def before_decorator(): rule = request.endpoint try: if request.method == 'OPTIONS' or rule is 'registration' or rule is 'login' or request.headers.get( "pass") == 'sL36KjRf5oAc79ifhPJAz1bqi03WQPCC': pass else: token = request.headers.get("Token") fblogin = False if request.headers.has_key("X-Api-Key"): fblogin = json.loads(request.headers["X-Api-Key"]) if fblogin: user = token else: tmp = jwt.decode(request.headers["Token"], 'secret', algorithms=['HS256']) user = tmp.get("user") password = tmp.get("password") res = UsersRDB.validate_info(user) if not check_password_hash(res, password): raise ValueError("Your information cannot be identify!") g.user = user except Exception as exp: rsp_txt = "ERROR: Unauthorized user. Login required.\n{}".format(exp) rsp_status = 504 full_rsp = Response(rsp_txt, status=rsp_status, content_type="application/json") return full_rsp
def validate(cls, info): (user_email, user_password), = info.items() res = UsersRDB.validate_info(user_email) return check_password_hash(res, user_password)