From 81aa93d574f9c8b2d92a47d41dd556cf2c3e8a37 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Tue, 9 Apr 2019 10:58:54 -0700
Subject: verify auth on account page (via auth_check())

---
 python/fatcat_web/routes.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'python')

diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py
index 3479a937..422d121e 100644
--- a/python/fatcat_web/routes.py
+++ b/python/fatcat_web/routes.py
@@ -650,7 +650,11 @@ def logout():
 @app.route('/auth/account')
 @login_required
 def auth_account():
-    editor = api.get_editor(session['editor']['editor_id'])
+    # auth check on account page
+    user_api = auth_api(session['api_token'])
+    resp = user_api.auth_check()
+    assert(resp.success)
+    editor = user_api.get_editor(session['editor']['editor_id'])
     session['editor'] = editor.to_dict()
     load_user(editor.editor_id)
     return render_template('auth_account.html')
-- 
cgit v1.2.3