async def login(self, user: RemoteUser):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
if user is None:
user = self.current_user
if hasattr(user, 'get_session_auth_hash'):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in self.session:
if _get_user_session_key(self) != user.id or (
session_auth_hash and not constant_time_compare(
self.session.get(HASH_SESSION_KEY, ''),
session_auth_hash)):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
self.session.flush()
else:
self.session.cycle_key()
self.session[SESSION_KEY] = user.id
self.session[HASH_SESSION_KEY] = session_auth_hash
# noinspection PyAttributeOutsideInit
self.current_user = user
async def get_user(self) -> RemoteUser:
data = await self.internal_request('login',
'get_user',
user_id=self.user_id)
return RemoteUser(**data)
async def get_moderator(self) -> RemoteUser:
data = await self.request_user(user_id=self.moderator_id)
return RemoteUser(**data)
async def get_receiver(self) -> RemoteUser:
data = await self.request_user(user_id=self.receiver_id)
return RemoteUser(**data)