do not update sudo mode ts if loggin in from client

seahub/base/sudo_mode.py

@@ -24,7 +24,7 @@ def update_sudo_mode_ts(request):
 
 def update_sudo_ts_when_login(**kwargs):
     request = kwargs['request']
-    if request.user.is_staff:
+    if request.user.is_staff and not getattr(request, 'client_token_login', False):
         update_sudo_mode_ts(request)
 
 if ENABLE_SUDO_MODE:

seahub/views/__init__.py

@@ -2115,6 +2115,7 @@ def client_token_login(request):
         if request.user.is_authenticated() and request.user.username == user.username:
             pass
         else:
+            request.client_token_login = True
             auth_login(request, user)
 
     return HttpResponseRedirect(request.GET.get("next", reverse('libraries')))

tests/api/test_auth.py

@@ -77,6 +77,12 @@ class AuthTest(ApiTestBase):
         r = requests.get(url)
         assert r.url == urljoin(BASE_URL, '/profile/')
 
+    def test_client_login_token_wont_enter_sudo_mode(self):
+        url = self._get_client_login_url(admin=True)
+        url += '&next=/sys/useradmin'
+        r = requests.get(url)
+        assert r.url == urljoin(BASE_URL, '/sys/sudo/?next=/sys/useradmin/')
+
     def _desktop_login(self):
         data = {
             'username': USERNAME,
@@ -106,7 +112,8 @@ class AuthTest(ApiTestBase):
     def _logout(self, token):
         self.post(LOGOUT_DEVICE_URL, token=token)
 
-    def _get_client_login_url(self):
-        token = self.post(CLIENT_LOGIN_TOKEN_URL).json()['token']
+    def _get_client_login_url(self, admin=False):
+        post = self.admin_post if admin else self.post
+        token = post(CLIENT_LOGIN_TOKEN_URL).json()['token']
         assert len(token) == 32
         return urljoin(BASE_URL, 'client-login/') + '?token=' + token