From: Simo Sorce Date: Sun, 23 Feb 2014 23:39:35 +0000 (-0500) Subject: Better session management at login X-Git-Tag: v0.2.2~95 X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=f7070919e1350f784f639fd2054eab80384abeea Better session management at login Save data bout the prformed authentication Do not destroy the whole session at login, providers may need to store data before the user is authenticate and retrieve it later if authentication ws successful. Signed-off-by: Simo Sorce --- diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py index 4888060..5879fda 100755 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -37,21 +37,29 @@ class LoginManagerBase(PluginObject): def auth_successful(self, username): # save ref before calling UserSession login() as it # may regenerate the session - ref = cherrypy.config.get('base.mount', "") + '/' - if 'referral' in cherrypy.session: - ref = cherrypy.session['referral'] + session = UserSession() + ref = session.get_data('login', 'Return') + if not ref: + ref = cherrypy.config.get('base.mount', "") + '/' - UserSession().login(username) + session.login(username) raise cherrypy.HTTPRedirect(ref) def auth_failed(self): - # Just make sure we destroy the session - UserSession().logout(None) - + # try with next module if self.next_login: return self.redirect_to_path(self.next_login.path) - ref = cherrypy.config.get('base.mount', "") + '/unauthorized' + # return to the caller if any + session = UserSession() + ref = session.get_data('login', 'Return') + + # otherwise destroy session and return error + if not ref: + ref = cherrypy.config.get('base.mount', "") + '/unauthorized' + # Just make sure we destroy the session + session.logout(None) + raise cherrypy.HTTPRedirect(ref)