Login needs to login

[enewe101]

The ajax login script doesn't actually log a user in, it just adds the user to the session. That's a problem because the auth system does not actually consider the user to be logged in, which means that when we check request.user.is_authenticated() in subsequent requests sent by that user during the session, they don't validate.

I'm going to add that to the login url.

Also, these are still using GET instead of POST, and are bypassing the unified ajax handler. I'll turn it into POST, and route the ajax requests through the unified ajax url, ~/ajaxJson/<endpoint>/

[enewe101]

Yo @nishanth1991 , the authentication system's login() function automatically binds the user to all requests that are made as part of the same session. This means that in subsequent requests (whether ajax or otherwise), the logged in user can be found on request.user, and we can call request.user.is_authenticated().

Around line 478 in ajax.py we are adding the user to the session, but, since the authentication sys does it already when calling login(), we don't need to do that. I'm going to remove that, and elsewhere in the app we should always look for the user at request.user, not request.session['user'].

Do we have codes elsewhere in the app that assume the user is found at request.session['user']? I know I'll check the apptag, let me know if there's another spot though.

[enewe101]

This is done. Auth works. Another issue arose though: Because we are triggering a JS-based reload, if the user has submitted a form right before logging out, this initiates a re-POST of the form. Opening a separate issue for that... #24