Users stay logged in when re-entering home if there is an active order or is an old account

2024-12-14 11:26:24 +00:00 · 2022-01-18 09:42:45 -08:00 · 2022-01-18 09:42:45 -08:00 · ce9845cbc2
commit ce9845cbc2
parent 5e0639cfb3
2 changed files with 18 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -20,6 +20,9 @@ RoboSats is a simple and private way to exchange bitcoin for national currencies
 ## Contribute to the Robotic Satoshis Open Source Project
 See [CONTRIBUTING.md](CONTRIBUTING.md)

+## Original idea
+A simple, custody-minimized, lightning exchange using hold invoices is heavily inspired by [P2PLNBOT](https://github.com/grunch/p2plnbot) by @grunch
+
 ## License

 The Robotic Satoshis Open Source Project is released under the terms of the AGPL3.0 license. See [LICENSE](LICENSE) for more details.
--- a/api/views.py
+++ b/api/views.py
@ -315,14 +315,21 @@ class UserView(APIView):
        Response with Avatar and Nickname.
        '''

-        # if request.user.id:
-        #     context = {}
-        #     context['nickname'] = request.user.username
-        #     participant = not Logics.validate_already_maker_or_taker(request.user)
-        #     context['bad_request'] = f'You are already logged in as {request.user}'
-        #     if participant:
-        #         context['bad_request'] = f'You are already logged in as as {request.user} and have an active order'
-        #     return Response(context,status.HTTP_200_OK)
+        # If an existing user opens the main page by mistake, we do not want it to create a new nickname/profile for him
+        if request.user.is_authenticated:
+            context = {'nickname': request.user.username}
+            not_participant, _ = Logics.validate_already_maker_or_taker(request.user)
+
+            # Does not allow this 'mistake' if an active order
+            if not not_participant:
+                context['bad_request'] = f'You are already logged in as {request.user} and have an active order'
+                return Response(context, status.HTTP_400_BAD_REQUEST)
+            
+            # Does not allow this 'mistake' if the last login was sometime ago (5 minutes)
+            if request.user.last_login < timezone.now() - timedelta(minutes=5):
+                context['bad_request'] = f'You are already logged in as {request.user}'
+                return Response(context, status.HTTP_400_BAD_REQUEST)
+            

        token = request.GET.get(self.lookup_url_kwarg)