Immediate remove request.user when ping fails

kevin1024 · kevin1024 · commit 4fc958bac801 · 2014-08-21T16:44:34.000-10:00
Since we were setting request.user even when ping fails, the site
would still let you load 1 page before logging you out.  This should
resolve that weird issue.
diff --git a/oauthadmin/middleware.py b/oauthadmin/middleware.py
@@ -16,6 +16,8 @@ def _verify_ping_interval(request, ping_interval, ping_func):
     is_valid = ping_func(request.session['oauth_token'])
     if not is_valid:
         destroy_session(request)
+        from django.contrib.auth.models import AnonymousUser
+        request.user = AnonymousUser()
 
 class OauthAdminSessionMiddleware(object):
     def process_request(self, request):
diff --git a/test/test_middleware.py b/test/test_middleware.py
@@ -30,6 +30,17 @@ def test_process_request_with_user():
     assert request.user.get('id') is data['id']
 
 
+false_mock_pinger = Mock(return_value = False)
+
+@override_settings(OAUTHADMIN_PING_INTERVAL=5)
+@override_settings(OAUTHADMIN_PING='test.test_middleware.false_mock_pinger')
+def test_that_anonymoususer_goes_in_request_user_if_ping_fails():
+    request.session = {'user':'not anonymous', 'oauth_token':'abc'}
+    request.user = 'not anonymous'
+    mw.process_request(request)
+    assert isinstance(request.user, AnonymousUser)
+
+
 mock_pinger = Mock()
 
 @override_settings(OAUTHADMIN_PING_INTERVAL=5)
