mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-20 16:59:12 +00:00
Code Issues 32 Releases Wiki Activity

Refs #35303 -- Made small optimizations in alogout() and aget_user().

Browse Source 
In alogout(), there is no need to check the is_authenticated attribute
when user is None.

In aget_user(), there is no need to call get_session_auth_hash() twice.

Follow up to 50f89ae850f6b4e35819fe725a08c7e579bfd099.
This commit is contained in:
Mariusz Felisiak 2025-08-20 10:29:07 +02:00 committed by GitHub
parent cd7554e551
commit 7063d31cc3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
django/contrib/auth/__init__.py
View File

@ -269,8 +269,8 @@ async def alogout(request):
user = getattr(request, "auser", None) user = getattr(request, "auser", None)
if user is not None: if user is not None:
user = await user() user = await user()
if not getattr(user, "is_authenticated", True): if not getattr(user, "is_authenticated", True):
user = None user = None
await user_logged_out.asend(sender=user.__class__, request=request, user=user) await user_logged_out.asend(sender=user.__class__, request=request, user=user)
await request.session.aflush() await request.session.aflush()
if hasattr(request, "auser"): if hasattr(request, "auser"):
@ -364,8 +364,8 @@ async def aget_user(request):
session_hash_verified = False session_hash_verified = False
else: else:
session_auth_hash = user.get_session_auth_hash() session_auth_hash = user.get_session_auth_hash()
session_hash_verified = session_hash and constant_time_compare( session_hash_verified = constant_time_compare(
session_hash, user.get_session_auth_hash() session_hash, session_auth_hash
) )
if not session_hash_verified: if not session_hash_verified:
# If the current secret does not verify the session, try # If the current secret does not verify the session, try