From a4f1c47f6e390b2fc917c45671bdf8e18ae6d6e3 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Mon, 27 Sep 2010 22:57:28 -0700
Subject: [PATCH] cleanup of session code, garbage collect variables once they
are no longer needed, ensured failed passwords retain return_url without
error
---
auth/auth_systems/password.py | 13 +++++++------
auth/templates/password/login.html | 2 +-
auth/views.py | 14 +++++++++++---
3 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/auth/auth_systems/password.py b/auth/auth_systems/password.py
index f57dfb7..d6b7e95 100644
--- a/auth/auth_systems/password.py
+++ b/auth/auth_systems/password.py
@@ -45,18 +45,18 @@ def password_login_view(request):
else:
form = LoginForm(request.POST)
+ # set this in case we came here straight from the multi-login chooser
+ # and thus did not have a chance to hit the "start/password" URL
+ request.session['auth_system_name'] = 'password'
+ if request.POST.has_key('return_url'):
+ request.session['auth_return_url'] = request.POST.get('return_url')
+
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
try:
user = User.get_by_type_and_id('password', username)
if password_check(user, password):
- # set this in case we came here from another location than
- # the normal login process
- request.session['auth_system_name'] = 'password'
- if request.POST.has_key('return_url'):
- request.session['auth_return_url'] = request.POST.get('return_url')
-
request.session['password_user'] = user
return HttpResponseRedirect(reverse(after))
except User.DoesNotExist:
@@ -102,6 +102,7 @@ def get_auth_url(request, redirect_url = None):
def get_user_info_after_auth(request):
user = request.session['password_user']
+ del request.session['password_user']
user_info = user.info
return {'type': 'password', 'user_id' : user.user_id, 'name': user.name, 'info': user.info, 'token': None}
diff --git a/auth/templates/password/login.html b/auth/templates/password/login.html
index 9b03889..c92b8f1 100644
--- a/auth/templates/password/login.html
+++ b/auth/templates/password/login.html
@@ -14,7 +14,7 @@
{% endif %}
<p>
-<form class="prettyform" action="" method="POST" id="create_election_form">
+<form class="prettyform" action="" method="POST" id="login_form">
<input type="hidden" name="csrf_token" value="{{csrf_token}}" />
<table>
{{form.as_table}}
diff --git a/auth/views.py b/auth/views.py
index 7c3e1b9..94d459c 100644
--- a/auth/views.py
+++ b/auth/views.py
@@ -90,7 +90,6 @@ def do_local_logout(request):
fields_to_save = dict([(name, request.session.get(name, None)) for name in field_names_to_save])
# let's not forget to save the list of fields to save
- field_names_to_save.append(FIELDS_TO_SAVE)
fields_to_save[FIELDS_TO_SAVE] = field_names_to_save
request.session.flush()
@@ -98,6 +97,9 @@ def do_local_logout(request):
for name in field_names_to_save:
request.session[name] = fields_to_save[name]
+ # copy the list of fields to save
+ request.session[FIELDS_TO_SAVE] = fields_to_save[FIELDS_TO_SAVE]
+
request.session['user_for_remote_logout'] = user
def do_remote_logout(request, user, return_url="/"):
@@ -105,8 +107,10 @@ def do_remote_logout(request, user, return_url="/"):
auth_system = AUTH_SYSTEMS[user['type']]
# does the auth system have a special logout procedure?
+ user_for_remote_logout = request.session.get('user_for_remote_logout', None)
+ del request.session['user_for_remote_logout']
if hasattr(auth_system, 'do_logout'):
- response = auth_system.do_logout(request.session.get('user_for_remote_logout', None))
+ response = auth_system.do_logout(user_for_remote_logout)
return response
def do_complete_logout(request, return_url="/"):
@@ -186,5 +190,9 @@ def after(request):
return HttpResponseRedirect(reverse(after_intervention))
def after_intervention(request):
- return HttpResponseRedirect(request.session['auth_return_url'] or "/")
+ return_url = "/"
+ if request.session.has_key('auth_return_url'):
+ return_url = request.session['auth_return_url']
+ del request.session['auth_return_url']
+ return HttpResponseRedirect(return_url)
--
GitLab