From 07cc82b6275a4e261b433fd70459bca3ebb1a347 Mon Sep 17 00:00:00 2001
From: Georges-Antoine Assi <georges.antoine.assi@gmail.com>
Date: Wed, 6 Mar 2024 09:53:29 -0500
Subject: [PATCH] Fix auth handling on user update

---
 DEVELOPER-SETUP.md                       | 3 +--
 backend/config/__init__.py               | 2 +-
 backend/endpoints/user.py                | 2 +-
 backend/handler/auth_handler/__init__.py | 4 ++--
 4 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/DEVELOPER-SETUP.md b/DEVELOPER-SETUP.md
index 27874ff54..2f587cdec 100644
--- a/DEVELOPER-SETUP.md
+++ b/DEVELOPER-SETUP.md
@@ -42,8 +42,7 @@ pipx install --suffix _npm git+https://github.com/radoering/poetry.git@non-packa
 
 More info: https://github.com/python-poetry/poetry/pull/8650
 
-
-Then creat the virtual environment
+Then create the virtual environment
 
 ```sh
 # Fix disable parallel installation stuck: $> poetry_npm config experimental.new-installer false
diff --git a/backend/config/__init__.py b/backend/config/__init__.py
index 061715b18..bc8146d53 100644
--- a/backend/config/__init__.py
+++ b/backend/config/__init__.py
@@ -26,7 +26,7 @@ DB_PASSWD: Final = os.environ.get("DB_PASSWD")
 DB_NAME: Final = os.environ.get("DB_NAME", "romm")
 
 # REDIS
-REDIS_HOST: Final = "localhost"
+REDIS_HOST: Final = "127.0.0.1"
 REDIS_PORT: Final = 6379
 
 # IGDB
diff --git a/backend/endpoints/user.py b/backend/endpoints/user.py
index 4f383e786..073e621c2 100644
--- a/backend/endpoints/user.py
+++ b/backend/endpoints/user.py
@@ -149,7 +149,7 @@ def update_user(
             "hashed_password"
         )
         if request.user.id == id and creds_updated:
-            auth_handler.clear_session(request)
+            request.session.clear()
 
     return db_user_handler.get_user(id)
 
diff --git a/backend/handler/auth_handler/__init__.py b/backend/handler/auth_handler/__init__.py
index 4dd9af1a5..3b1d56605 100644
--- a/backend/handler/auth_handler/__init__.py
+++ b/backend/handler/auth_handler/__init__.py
@@ -77,7 +77,7 @@ class AuthHandler:
         # Key exists therefore user is probably authenticated
         user = db_user_handler.get_user_by_username(username)
         if user is None:
-            conn.session.clear()
+            conn.session = {}
 
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
@@ -85,7 +85,7 @@ class AuthHandler:
             )
 
         if not user.enabled:
-            conn.session.clear()
+            conn.session = {}
 
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN, detail="Inactive user"