login user in api auth endpoints

app/api/views/auth.py

@@ -4,6 +4,7 @@ import facebook
 import google.oauth2.credentials
 import googleapiclient.discovery
 from flask import jsonify, request, g
+from flask_login import login_user
 from itsdangerous import Signer
 
 from app import email_utils
@@ -333,6 +334,9 @@ def auth_payload(user, device) -> dict:
         ret["mfa_key"] = None
         ret["api_key"] = api_key.code
 
+        # so user is automatically logged in on the web
+        login_user(user)
+
     return ret
 
 

app/api/views/auth_mfa.py

@@ -1,5 +1,6 @@
 import pyotp
 from flask import jsonify, request
+from flask_login import login_user
 from itsdangerous import Signer
 
 from app.api.base import api_bp
@@ -64,4 +65,7 @@ def auth_mfa():
 
     ret["api_key"] = api_key.code
 
+    # so user is logged in automatically on the web
+    login_user(user)
+
     return jsonify(**ret), 200