diff --git a/auth/auth_systems/password.py b/auth/auth_systems/password.py
index f57dfb79cdbce8c40199ae42096afb0072e09d36..d6b7e95f25d0e13529de453cd0ce39db3f7a86f2 100644
--- a/auth/auth_systems/password.py
+++ b/auth/auth_systems/password.py
@@ -45,18 +45,18 @@ def password_login_view(request):
else:
form = LoginForm(request.POST)
+ # set this in case we came here straight from the multi-login chooser
+ # and thus did not have a chance to hit the "start/password" URL
+ request.session['auth_system_name'] = 'password'
+ if request.POST.has_key('return_url'):
+ request.session['auth_return_url'] = request.POST.get('return_url')
+
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
try:
user = User.get_by_type_and_id('password', username)
if password_check(user, password):
- # set this in case we came here from another location than
- # the normal login process
- request.session['auth_system_name'] = 'password'
- if request.POST.has_key('return_url'):
- request.session['auth_return_url'] = request.POST.get('return_url')
-
request.session['password_user'] = user
return HttpResponseRedirect(reverse(after))
except User.DoesNotExist:
@@ -102,6 +102,7 @@ def get_auth_url(request, redirect_url = None):
def get_user_info_after_auth(request):
user = request.session['password_user']
+ del request.session['password_user']
user_info = user.info
return {'type': 'password', 'user_id' : user.user_id, 'name': user.name, 'info': user.info, 'token': None}
diff --git a/auth/templates/password/login.html b/auth/templates/password/login.html
index 9b038893d71d966c6a94a68eff78b0e9e4652a4e..c92b8f1d6f77a56a471c4386c37e6825b57dd9de 100644
--- a/auth/templates/password/login.html
+++ b/auth/templates/password/login.html
@@ -14,7 +14,7 @@
{% endif %}
<p>
-<form class="prettyform" action="" method="POST" id="create_election_form">
+<form class="prettyform" action="" method="POST" id="login_form">
<input type="hidden" name="csrf_token" value="{{csrf_token}}" />
<table>
{{form.as_table}}
diff --git a/auth/views.py b/auth/views.py
index 7c3e1b9e0080932d322686bd1ddaab63833ddb71..94d459ce4fd1554634e11ca6e0a472ead72146c9 100644
--- a/auth/views.py
+++ b/auth/views.py
@@ -90,7 +90,6 @@ def do_local_logout(request):
fields_to_save = dict([(name, request.session.get(name, None)) for name in field_names_to_save])
# let's not forget to save the list of fields to save
- field_names_to_save.append(FIELDS_TO_SAVE)
fields_to_save[FIELDS_TO_SAVE] = field_names_to_save
request.session.flush()
@@ -98,6 +97,9 @@ def do_local_logout(request):
for name in field_names_to_save:
request.session[name] = fields_to_save[name]
+ # copy the list of fields to save
+ request.session[FIELDS_TO_SAVE] = fields_to_save[FIELDS_TO_SAVE]
+
request.session['user_for_remote_logout'] = user
def do_remote_logout(request, user, return_url="/"):
@@ -105,8 +107,10 @@ def do_remote_logout(request, user, return_url="/"):
auth_system = AUTH_SYSTEMS[user['type']]
# does the auth system have a special logout procedure?
+ user_for_remote_logout = request.session.get('user_for_remote_logout', None)
+ del request.session['user_for_remote_logout']
if hasattr(auth_system, 'do_logout'):
- response = auth_system.do_logout(request.session.get('user_for_remote_logout', None))
+ response = auth_system.do_logout(user_for_remote_logout)
return response
def do_complete_logout(request, return_url="/"):
@@ -186,5 +190,9 @@ def after(request):
return HttpResponseRedirect(reverse(after_intervention))
def after_intervention(request):
- return HttpResponseRedirect(request.session['auth_return_url'] or "/")
+ return_url = "/"
+ if request.session.has_key('auth_return_url'):
+ return_url = request.session['auth_return_url']
+ del request.session['auth_return_url']
+ return HttpResponseRedirect(return_url)