def post(self):
# print('----', 'nnnn')
grant_type = request.form.get('grant_type') # 从request请求表单中获取认证类型
username = request.form.get('username') # 从请求表单中获取用户名
password = request.form.get('password') # 从请求表单中获取密码
# 验证认证类型
if grant_type is None or grant_type.lower() != 'password':
# print('----', 'cccc')
# print(grant_type)
# 调用api_abort()错误处理函数,传入code(状态码)和message(提示消息)参数,作为返回的错误状态码和错误消息提示
return api_abort(code=400,
message='The grant type must be password.')
# 验证用户名及密码,
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(
code=400,
message='Either the username or password was invalid.')
token, expiration = generate_token(
user
) # 调用generate_token()函数生成令牌,返回令牌及令牌有效时间别贝存储到token,expiration变量中
response = jsonify({
'access_token': token, # 访问令牌
'token_type': 'Bearer', # 令牌类型:不记名令牌
'expires_in': expiration # 有效时间
})
# 由于返回的响应中包含令牌等敏感信息,所以将响应首部Cache-Control字段的值设为no-store
# 将Pramaga字段的值设为no_cache
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def post(self):
print(request.form)
grant_type = request.form.get('grant_type')
username = request.form.get('username')
password = request.form.get('password')
if grant_type is None or grant_type.lower() != 'password':
return api_abort(code=400,
message='The grant type must be password.')
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(
code=400,
message='Either the username or password was invalid.')
token, expiration = generate_token(user)
response = jsonify({
'access_token': token,
'token_type': 'Bearer',
'expires_in': expiration #过期时间
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def post(self):
"""
Bearer授权接口
---
parameters:
- name: username
in: form
required: true
- name: password
in: form
required: true
responses:
200:
description: 返回授权token
"""
# grant_type = request.form.get('grant_type')
grant_type = 'password'
username = request.form.get('username')
password = request.form.get('password')
if grant_type is None or grant_type.lower() != 'password':
return api_abort(code=400,
message='The grant type must be password.')
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(
code=400,
message='Either the username or password was invalid.')
token, expiration = generate_token(user)
response = jsonify({
'access_token': generate_token(user),
'token_type': 'Bearer',
'expires_in': expiration
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
def post(self):
"""必须实现下面三个值,还有一个是scope,代表允许的权限范围,由api提供方自己定义。"""
grant_type = request.form.get('grant_type')
username = request.form.get('username')
password = request.form.get('password')
if grant_type is None or grant_type.lower() != 'password':
return api_abort(code=400, message='授权类型必须是密码。')
user = User.query.filter_by(username=username).first()
if user is None or not user.validate_password(password):
return api_abort(code=400, message='无效的账户密码')
token, expiration = generate_token(user)
response = jsonify({
'access_token': token, # access_token 令牌
'token_type': 'Bearer', # 认证类型
'expires_in': expiration # 过期时间
})
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
