Merge pull request #295 from ropable/prod-oldui

Alter core/views.py auth: avoid exception where UserSession does not exist
dbca-wa · Jul 12, 2017 · c798f07 · c798f07
2 parents 4eba58c + b16c1b5
commit c798f07
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/core/views.py b/core/views.py
@@ -146,8 +146,13 @@ def auth(request):
 
     # store the access IP in the current user session
     if request.user.is_authenticated():
-        usersession = UserSession.objects.get(
-            session_id=request.session.session_key)
+        try:
+            usersession = UserSession.objects.get(
+                session_id=request.session.session_key)
+        except UserSession.DoesNotExist:
+            # If the user does not have a UserSession, log them out and return 401 Unauthorised.
+            logout(request)
+            return HttpResponse('Unauthorized', status=401)
         current_ip = get_ip(request)
         if usersession.ip != current_ip:
             usersession.ip = current_ip