def test_verify_user_token(user): """Verifying the current token should set current_user.""" # NB: not "is None" since current_user is a proxy assert current_user == None t = user.token set_current_user_with_token(t) assert current_user.id == user.id
def verify_session(): """Verify the authorisation in the current session. Raises Unauthorized if the session is not authorised. Sets current_user if the session is authorised. """ t = session.get(AUTH_TOKEN_SESSION_KEY) if t is None: raise Unauthorized('no user token provided') set_current_user_with_token(t) # Update the token in the session to make sure that the user always has a # good long expiry windows session[AUTH_TOKEN_SESSION_KEY] = g.current_user.token
def decorated(*args, **kwargs): auth = request.headers.get('Authorization', None) if auth is None: raise Unauthorized() auth = auth.split() if len(auth) != 2: raise BadRequest('Authorization header is >2 words') if auth[0].lower() != 'bearer': raise BadRequest('Authorization must be bearer token type') set_current_user_with_token(auth[1]) return f(*args, **kwargs)
def signin(): redir_url = request.args.get('target', url_for('ui.index')) # Already signed in? if try_verify_session(): return redirect(redir_url) # Have we been given a token? token = request.args.get('token', None) if token is not None: set_current_user_with_token(token) return redirect(redir_url) # Show sign in return render_template('signin.html')
def current_user(user): """The fake user "user" authenticated as the current user.""" set_current_user_with_token(user.token) return _current_user