Skip to content

Commit

Permalink
[#2394] Fix user log out on username change
Browse files Browse the repository at this point in the history
  • Loading branch information
@amercader
amercader committed Aug 26, 2016
1 parent 4413c18 commit 23101f1
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions ckan/controllers/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,15 @@
unflatten = dictization_functions.unflatten


def set_repoze_user(user_id):
'''Set the repoze.who cookie to match a given user_id'''
if 'repoze.who.plugins' in request.environ:
rememberer = request.environ['repoze.who.plugins']['friendlyform']
identity = {'repoze.who.userid': user_id}
response.headerlist += rememberer.remember(request.environ,
identity)


class UserController(base.BaseController):
def __before__(self, action, **env):
base.BaseController.__before__(self, action, **env)
Expand Down Expand Up @@ -244,10 +253,7 @@ def _save_new(self, context):
return self.new(data_dict, errors, error_summary)
if not c.user:
# log the user in programatically
rememberer = request.environ['repoze.who.plugins']['friendlyform']
identity = {'repoze.who.userid': data_dict['name']}
response.headerlist += rememberer.remember(request.environ,
identity)
set_repoze_user(data_dict['name'])
h.redirect_to(controller='user', action='me', __ckan_no_root=True)
else:
# #1799 User has managed to register whilst logged in - warn user
Expand Down Expand Up @@ -320,6 +326,12 @@ def edit(self, id=None, data=None, errors=None, error_summary=None):

def _save_edit(self, id, context):
try:
if id in (c.userobj.id, c.userobj.name):
current_user = True
else:
current_user = False
old_username = c.userobj.name

data_dict = logic.clean_dict(unflatten(
logic.tuplize_dict(logic.parse_params(request.params))))
context['message'] = data_dict.get('log_message', '')
Expand All @@ -339,6 +351,11 @@ def _save_edit(self, id, context):

user = get_action('user_update')(context, data_dict)
h.flash_success(_('Profile updated'))

if current_user and data_dict['name'] != old_username:
# Changing currently logged in user's name.
# Update repoze.who cookie to match
set_repoze_user(data_dict['name'])
h.redirect_to(controller='user', action='read', id=user['name'])
except NotAuthorized:
abort(401, _('Unauthorized to edit user %s') % id)
Expand Down

0 comments on commit 23101f1

Please sign in to comment.