Beispiel #1
0
    def login(self, user, password=None):

        success = False

        # assuming that if password isn't given then we have a user object
        if password is None:
            session["user_id"] = user.id
            success = True
        # otherwise we have a username
        else:
            user = User.query.filter(User.nickname == user).first()
            if not user:
                return False
            if check_password_hash(user.pwdhash, password):
                session["user_id"] = user.id
                success = True

        if success:
            user.regenerate_auth_tokens()
            after_this_request(
                lambda resp: resp.set_cookie(
                    COOKIE_USER_AUTH_TOKEN,
                    user.auth_token,
                    expires=datetime.utcnow() + timedelta(days=14),
                    domain=urlparse(request.url_root).netloc.split(":")[0],
                    httponly=True,
                )
                or resp  # using 'or' because set_cookie returns NoneType without it
            )
            g.current_user = user

        return success
Beispiel #2
0
    def logout(self):
        try:
            del session["user_id"]
        except KeyError:
            pass

        after_this_request(
            lambda resp: resp.set_cookie(COOKIE_USER_AUTH_TOKEN, "", expires=datetime(1971, 01, 01), httponly=True)
            or resp  # using 'or' because set_cookie returns NoneType
        )