log a previously logged in user when switched to no_auth mode

diff --git a/mediagoblin/app.py b/mediagoblin/app.py
index 51c597aa7960f593abcb2b8b10446a22917a417d..982e570c146a2a1346ab6f2a0a6f6a7a39e93025 100644 (file)
--- a/mediagoblin/app.py
+++ b/mediagoblin/app.py
@@ -37,7 +37,7 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector,
     setup_storage)
 from mediagoblin.tools.pluginapi import PluginManager, hook_transform
 from mediagoblin.tools.crypto import setup_crypto
-from mediagoblin.auth.tools import check_auth_enabled
+from mediagoblin.auth.tools import check_auth_enabled, no_auth_logout
 
 
 _log = logging.getLogger(__name__)
@@ -192,6 +192,9 @@ class MediaGoblinApp(object):
 
         mg_request.setup_user_in_request(request)
 
+        # Log user out if in no_auth mode
+        no_auth_logout(request)
+
         request.controller_name = None
         try:
             found_rule, url_values = map_adapter.match(return_rule=True)

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index bd171261898e5b8fd5bc9ab497a03922b69d8666..7d051a667d399f1dabc095a219c383c6bdee5880 100644 (file)
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -76,3 +76,9 @@ def check_auth_enabled():
         return False
     else:
         return True
+
+
+def no_auth_logout(request):
+    """Log out the user if in no_auth mode"""
+    if not mg_globals.app.auth:
+        request.session.delete()