From 5b3ec9130081088b6e5ff3c7a15176f8545ea8fd Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Sat, 4 Jul 2020 10:39:38 +0200
Subject: [PATCH] login user in api auth endpoints

---
 app/api/views/auth.py     | 4 ++++
 app/api/views/auth_mfa.py | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/app/api/views/auth.py b/app/api/views/auth.py
index fc91cd26..f0f02b8e 100644
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@@ -4,6 +4,7 @@ import facebook
 import google.oauth2.credentials
 import googleapiclient.discovery
 from flask import jsonify, request, g
+from flask_login import login_user
 from itsdangerous import Signer
 
 from app import email_utils
@@ -333,6 +334,9 @@ def auth_payload(user, device) -> dict:
         ret["mfa_key"] = None
         ret["api_key"] = api_key.code
 
+        # so user is automatically logged in on the web
+        login_user(user)
+
     return ret
 
 
diff --git a/app/api/views/auth_mfa.py b/app/api/views/auth_mfa.py
index 6871aaf6..754e356e 100644
--- a/app/api/views/auth_mfa.py
+++ b/app/api/views/auth_mfa.py
@@ -1,5 +1,6 @@
 import pyotp
 from flask import jsonify, request
+from flask_login import login_user
 from itsdangerous import Signer
 
 from app.api.base import api_bp
@@ -64,4 +65,7 @@ def auth_mfa():
 
     ret["api_key"] = api_key.code
 
+    # so user is logged in automatically on the web
+    login_user(user)
+
     return jsonify(**ret), 200