From 039628cff79563e85285ebe2a1460f1211905e3b Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Wed, 5 Feb 2020 15:58:15 +0000 Subject: [PATCH] Reorder the methods called in sign out We found another scenario where signing out of the db can cause a 500. If the user archives their trial mode service, current_service.active = false, then signs out, the current user was being signed out client side first, meaning current_user is now an Anonymous user, next the call to the API is made to log out user on db, all calls to NotifyApiClient `check_inactive_service`, which is only authorised if user is platform_admin, but an AnonymousUser does not have that attribute, so a 500 is raise. Seemed a bit cleaner to change the User.signout method to rather than the `check_inactive_service` method for current_user.is_authenticated. --- app/models/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/user.py b/app/models/user.py index 67962c523..0b2b25ea8 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -154,10 +154,10 @@ class User(JSONModel, UserMixin): return True def sign_out(self): - # Update the db so the server also knows the user is logged out. session.clear() + # Update the db so the server also knows the user is logged out. + self.update(current_session_id=None) logout_user() - return self.update(current_session_id=None) @property def sms_auth(self):