auth_http_remote_user: test if already authenticated based on login instead of uid

Avoids a database query unless authentication is actually required.
2014-08-05 09:24:50 +02:00 · 2014-08-05 09:24:50 +02:00 · c2fec40d13
parent 5e79ce29dc
commit c2fec40d13
1 changed files with 8 additions and 9 deletions
--- a/auth_from_http_remote_user/controllers/main.py
+++ b/auth_from_http_remote_user/controllers/main.py
@ -74,22 +74,21 @@ class Home(main.Home):
                    # continue usual behavior
                    return

-                res_users = registry.get('res.users')
+                request_login = request.session.login
+                if request_login:
+                    if request_login == login:
+                        # already authenticated
+                        return
+                    else:
+                        request.session.logout(keep_db=True)

+                res_users = registry.get('res.users')
                user_id = self._search_user(res_users, login, cr)
                if not user_id:
                    # HTTP_REMOTE_USER login not found in database
                    request.session.logout(keep_db=True)
                    raise http.AuthenticationError()

-                request_uid = request.session.uid
-                if request_uid:
-                    if request_uid == user_id:
-                        # already authenticated
-                        return
-                    else:
-                        request.session.logout(keep_db=True)
-
                # generate a specific key for authentication
                key = randomString(utils.KEY_LENGTH, '0123456789abcdef')
                res_users.write(cr, SUPERUSER_ID, [user_id], {'sso_key': key})