def auth_logout():
email = session['email']
token = session['token']
s = Session.find_one(email=email, token=token)
if s:
s.remove()
clear_session(api_route=True)
return Response(status=200)
def decorated_function(*args, **kwargs):
if 'email' not in session:
return clear_session(api_route)
if not hasattr(session, 'session_object'):
email = session['email']
token = session['token']
try:
s = Session.find_one(email=email, token=token)
if not s:
return clear_session(api_route)
if roles and s.role not in roles:
if api_route:
return Response(status=403)
else:
flash(
'Este usuário não está autorizado a acessar o recurso requisitado.'
)
return redirect(url_for('pages.index'))
except ValueError:
return clear_session(api_route)
session.session_object = s
if get_user:
session.user = User.find_one(email=email)
return f(*args, **kwargs)