Add working logout link, slightly change login logic

On logging in, don't get a new access token if there's one in the database for this user. Log out link wipes the user's session, but not their database entry. Those can be cleaned up periodically (after I add a last-used stamp). Misfeature: user's setting is deleted, too, because it was only in the session.
2018-04-25 17:02:59 -04:00 · 2018-04-25 17:02:59 -04:00 · 498f89b165
parent 0594fda487
commit 498f89b165
1 changed files with 5 additions and 5 deletions
--- a/brutaldon/views.py
+++ b/brutaldon/views.py
@ -72,18 +72,17 @@ def login(request):
                client_id = client.client_id,
                client_secret = client.client_secret,
                api_base_url = api_base_url)
-            access_token = mastodon.log_in(username,
-                                           password)

            try:
                account = Account.objects.get(username=username, client_id=client.id)
-                account.access_token = access_token
            except (Account.DoesNotExist, Account.MultipleObjectsReturned):
                account = Account(
                    username = username,
                    access_token = access_token,
                    client = client)
-            account.save()
+                access_token = mastodon.log_in(username,
+                                               password)
+                account.save()
            request.session['username'] = username

            return redirect(home)
@ -91,7 +90,8 @@ def login(request):
            return render(request, 'setup/login.html', {'form': form})

 def logout(request):
-    return redirect(error)
+    request.session.flush()
+    return redirect(home)

 def error(request):
    return render(request, 'error.html', { 'error': "Not logged in yet."})