Beispiel #1
0
    def inner(request, *args, **kwargs):
        if request.method != "POST":
            return Http404

        post_data = request.POST or json.loads(request.body)
        if 'username' not in post_data:
            return render_to_json({
                "message": "POST requests require a Parse 'username'",
            }, status=400)

        username = post_data['username']
        newly_created, user = User.get_or_create_by_username(username)
        if newly_created:
            access_token = AccessToken.create_for_user(user)
        else:
            if 'access_token' not in post_data:
                return render_to_json({
                    "message": "POST request requires an access token",
                }, status=400)

            access_token = AccessToken.get_from_token_data(post_data['access_token'])
            if not access_token.has_access_to_user(user):
                return render_to_json({
                    "message": "Invalid Access Token"
                }, status=403)
        kwargs["user"] = user
        kwargs["access_token"] = access_token.token_data
        return fn(request, *args, **kwargs)
Beispiel #2
0
    def inner(request, *args, **kwargs):
        if 'username' not in request.GET:
            return render_to_json({
                "message": "GET requires a 'username'"
            }, status=400)
        username = request.GET['username']
        user = User.get_by_username(username)

        if 'access_token' not in request.GET:
            return render_to_json({
                "message": "GET requires an 'access_token'"
            }, status=400)
        access_token = AccessToken.get_from_token_data(request.GET['access_token'])
        if not access_token.has_access_to_user(user):
            return render_to_json({
                "message": "Invalid Access Token"
            }, status=403)
        kwargs['user'] = user

        return fn(request, *args, **kwargs)