Merge branch 'TMSS-2904' into 'master'

TMSS-2904: add proposed solution to play around with and understand the issue better

Closes TMSS-2904

See merge request !1294

SAS/TMSS/backend/src/tmss/tmssapp/views.py

@@ -70,6 +70,26 @@ def revoke_token_deauth(request, *args, **kwargs):
 
 def authentication_state(request):
     if not request.user.is_authenticated:
+        username = request.query_params.get('username', None)
+        if username:
+            # Check websocket token against known token for given username, to hint to the frontend that the user has
+            # an active session. Proposed solution from TMSS-2904.
+            # Todo: I feel this is not a correct solution.
+            #  The websocket token should function independently from the application login with session cookie.
+            #  Review what is really going on here. I cannot replicate the described behavior on my machine. I log in
+            #  to TMSS, close my browser, open it again, and my session still works without another login handshake.
+            #  If this does not work on all operating systems and/or browsers then there is most likely something amiss
+            #  with the request getting handled by middleware. I wonder if you are now somehow trying to fall back to
+            #  the ws token to get into the application via the Token middleware, because somehow the OIDC middleware is
+            #  not properly triggered.
+            try:
+                token = request.META['HTTP_AUTHORIZATION'].split(" ")[1]
+                token_obj = Token.objects.filter(key=token).first()
+                valid = (token_obj.user.username == username)
+                return JsonResponse({'is_authenticated': False,
+                                     'websocket_token_valid': valid})
+            except:
+                pass
         return JsonResponse({'is_authenticated': False})
 
     token_obj = Token.objects.filter(user=request.user).first()