Don't persist an auth_token that fails validation.

learningequality · Nov 4, 2024 · b12fee4 · b12fee4
1 parent bffa4dd
commit b12fee4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/kolibri/plugins/app/api.py b/kolibri/plugins/app/api.py
@@ -66,6 +66,9 @@ def get(self, request, token):
                 user = FacilityUser.objects.get_or_create_os_user(auth_token)
                 if user is not None:
                     login(request, user)
+                else:
+                    # If the user is not found, then we should not persist the auth_token
+                    auth_token = None
             except ValidationError as e:
                 logger.error(e)
         redirect_url = request.GET.get("next", "/")