Fix bug in auth

324e8a9c · Lukas Burgey · 1d126a2b · 324e8a9c
Commit 324e8a9c authored Aug 21, 2018 by Lukas Burgey
--- a/feudal/backend/auth/v1/views/clients.py
+++ b/feudal/backend/auth/v1/views/clients.py
@@ -53,33 +53,25 @@ def _apiclient_get(request):
    return None

 def _webpage_client_userid(request):
+    userid = ''
    username = request.POST.get('username')
    if username.startswith('webpage-client:'):
        components = username.split(':', maxsplit=1)
        if len(components) == 2:
-            return components[1]
-    return ''
-
-def _webpage_client_session(request):
-    query = Session.objects.filter(
-        session_key=request.POST.get('password'),
-    )
-    if query.exists() and len(query) == 1:
-        return query.first()
-    return None
+            userid = components[1]
+    return userid

 def _webpage_client_valid(request):
    userid = _webpage_client_userid(request)
-    session = _webpage_client_session(request)
-
-    if (
-            _webpage_client_userid(request) != ''
-            and session.get_decoded().get('_auth_user_id') == userid
-    ):
-        return True
+    try:
+        session = Session.objects.get(
+            session_key=request.POST.get('password'),
+        )
+        return session.get_decoded().get('_auth_user_id') == userid

-    #LOGGER.error('Failed to authenticate webpage client for RabbitMQ')
-    return False
+    except Session.DoesNotExist:
+        LOGGER.info("User %s has no session", userid)
+        return False

 # VIEWS: authentication and authorization for
 # apiclients and webpage-clients