def verify_password(username_or_token, password): if User.verify_auth_token(username_or_token) is not None: return True try: user = Ctrl.get_user_with_name(username_or_token) except Ctrl.AdminControlException: return False return user.verify_password(password)
def post(self): """Verify login data and respond with a new timed auth token.""" # TODO: current user object or at least user-id # should be stored in session to decrease db access # Response should probably also include timeout (for cookie info) username = request.authorization.username try: user = Ctrl.get_user_with_name(username) except Ctrl.AdminControlException as err: return JSendResponse.new_error(err.message).jsonify() token = user.generate_auth_token() return JSendResponse.new_success(token.decode('ascii')).jsonify()