From eb59cbaa3988219685f2359939d4ddd398f6b36d Mon Sep 17 00:00:00 2001
From: Kevin Morris <kevr@0cost.org>
Date: Sun, 16 Jan 2022 02:01:52 -0800
Subject: [PATCH] change(python): use transaction query in BasicAuthBackend

Signed-off-by: Kevin Morris <kevr@0cost.org>
---
 aurweb/auth/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aurweb/auth/__init__.py b/aurweb/auth/__init__.py
index 3befd6ee..841110fa 100644
--- a/aurweb/auth/__init__.py
+++ b/aurweb/auth/__init__.py
@@ -122,8 +122,8 @@ class BasicAuthBackend(AuthenticationBackend):
         # At this point, we cannot have an invalid user if the record
         # exists, due to ForeignKey constraints in the schema upheld
         # by mysqlclient.
-        user = db.query(User).filter(User.ID == record.UsersID).first()
-        db.refresh(user)
+        with db.begin():
+            user = db.query(User).filter(User.ID == record.UsersID).first()
         user.nonce = util.make_nonce()
         user.authenticated = True