Better session management at login

Save data bout the prformed authentication
Do not destroy the whole session at login, providers may need to store
data before the user is authenticate and retrieve it later if
authentication ws successful.

Signed-off-by: Simo Sorce <simo@redhat.com>

1 files changed, 16 insertions, 8 deletions

diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py
index 4888060..5879fda 100755
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -37,21 +37,29 @@ class LoginManagerBase(PluginObject):
     def auth_successful(self, username):
         # save ref before calling UserSession login() as it
         # may regenerate the session
-        ref = cherrypy.config.get('base.mount', "") + '/'
-        if 'referral' in cherrypy.session:
-            ref = cherrypy.session['referral']
+        session = UserSession()
+        ref = session.get_data('login', 'Return')
+        if not ref:
+            ref = cherrypy.config.get('base.mount', "") + '/'
 
-        UserSession().login(username)
+        session.login(username)
         raise cherrypy.HTTPRedirect(ref)
 
     def auth_failed(self):
-        # Just make sure we destroy the session
-        UserSession().logout(None)
-
+        # try with next module
         if self.next_login:
             return self.redirect_to_path(self.next_login.path)
 
-        ref = cherrypy.config.get('base.mount', "") + '/unauthorized'
+        # return to the caller if any
+        session = UserSession()
+        ref = session.get_data('login', 'Return')
+
+        # otherwise destroy session and return error
+        if not ref:
+            ref = cherrypy.config.get('base.mount', "") + '/unauthorized'
+            # Just make sure we destroy the session
+            session.logout(None)
+
         raise cherrypy.HTTPRedirect(ref)