Generate new LT only then the previous has been used

This commit is contained in:
Valentin Samir 2015-06-07 23:46:32 +02:00
parent fe8c74ba08
commit 277788e593

View File

@ -130,7 +130,7 @@ class LoginView(View, LogoutMixin):
# save LT for later check # save LT for later check
lt_valid = request.session.get('lt') lt_valid = request.session.get('lt')
lt_send = request.POST.get('lt') lt_send = request.POST.get('lt')
# generate a new LT # generate a new LT (by posting the LT has been consumed)
request.session['lt'] = utils.gen_lt() request.session['lt'] = utils.gen_lt()
# check if send LT is valid # check if send LT is valid
@ -167,8 +167,8 @@ class LoginView(View, LogoutMixin):
self.gateway = request.GET.get('gateway') self.gateway = request.GET.get('gateway')
self.method = request.GET.get('method') self.method = request.GET.get('method')
# generate a new LT # generate a new LT if none is present
request.session['lt'] = utils.gen_lt() request.session['lt'] = request.session.get('lt', utils.gen_lt())
if not request.session.get("authenticated") or self.renew: if not request.session.get("authenticated") or self.renew:
self.init_form() self.init_form()