def login(self, user, password=None): success = False # assuming that if password isn't given then we have a user object if password is None: session["user_id"] = user.id success = True # otherwise we have a username else: user = User.query.filter(User.nickname == user).first() if not user: return False if check_password_hash(user.pwdhash, password): session["user_id"] = user.id success = True if success: user.regenerate_auth_tokens() after_this_request( lambda resp: resp.set_cookie( COOKIE_USER_AUTH_TOKEN, user.auth_token, expires=datetime.utcnow() + timedelta(days=14), domain=urlparse(request.url_root).netloc.split(":")[0], httponly=True, ) or resp # using 'or' because set_cookie returns NoneType without it ) g.current_user = user return success
def logout(self): try: del session["user_id"] except KeyError: pass after_this_request( lambda resp: resp.set_cookie(COOKIE_USER_AUTH_TOKEN, "", expires=datetime(1971, 01, 01), httponly=True) or resp # using 'or' because set_cookie returns NoneType )