Set blog_did = account_did — one device identity across all apps
Callback adopts account's device_id by overwriting g.device_id,
so the factory after_request sets {app}_did cookie to account's value.
Simplifies factory check: g.device_id IS the account_did, no need
to read _account_did from session separately.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
@@ -202,15 +202,15 @@ def create_base_app(
|
|||||||
import time as _time
|
import time as _time
|
||||||
now = _time.time()
|
now = _time.time()
|
||||||
pnone_at = qs.get("_pnone_at")
|
pnone_at = qs.get("_pnone_at")
|
||||||
|
device_id = g.device_id
|
||||||
|
|
||||||
# Check if account signalled a login after we cached "not logged in"
|
# Check if account signalled a login after we cached "not logged in"
|
||||||
account_did = qs.get("_account_did")
|
# (blog_did == account_did — same value set during OAuth callback)
|
||||||
if account_did and redis and pnone_at:
|
if device_id and redis and pnone_at:
|
||||||
auth_ts = await redis.get(f"did_auth:{account_did}")
|
auth_ts = await redis.get(f"did_auth:{device_id}")
|
||||||
if auth_ts:
|
if auth_ts:
|
||||||
try:
|
try:
|
||||||
if float(auth_ts) > pnone_at:
|
if float(auth_ts) > pnone_at:
|
||||||
# Login on account after our cache — re-check now
|
|
||||||
qs.pop("_pnone_at", None)
|
qs.pop("_pnone_at", None)
|
||||||
return redirect(f"/auth/login?prompt=none&next={_quote(request.url, safe='')}")
|
return redirect(f"/auth/login?prompt=none&next={_quote(request.url, safe='')}")
|
||||||
except (ValueError, TypeError):
|
except (ValueError, TypeError):
|
||||||
@@ -218,7 +218,6 @@ def create_base_app(
|
|||||||
|
|
||||||
if pnone_at and (now - pnone_at) < 300:
|
if pnone_at and (now - pnone_at) < 300:
|
||||||
return
|
return
|
||||||
device_id = g.device_id
|
|
||||||
if device_id and redis:
|
if device_id and redis:
|
||||||
cached = await redis.get(f"prompt:{name}:{device_id}")
|
cached = await redis.get(f"prompt:{name}:{device_id}")
|
||||||
if cached == b"none":
|
if cached == b"none":
|
||||||
|
|||||||
@@ -61,10 +61,13 @@ def create_oauth_blueprint(app_name: str) -> Blueprint:
|
|||||||
@bp.get("/callback")
|
@bp.get("/callback")
|
||||||
@bp.get("/callback/")
|
@bp.get("/callback/")
|
||||||
async def callback():
|
async def callback():
|
||||||
# Always store account_did when account passes it back
|
# Adopt account's device id as our own — one identity across all apps
|
||||||
account_did = request.args.get("account_did", "")
|
account_did = request.args.get("account_did", "")
|
||||||
if account_did:
|
if account_did:
|
||||||
qsession["_account_did"] = account_did
|
qsession["_account_did"] = account_did
|
||||||
|
# Overwrite this app's device cookie with account's device id
|
||||||
|
g.device_id = account_did
|
||||||
|
g._new_device_id = True # factory after_request will set the cookie
|
||||||
|
|
||||||
# Handle prompt=none error (user not logged in on account)
|
# Handle prompt=none error (user not logged in on account)
|
||||||
error = request.args.get("error")
|
error = request.args.get("error")
|
||||||
|
|||||||
Reference in New Issue
Block a user