def test_session_token(self):
user = User(email="*****@*****.**")
user.put()
token = user.get_session_token()
self.assertIsNotNone(token)
valid, data = User.verify_session_token(token)
self.assertTrue(valid)
self.assertEqual(user.key.id(), data['user_id'])
token = user.get_session_token(expiration=-1)
self.assertIsNotNone(token)
valid, data = User.verify_session_token(token)
self.assertFalse(valid)
def current_user():
args = token_parser.parse_args()
token = args['X-Session-Token']
valid, data = User.verify_session_token(token)
g.user = None
if valid:
if not data.get('password_reset'):
g.user = User.get_by_id(data.get('user_id'))
def post(self):
args = password_confirm_post.parse_args()
token = args['reset_token']
password = args['password']
valid, data = user_model.verify_session_token(token)
if not valid or not data.get('password_reset'):
api.abort(400, 'Reset token is invalid')
user = user_model.get_by_id(data.get('user_id'))
user.set_password(password)
user.put()
return '', 200
