def post(self):
args = self.get_json_arguments()
source = int(args.get("source_id", 0))
username = args['username']
password = args['password']
if not username or not password:
raise JsonException(1000, 'need username and password')
pwd = password_hash(password)
try:
user = User.get(User.username == username)
except:
user = None
if user is None or user.password != pwd:
raise JsonException(1001, 'wrong password')
access_token = gen_access_token()
auth = Auth.single(
Auth.source_id == source and Auth.user_id == user.id)
if auth is None:
auth = Auth(source_id=source, user_id=user.id)
auth.access_token = access_token
auth.save()
self.finish_json(result={
'user': user.to_dict(),
'access_token': access_token
})
def get_current_user(self):
username = self.request.headers.get('username')
access_token = self.request.headers.get('Authorization')
if username is None or access_token is None:
return None
user = User.single(User.username == username)
if user is None:
return None
auth = Auth.single(Auth.source_id == 0 and Auth.user_id == user.id)
if auth.access_token == access_token:
return user
else:
return None