Esempio n. 1
0
def verify_password(username_or_token, password):
    if User.verify_auth_token(username_or_token) is not None:
        return True

    try:
        user = Ctrl.get_user_with_name(username_or_token)
    except Ctrl.AdminControlException:
        return False

    return user.verify_password(password)
Esempio n. 2
0
    def post(self):
        """Verify login data and respond with a new timed auth token."""
        # TODO: current user object or at least user-id
        # should be stored in session to decrease db access
        # Response should probably also include timeout (for cookie info)
        username = request.authorization.username
        try:
            user = Ctrl.get_user_with_name(username)
        except Ctrl.AdminControlException as err:
            return JSendResponse.new_error(err.message).jsonify()

        token = user.generate_auth_token()
        return JSendResponse.new_success(token.decode('ascii')).jsonify()