First attemtps at fixing the auto-login and making it cleaner.

2017-08-20 17:07:18 +02:00 · 2017-08-20 17:07:18 +02:00 · 0ac190b6ea
commit 0ac190b6ea
parent 994e8f6fb0
4 changed files with 89 additions and 36 deletions
--- a/evennia/web/website/views.py
+++ b/evennia/web/website/views.py
@ -28,23 +28,39 @@ def _shared_login(request):
    """
    csession = request.session
    account = request.user
-    sesslogin = csession.get("logged_in", None)
+    # these can have 3 values:
+    #   None - previously unused (auto-login)
+    #   False - actively logged out (don't auto-login)
+    #   <uid> - logged in User/Account id
+    website_uid = csession.get("website_authenticated_uid", None)
+    webclient_uid = csession.get("webclient_authenticated_uid", None)
+    print("website website_uid=%s, webclient_uid=%s, session_key=%s" % (website_uid, webclient_uid, csession.session_key))

    if csession.session_key is None:
        # this is necessary to build the sessid key
+        print("Website created a new browser session key")
        csession.save()
-    elif account.is_authenticated():
-        if not sesslogin:
-            csession["logged_in"] = account.id
-    elif sesslogin:
-        # The webclient has previously registered a login to this csession
-        account = AccountDB.objects.get(id=sesslogin)
-        try:
-            # calls our custom authenticate, in web/utils/backend.py
-            authenticate(autologin=account)
-            login(request, account)
-        except AttributeError:
-            logger.log_trace()
+
+    if account.is_authenticated():
+        # Logged into website
+        if not website_uid:
+            # fresh website login (just from login page)
+            csession["website_authenticated_uid"] = account.id
+            if webclient_uid is None:
+                # auto-login web client
+                csession["webclient_authenticated_uid"] = account.id
+
+    elif webclient_uid:
+        # Not logged into website, but logged into webclient
+        if not website_uid:
+            csession["website_authenticated_uid"] = account.id
+            account = AccountDB.objects.get(id=webclient_uid)
+            try:
+                # calls our custom authenticate, in web/utils/backend.py
+                authenticate(autologin=account)
+                login(request, account)
+            except AttributeError:
+                logger.log_trace()


 def _gamestats():