Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: mark access token login user change

Browse Source 
Since we may get a user change during access token
login, we mark it as expected so our Safe Session
protection won't be triggered.
This commit is contained in:
Robert Raposa
2021-10-18 12:17:20 -04:00
parent b92bc527a8
commit ab9fedf874
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
openedx/core/djangoapps/auth_exchange/views.py
View File

@@ -23,6 +23,7 @@ from rest_framework.views import APIView
from openedx.core.djangoapps.auth_exchange.forms import AccessTokenExchangeForm
from openedx.core.djangoapps.oauth_dispatch import adapters
from openedx.core.djangoapps.oauth_dispatch.api import create_dot_access_token
from openedx.core.djangoapps.safe_sessions.middleware import mark_user_change_as_expected
from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser
@@ -151,4 +152,6 @@ class LoginWithAccessTokenView(APIView):
})
login(request, request.user) # login generates and stores the user's cookies in the session
return HttpResponse(status=204) # cookies stored in the session are returned with the response
response = HttpResponse(status=204) # cookies stored in the session are returned with the response
mark_user_change_as_expected(response, request.user.id)
return response