def test_verify_user_token(user):
"""Verifying the current token should set current_user."""
# NB: not "is None" since current_user is a proxy
assert current_user == None
t = user.token
set_current_user_with_token(t)
assert current_user.id == user.id
def verify_session():
"""Verify the authorisation in the current session. Raises Unauthorized if
the session is not authorised. Sets current_user if the session is
authorised.
"""
t = session.get(AUTH_TOKEN_SESSION_KEY)
if t is None:
raise Unauthorized('no user token provided')
set_current_user_with_token(t)
# Update the token in the session to make sure that the user always has a
# good long expiry windows
session[AUTH_TOKEN_SESSION_KEY] = g.current_user.token
def decorated(*args, **kwargs):
auth = request.headers.get('Authorization', None)
if auth is None:
raise Unauthorized()
auth = auth.split()
if len(auth) != 2:
raise BadRequest('Authorization header is >2 words')
if auth[0].lower() != 'bearer':
raise BadRequest('Authorization must be bearer token type')
set_current_user_with_token(auth[1])
return f(*args, **kwargs)
def signin():
redir_url = request.args.get('target', url_for('ui.index'))
# Already signed in?
if try_verify_session():
return redirect(redir_url)
# Have we been given a token?
token = request.args.get('token', None)
if token is not None:
set_current_user_with_token(token)
return redirect(redir_url)
# Show sign in
return render_template('signin.html')
def current_user(user):
"""The fake user "user" authenticated as the current user."""
set_current_user_with_token(user.token)
return _current_user