def inner(request, *args, **kwargs):
if request.method != "POST":
return Http404
post_data = request.POST or json.loads(request.body)
if 'username' not in post_data:
return render_to_json({
"message": "POST requests require a Parse 'username'",
}, status=400)
username = post_data['username']
newly_created, user = User.get_or_create_by_username(username)
if newly_created:
access_token = AccessToken.create_for_user(user)
else:
if 'access_token' not in post_data:
return render_to_json({
"message": "POST request requires an access token",
}, status=400)
access_token = AccessToken.get_from_token_data(post_data['access_token'])
if not access_token.has_access_to_user(user):
return render_to_json({
"message": "Invalid Access Token"
}, status=403)
kwargs["user"] = user
kwargs["access_token"] = access_token.token_data
return fn(request, *args, **kwargs)
def inner(request, *args, **kwargs):
if 'username' not in request.GET:
return render_to_json({
"message": "GET requires a 'username'"
}, status=400)
username = request.GET['username']
user = User.get_by_username(username)
if 'access_token' not in request.GET:
return render_to_json({
"message": "GET requires an 'access_token'"
}, status=400)
access_token = AccessToken.get_from_token_data(request.GET['access_token'])
if not access_token.has_access_to_user(user):
return render_to_json({
"message": "Invalid Access Token"
}, status=403)
kwargs['user'] = user
return fn(request, *args, **kwargs)