Force re-authentication if credentials entered for wrong Cmdr

EDMarketConnector.py

@@ -475,6 +475,12 @@ class AppWindow:
                 self.w.after(int(SERVER_RETRY * 1000), lambda:self.getandsend(event, True))
                 return	# early exit to avoid starting cooldown count
 
+        except companion.CmdrError as e:	# Companion API return doesn't match Journal
+            self.status['text'] = unicode(e)
+            play_bad = True
+            companion.session.invalidate()
+            self.login()
+
         except Exception as e:
             if __debug__: print_exc()
             self.status['text'] = unicode(e)

README.md

@@ -134,7 +134,7 @@ You won't be redirected to Frontier's authentication website and can't edit your
 - Your “E:D journal file location” setting is incorrect. See [above](#doesnt-auto-update-or-track-systems-visited).
 
 ### Error: Wrong Cmdr
-The Frontier server that supplies data to this app is supplying data for a different Cmdr than the one that you're currently playing. Either:
+The Frontier server that supplies data to this app is supplying data for a different Cmdr than the one that you're currently playing. You are redirected to Frontier's authentication website and prompted again for your username and password. Either:
 
 1. You have multiple accounts and the username/password setting is not for the account that you're currently playing; or
 2. You have reset your Cmdr but Frontier's server is still supplying data for the old Cmdr.
@@ -143,8 +143,6 @@ If 1 check your username/password settings.
 
 If 2 this problem may or may not resolve itself in time.
 
-This problem is tracked as [Issue #165](https://github.com/Marginal/EDMarketConnector/issues/165).
-
 ### I run two instances of E:D simultaneously, but I can't run two instances of EDMC
 EDMC supports this scenario if you run the second instance of E:D in a *different* user account - e.g. using `runas` on Windows. Run the second instance of EDMC in the same user account as the second instance of E:D.
 

companion.py

@@ -180,7 +180,8 @@ class Auth:
 
         # New request
         self.verifier = self.base64URLEncode(os.urandom(32))
-        self.state = self.base64URLEncode(os.urandom(8))	# Keep small to stay under 256 ShellExecute limit on Windows
+        self.state = self.base64URLEncode(os.urandom(8))
+        # Won't work under IE <= 10 : https://blogs.msdn.microsoft.com/ieinternals/2011/07/13/understanding-protocols/
         webbrowser.open('%s%s?response_type=code&approval_prompt=auto&client_id=%s&code_challenge=%s&code_challenge_method=S256&state=%s&redirect_uri=edmc://auth' % (SERVER_AUTH, URL_AUTH, CLIENT_ID, self.base64URLEncode(hashlib.sha256(self.verifier).digest()), self.state))
 
     def authorize(self, payload):
@@ -223,6 +224,16 @@ class Auth:
         self.dump(r)
         raise CredentialsError()
 
+    @staticmethod
+    def invalidate(cmdr):
+        cmdrs = config.get('cmdrs')
+        idx = cmdrs.index(cmdr)
+        tokens = config.get('fdev_apikeys') or []
+        tokens = tokens + [''] * (len(cmdrs) - len(tokens))
+        tokens[idx] = ''
+        config.set('fdev_apikeys', tokens)
+        config.save()	# Save settings now for use by command-line app
+
     def dump(self, r):
         print_exc()
         print 'Auth\t' + r.url, r.status_code, r.headers, r.text.encode('utf-8')
@@ -360,6 +371,11 @@ class Session:
                 if __debug__: print_exc()
         self.session = None
 
+    def invalidate(self):
+        # Force a full re-authentication
+        self.close()
+        Auth.invalidate(self.credentials['cmdr'])
+
     def dump(self, r):
         print_exc()
         print 'cAPI\t' + r.url, r.status_code, r.headers, r.text.encode('utf-8')