Avoid running two queries when using session token validation

lnagel · lnagel · commit 15e448c335df · 2016-06-21T11:20:56.000+03:00
diff --git a/rest_framework_sso/authentication.py b/rest_framework_sso/authentication.py
@@ -65,14 +65,18 @@ def authenticate_credentials(self, payload):
 
         if api_settings.VERIFY_SESSION_TOKEN:
             try:
-                SessionToken.objects.active().get(pk=payload.get('sid'), user_id=payload.get('uid'))
+                session_token = SessionToken.objects.\
+                    active().\
+                    select_related('user').\
+                    get(pk=payload.get('sid'), user_id=payload.get('uid'))
+                user = session_token.user
             except SessionToken.DoesNotExist:
                 raise exceptions.AuthenticationFailed(_('Invalid token.'))
-
-        try:
-            user = user_model.objects.get(pk=payload.get('uid'))
-        except user_model.DoesNotExist:
-            raise exceptions.AuthenticationFailed(_('Invalid token.'))
+        else:
+            try:
+                user = user_model.objects.get(pk=payload.get('uid'))
+            except user_model.DoesNotExist:
+                raise exceptions.AuthenticationFailed(_('Invalid token.'))
 
         if not user.is_active:
             raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
