From c18821f4dc5cb8064675520d30bafb6d46f9fa36 Mon Sep 17 00:00:00 2001
From: Kevin Lyda <kevin@ie.suberic.net>
Date: Mon, 22 Oct 2018 14:17:08 +0100
Subject: [PATCH] Handle reauths.

---
 server/server.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 9357239a..59e27940 100644
--- a/server/server.go
+++ b/server/server.go
@@ -252,12 +252,20 @@ func (a *app) setSessionVariable(w http.ResponseWriter, r *http.Request, key, va
 func (a *app) authed(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		t := a.getAuthToken(r)
+		autoToken := r.FormValue("auto_token")
 		if !t.Valid() || !a.authprovider.Valid(t) {
-			a.setSessionVariable(w, r, "auto_token", r.FormValue("auto_token"))
+			// This is the initial request - set auto_token regardless.
+			// This will handle cases where someone had an uto_token port
+			// and is not coming in without one.
+			a.setSessionVariable(w, r, "auto_token", autoToken)
 			a.setSessionVariable(w, r, "origin_url", r.URL.EscapedPath())
 			http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
 			return
 		}
+		// We're already authed so set it to the new value.
+		if autoToken != "" {
+			a.setSessionVariable(w, r, "auto_token", autoToken)
+		}
 		next.ServeHTTP(w, r)
 	})
 }
-- 
GitLab