From e4cf16ebfc90dd668b203d6841b67dc599926811 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Tue, 6 Aug 2024 10:29:44 -0500
Subject: Avoid hitting auth server to check for token

If the user is already logged in, they will have a token. Whether a
token is valid or not should be handled elsewhere, not with every
single request to gn-uploader, whether or not it requires to access
the auth server.
---
 uploader/authorisation.py | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'uploader/authorisation.py')

diff --git a/uploader/authorisation.py b/uploader/authorisation.py
index 71b42fa..efd4dbd 100644
--- a/uploader/authorisation.py
+++ b/uploader/authorisation.py
@@ -17,12 +17,7 @@ def require_login(function):
             flash("You need to be logged in.", "alert-danger")
             return redirect("/")
 
-        def __with_token__(token):
-            resp = oauth2_client().get(
-                urljoin(authserver_uri(), "auth/user/"))
-            userdetails = resp.json()
-            if not userdetails.get("error"):
-                return function(*args, **kwargs)
-            return __clear_session__(token)
-        return session.user_token().either(__clear_session__, __with_token__)
+        return session.user_token().either(
+            __clear_session__,
+            lambda token: function(*args, **kwargs))
     return __is_session_valid__
-- 
cgit v1.2.3