token_expires < datetime.datetime.now()) + if renew: user.renew_token() user.save() - + if next: # TODO: Avoid redirect loops. parts = list(urlsplit(next)) if not parts[1] or (parts[1] and request.get_host() != parts[1]): - parts[3] = urlencode({'user': user.username, 'token': auth_token}) + parts[3] = urlencode({'user': user.username, 'token': user.auth_token}) next = urlunsplit(parts) if settings.FORCE_PROFILE_UPDATE and not user.is_verified and not user.is_superuser: @@ -78,8 +79,8 @@ def prepare_response(request, user, next='', renew=False, skip_login=False): response = HttpResponse() if not next: response['X-Auth-User'] = user.username - response['X-Auth-Token'] = auth_token - response.content = user.username + '\n' + auth_token + '\n' + response['X-Auth-Token'] = user.auth_token + response.content = user.username + '\n' + user.auth_token + '\n' response.status_code = 200 else: response['Location'] = next -- 1.7.10.4