return db.session.query(User).get(user_id)
def unauthorized():
return make_response(
jsonify({'error': 'Unauthorized access'}), 401,
[('WWW-Authenticate', 'error')])
def access_denied():
return make_response(
jsonify({'error': "Permission denied"}), 403,
[('WWW-Authenticate', 'error')])
auth.error_handler(unauthorized)
auth_admin.error_handler(access_denied)
def verify(username_or_token, password):
user = User.verify_auth_token(username_or_token)
if not user:
user = User.query.filter_by(login=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def verify_admin(username, password):
