authentication cache survives session expiry

camelot/model/authentication.py

@@ -45,9 +45,11 @@ def end_of_times():
 def get_current_authentication( _obj = None ):
     """Get the currently logged in :class:'AuthenticationMechanism'"""
     global _current_authentication_
-    if not hasattr( _current_authentication_, 'mechanism' ) or not _current_authentication_.mechanism:
-        import getpass
-        _current_authentication_.mechanism = AuthenticationMechanism.get_or_create( unicode( getpass.getuser(), encoding='utf-8', errors='ignore' ) )
+    if not hasattr( _current_authentication_, 'mechanism' ) \
+        or not _current_authentication_.mechanism \
+        or not orm.object_session( _current_authentication_.mechanism ):
+            import getpass
+            _current_authentication_.mechanism = AuthenticationMechanism.get_or_create( unicode( getpass.getuser(), encoding='utf-8', errors='ignore' ) )
     return _current_authentication_.mechanism
 
 def clear_current_authentication():

test/test_model.py

@@ -1,5 +1,7 @@
 import os
 
+from sqlalchemy import orm
+
 from camelot.test import ModelThreadTestCase
 
 class ModelCase( ModelThreadTestCase ):
@@ -13,6 +15,16 @@ def setUp(self):
         self.app_admin = ApplicationAdmin()
         self.person_admin = self.app_admin.get_related_admin( Person )
 
+    def test_current_authentication( self ):
+        from camelot.model.authentication import get_current_authentication
+        authentication = get_current_authentication()
+        # current authentication cache should survive 
+        # a session expire + expunge
+        orm.object_session( authentication ).expire_all()
+        orm.object_session( authentication ).expunge_all()
+        authentication = get_current_authentication()
+        self.assertTrue( authentication.username )
+
     def test_person_contact_mechanism( self ):
         from camelot.model.party import Person
         person = Person( first_name = u'Robin',