From b7d191a8ebb35ee822d0d118324cbadc8f87c6af Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Mon, 9 Jul 2018 13:50:36 -0400
Subject: [PATCH] do not redirect in get_current_user

---
 atst/handler.py    |  2 +-
 tests/test_auth.py | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/atst/handler.py b/atst/handler.py
index bed23d21..2ad1acaf 100644
--- a/atst/handler.py
+++ b/atst/handler.py
@@ -23,7 +23,7 @@ class BaseHandler(tornado.web.RequestHandler):
             try:
                 session = self.application.sessions.get_session(cookie)
             except SessionNotFoundError:
-                return self.redirect("/login")
+                return None
         else:
             return None
 
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 67a77e45..0f5cd6f3 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -19,6 +19,18 @@ def test_redirects_when_not_logged_in(http_client, base_url):
     assert re.match("/\??", location)
 
 
+@pytest.mark.gen_test
+def test_redirects_when_session_does_not_exist(monkeypatch, http_client, base_url):
+    monkeypatch.setattr("atst.handlers.main.MainHandler.get_secure_cookie", lambda s,c: 'stale cookie!')
+    response = yield http_client.fetch(
+        base_url + "/home", raise_error=False, follow_redirects=False
+    )
+    location = response.headers["Location"]
+    assert response.code == 302
+    assert response.error
+    assert re.match("/\??", location)
+
+
 @pytest.mark.gen_test
 def test_login_with_valid_bearer_token(app, monkeypatch, http_client, base_url):
     monkeypatch.setattr("atst.handlers.login.Login._fetch_user_info", _fetch_user_info)