aboutsummaryrefslogtreecommitdiff
path: root/gn2/wqflask/oauth2/checks.py
diff options
context:
space:
mode:
Diffstat (limited to 'gn2/wqflask/oauth2/checks.py')
-rw-r--r--gn2/wqflask/oauth2/checks.py21
1 files changed, 16 insertions, 5 deletions
diff --git a/gn2/wqflask/oauth2/checks.py b/gn2/wqflask/oauth2/checks.py
index 944760ad..6e90e7a3 100644
--- a/gn2/wqflask/oauth2/checks.py
+++ b/gn2/wqflask/oauth2/checks.py
@@ -2,7 +2,7 @@
from functools import wraps
from urllib.parse import urljoin
-from flask import flash, request, redirect
+from flask import flash, request, redirect, url_for
from authlib.integrations.requests_client import OAuth2Session
from . import session
@@ -20,10 +20,21 @@ def require_oauth2(func):
@wraps(func)
def __token_valid__(*args, **kwargs):
"""Check that the user is logged in and their token is valid."""
-
def __clear_session__(_no_token):
session.clear_session_info()
- # redirect to the login page
+ flash("You need to be logged in.", "alert-warning")
+ return redirect("/")
+
+ def __redirect_to_login__(_token):
+ """
+ Save the current user request to session then
+ redirect to the login page.
+ """
+ if request.method == "GET":
+ redirect_url = url_for(request.endpoint, **request.args)
+ else:
+ redirect_url = "/"
+ session.set_redirect_url(redirect_url, **request.args)
return redirect(authserver_authorise_uri())
def __with_token__(token):
@@ -33,9 +44,9 @@ def require_oauth2(func):
if not user_details.get("error", False):
return func(*args, **kwargs)
- return __clear_session__(token)
+ return __redirect_to_login__(token)
- return session.user_token().either(__clear_session__, __with_token__)
+ return session.user_token().either(__redirect_to_login__, __with_token__)
return __token_valid__