Fixed unnecessary entries in table api-session when using insta-login in API calls

app/code/core/Mage/Api/Model/Server/Handler/Abstract.php

@@ -1,4 +1,4 @@
 <?php
 /**
  * OpenMage
  *
@@ -87,6 +87,21 @@
         return $this;
     }
 
+    /**
+     * Allow insta-login via HTTP Basic Auth
+     *
+     * @param string $sessionId
+     * @return $this
+     */
+    protected function _instaLogin(&$sessionId)
+    {
+        if ($sessionId === null && !empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
+            $this->_getSession()->setIsInstaLogin();
+            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        }
+        return $this;
+    }
+
     /**
      * Check current user permission on resource and privilege
      *
@@ -100,16 +115,6 @@
         return $this->_getSession()->isAllowed($resource, $privilege);
     }
 
-    /**
-     *  Check session expiration
-     *
-     *  @return  bool
-     */
-    protected function _isSessionExpired()
-    {
-        return $this->_getSession()->isSessionExpired();
-    }
-
     /**
      * Dispatch webservice fault
      *
@@ -225,11 +230,8 @@
      */
     public function call($sessionId, $apiPath, $args = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -313,11 +315,8 @@
      */
     public function multiCall($sessionId, array $calls = [], $options = [])
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -445,11 +444,8 @@
      */
     public function resources($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -513,11 +509,8 @@
      */
     public function resourceFaults($sessionId, $resourceName)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
-        $this->_startSession($sessionId);
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
 
         if (!$this->_getSession()->isLoggedIn($sessionId)) {
             return $this->_fault('session_expired');
@@ -553,10 +546,8 @@
      */
     public function globalFaults($sessionId)
     {
-        // Allow insta-login via HTTP Basic Auth
-        if ($sessionId === null && ! empty($_SERVER['PHP_AUTH_USER']) && ! empty($_SERVER['PHP_AUTH_PW'])) {
-            $sessionId = $this->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-        }
+        $this->_instaLogin($sessionId)
+            ->_startSession($sessionId);
         $this->_startSession($sessionId);
         return array_values($this->_getConfig()->getFaults());
     }

app/code/core/Mage/Api/Model/Session.php

@@ -96,6 +96,28 @@ public function clear()
         return true;
     }
 
+    /**
+     * Flag login as HTTP Basic Auth.
+     *
+     * @param bool $isInstaLogin
+     * @return $this
+     */
+    public function setIsInstaLogin(bool $isInstaLogin = true)
+    {
+        $this->setData('is_insta_login', $isInstaLogin);
+        return $this;
+    }
+
+    /**
+     * Is insta-login?
+     *
+     * @return bool
+     */
+    public function getIsInstaLogin(): bool
+    {
+        return (bool) $this->getData('is_insta_login');
+    }
+
     /**
      * @param string $username
      * @param string $apiKey
@@ -105,8 +127,15 @@ public function clear()
     public function login($username, $apiKey)
     {
         $user = Mage::getModel('api/user')
-            ->setSessid($this->getSessionId())
-            ->login($username, $apiKey);
+            ->setSessid($this->getSessionId());
+        if ($this->getIsInstaLogin() && $user->authenticate($username, $apiKey)) {
+            Mage::dispatchEvent('api_user_authenticated', [
+                'model'    => $user,
+                'api_key'  => $apiKey,
+            ]);
+        } else {
+            $user->login($username, $apiKey);
+        }
 
         if ($user->getId() && $user->getIsActive() != '1') {
             Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));