Simplify some more stuff here, don't kill session if it was established outside the API gateway

jkachel · jkachel · commit e44568169c6f · 2024-09-18T16:00:15.000-04:00
diff --git a/unified_ecommerce/middleware.py b/unified_ecommerce/middleware.py
@@ -31,23 +31,20 @@ def process_request(self, request):
                 logout(request)
             return
 
-        if request.user.is_authenticated:
-            # The user is authenticated but like the RemoteUserMiddleware we
-            # should now check and make sure the user APISIX is passing is
-            # the same user.
+        if apisix_user:
+            if request.user.is_authenticated and request.user != apisix_user:
+                # The user is authenticated, but doesn't match the user we got
+                # from APISIX. So, log them out so the APISIX user takes
+                # precedence.
 
-            if request.user != apisix_user:
                 logout(request)
 
-            return
-
-        if not apisix_user:
-            logout(request)
-
-            return
-
-        request.user = apisix_user
-        login(request, apisix_user, backend="django.contrib.auth.backends.ModelBackend")
+            request.user = apisix_user
+            login(
+                request,
+                apisix_user,
+                backend="django.contrib.auth.backends.ModelBackend",
+            )
 
         return
 
