From a4f1c47f6e390b2fc917c45671bdf8e18ae6d6e3 Mon Sep 17 00:00:00 2001 From: Ben Adida <ben@adida.net> Date: Mon, 27 Sep 2010 22:57:28 -0700 Subject: [PATCH] cleanup of session code, garbage collect variables once they are no longer needed, ensured failed passwords retain return_url without error --- auth/auth_systems/password.py | 13 +++++++------ auth/templates/password/login.html | 2 +- auth/views.py | 14 +++++++++++--- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/auth/auth_systems/password.py b/auth/auth_systems/password.py index f57dfb7..d6b7e95 100644 --- a/auth/auth_systems/password.py +++ b/auth/auth_systems/password.py @@ -45,18 +45,18 @@ def password_login_view(request): else: form = LoginForm(request.POST) + # set this in case we came here straight from the multi-login chooser + # and thus did not have a chance to hit the "start/password" URL + request.session['auth_system_name'] = 'password' + if request.POST.has_key('return_url'): + request.session['auth_return_url'] = request.POST.get('return_url') + if form.is_valid(): username = form.cleaned_data['username'].strip() password = form.cleaned_data['password'].strip() try: user = User.get_by_type_and_id('password', username) if password_check(user, password): - # set this in case we came here from another location than - # the normal login process - request.session['auth_system_name'] = 'password' - if request.POST.has_key('return_url'): - request.session['auth_return_url'] = request.POST.get('return_url') - request.session['password_user'] = user return HttpResponseRedirect(reverse(after)) except User.DoesNotExist: @@ -102,6 +102,7 @@ def get_auth_url(request, redirect_url = None): def get_user_info_after_auth(request): user = request.session['password_user'] + del request.session['password_user'] user_info = user.info return {'type': 'password', 'user_id' : user.user_id, 'name': user.name, 'info': user.info, 'token': None} diff --git a/auth/templates/password/login.html b/auth/templates/password/login.html index 9b03889..c92b8f1 100644 --- a/auth/templates/password/login.html +++ b/auth/templates/password/login.html @@ -14,7 +14,7 @@ {% endif %} <p> -<form class="prettyform" action="" method="POST" id="create_election_form"> +<form class="prettyform" action="" method="POST" id="login_form"> <input type="hidden" name="csrf_token" value="{{csrf_token}}" /> <table> {{form.as_table}} diff --git a/auth/views.py b/auth/views.py index 7c3e1b9..94d459c 100644 --- a/auth/views.py +++ b/auth/views.py @@ -90,7 +90,6 @@ def do_local_logout(request): fields_to_save = dict([(name, request.session.get(name, None)) for name in field_names_to_save]) # let's not forget to save the list of fields to save - field_names_to_save.append(FIELDS_TO_SAVE) fields_to_save[FIELDS_TO_SAVE] = field_names_to_save request.session.flush() @@ -98,6 +97,9 @@ def do_local_logout(request): for name in field_names_to_save: request.session[name] = fields_to_save[name] + # copy the list of fields to save + request.session[FIELDS_TO_SAVE] = fields_to_save[FIELDS_TO_SAVE] + request.session['user_for_remote_logout'] = user def do_remote_logout(request, user, return_url="/"): @@ -105,8 +107,10 @@ def do_remote_logout(request, user, return_url="/"): auth_system = AUTH_SYSTEMS[user['type']] # does the auth system have a special logout procedure? + user_for_remote_logout = request.session.get('user_for_remote_logout', None) + del request.session['user_for_remote_logout'] if hasattr(auth_system, 'do_logout'): - response = auth_system.do_logout(request.session.get('user_for_remote_logout', None)) + response = auth_system.do_logout(user_for_remote_logout) return response def do_complete_logout(request, return_url="/"): @@ -186,5 +190,9 @@ def after(request): return HttpResponseRedirect(reverse(after_intervention)) def after_intervention(request): - return HttpResponseRedirect(request.session['auth_return_url'] or "/") + return_url = "/" + if request.session.has_key('auth_return_url'): + return_url = request.session['auth_return_url'] + del request.session['auth_return_url'] + return HttpResponseRedirect(return_url) -- GitLab