def invalidate_token(self, token_value):
auth_query = BoruvkaAuthQuery(self._dao)
token = auth_query.get_token(
value=token_value,
)
token.expirationDate = 0
self._dao.update(token)
def verify_token(self, token_value):
auth_query = BoruvkaAuthQuery(self._dao)
token = auth_query.get_token(
value=token_value,
)
if token:
token_date = datetime.utcfromtimestamp(token.expirationDate)
if token_date > datetime.now():
# Possibly return authorized user id/name
return True
return False
def login(self, payload):
username = payload['username']
password = payload['password']
hashed_password = self.hash_password(
username,
password,
)
user_query = BoruvkaUserQuery(self._dao)
user = user_query.get_user(
username=username,
password=hashed_password,
)
if not user:
return None, None
auth_query = BoruvkaAuthQuery(self._dao)
if user.tokenId:
token = auth_query.get_token(
id=user.tokenId,
)
token_date = datetime.utcfromtimestamp(token.expirationDate)
if token_date > datetime.now():
return user.id, token.value
# generate token
token_value, token_date = self.__generate_token()
token = auth_query.create_token(
value=token_value,
date=token_date,
)
user.tokenId = token.id
self._dao.update(user)
# api call returns token, whilst webapp sets cookie
return user.id, token.value
