From e4cf16ebfc90dd668b203d6841b67dc599926811 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Tue, 6 Aug 2024 10:29:44 -0500 Subject: Avoid hitting auth server to check for token If the user is already logged in, they will have a token. Whether a token is valid or not should be handled elsewhere, not with every single request to gn-uploader, whether or not it requires to access the auth server. --- uploader/authorisation.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/uploader/authorisation.py b/uploader/authorisation.py index 71b42fa..efd4dbd 100644 --- a/uploader/authorisation.py +++ b/uploader/authorisation.py @@ -17,12 +17,7 @@ def require_login(function): flash("You need to be logged in.", "alert-danger") return redirect("/") - def __with_token__(token): - resp = oauth2_client().get( - urljoin(authserver_uri(), "auth/user/")) - userdetails = resp.json() - if not userdetails.get("error"): - return function(*args, **kwargs) - return __clear_session__(token) - return session.user_token().either(__clear_session__, __with_token__) + return session.user_token().either( + __clear_session__, + lambda token: function(*args, **kwargs)) return __is_session_valid__ -- cgit v1.2.3