def verify_password(username_or_token, password):
if User.verify_auth_token(username_or_token) is not None:
return True
try:
user = Ctrl.get_user_with_name(username_or_token)
except Ctrl.AdminControlException:
return False
return user.verify_password(password)
def post(self):
"""Verify login data and respond with a new timed auth token."""
# TODO: current user object or at least user-id
# should be stored in session to decrease db access
# Response should probably also include timeout (for cookie info)
username = request.authorization.username
try:
user = Ctrl.get_user_with_name(username)
except Ctrl.AdminControlException as err:
return JSendResponse.new_error(err.message).jsonify()
token = user.generate_auth_token()
return JSendResponse.new_success(token.decode('ascii')).jsonify()
