def check_authorization(*args, **kwargs):
# If the function is not a direct api_repsonse, it means it credentials have already been checked
#So we return the function itself
if(kwargs.get('api_response', True)):
updated_token = None
try:
updated_token = process_token(json.loads(request.form['token']))
project_access(kwargs.get('project_id'),updated_token) #project_id past in contructor
except InvalidCredential as invalid:
return response.error(invalid.args[0])
except AccessDenied as denied:
error = response.error(denied.args[0])
mesg = response.add_token(updated_token, error)
return mesg
return response.add_token(updated_token, function(*args, **kwargs))
else:
return function(*args, **kwargs)
def login():
'''Called when a user is loging in (shocker)
Checks the provided email and password with the values stored in the database'''
credentials_form = json.loads(request.form['payload'])
credentials_form = sanitize.form_keys(credentials_form)
provided_credentials = Credentials.map_from_form(credentials_form)
stored_credentials = user_select.login_credentials(provided_credentials)
try:
validate.login(stored_credentials, provided_credentials)
except InvalidCredential as invalid:
return response.error(invalid.args[0])
token = Token()
token.user_id = stored_credentials.id
token.update()
user_update.token(token)
return response.add_token(token = token)
