def decorated(*args, **kwargs):
token_type, token = get_token()
if request.method != "OPTIONS":
if token_type is None or token_type.low() != "bearer":
return api_abort(400, "type error")
if token is None:
return token_missing()
if not validate_token(token):
return invalid_token()
return f(*args, **kwargs)
def post(self):
grant_type = request.form.get('grant_type')
username = request.form.get('username')
password = request.form.get('password')
if grant_type is None or grant_type.lower() != 'password':
return api_abort(code=400, message='The grant type must be password.')
user = Account.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(code=400, message='Either the username or password was invalid.')
token, expiration = generate_token(user)
response = jsonify({
'access_token': token,
'token_type': 'Bearer',
'expires_in': expiration
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def get(self, account_id):
user = Account.query.get_or_404(account_id)
if g.current_user != user.author:
return api_abort(403)
return jsonify(item_schema(item))
def get(self,order_id):
user = Order.query.get_or_404(order_id)
if g.current_user != order.user_id:
return api_abort(403)
return jsonify(order_schema(order))
def get(self, code,start_date,end_date,frequency,adjustflag):
"""Get item."""
user = Item.query.get_or_404(item_id)
if g.current_user != item.author:
return api_abort(403)
return jsonify(item_schema(item))