def login(self, user, password=None):
success = False
# assuming that if password isn't given then we have a user object
if password is None:
session["user_id"] = user.id
success = True
# otherwise we have a username
else:
user = User.query.filter(User.nickname == user).first()
if not user:
return False
if check_password_hash(user.pwdhash, password):
session["user_id"] = user.id
success = True
if success:
user.regenerate_auth_tokens()
after_this_request(
lambda resp: resp.set_cookie(
COOKIE_USER_AUTH_TOKEN,
user.auth_token,
expires=datetime.utcnow() + timedelta(days=14),
domain=urlparse(request.url_root).netloc.split(":")[0],
httponly=True,
)
or resp # using 'or' because set_cookie returns NoneType without it
)
g.current_user = user
return success
def logout(self):
try:
del session["user_id"]
except KeyError:
pass
after_this_request(
lambda resp: resp.set_cookie(COOKIE_USER_AUTH_TOKEN, "", expires=datetime(1971, 01, 01), httponly=True)
or resp # using 'or' because set_cookie returns NoneType
)