def post(self): # print('----', 'nnnn') grant_type = request.form.get('grant_type') # 从request请求表单中获取认证类型 username = request.form.get('username') # 从请求表单中获取用户名 password = request.form.get('password') # 从请求表单中获取密码 # 验证认证类型 if grant_type is None or grant_type.lower() != 'password': # print('----', 'cccc') # print(grant_type) # 调用api_abort()错误处理函数,传入code(状态码)和message(提示消息)参数,作为返回的错误状态码和错误消息提示 return api_abort(code=400, message='The grant type must be password.') # 验证用户名及密码, user = User.query.filter_by(username=username).first() if user is None or not user.validate_password(password): return api_abort( code=400, message='Either the username or password was invalid.') token, expiration = generate_token( user ) # 调用generate_token()函数生成令牌,返回令牌及令牌有效时间别贝存储到token,expiration变量中 response = jsonify({ 'access_token': token, # 访问令牌 'token_type': 'Bearer', # 令牌类型:不记名令牌 'expires_in': expiration # 有效时间 }) # 由于返回的响应中包含令牌等敏感信息,所以将响应首部Cache-Control字段的值设为no-store # 将Pramaga字段的值设为no_cache response.headers['Cache-Control'] = 'no-store' response.headers['Pragma'] = 'no-cache' return response
def post(self): print(request.form) grant_type = request.form.get('grant_type') username = request.form.get('username') password = request.form.get('password') if grant_type is None or grant_type.lower() != 'password': return api_abort(code=400, message='The grant type must be password.') user = User.query.filter_by(username=username).first() if user is None or not user.validate_password(password): return api_abort( code=400, message='Either the username or password was invalid.') token, expiration = generate_token(user) response = jsonify({ 'access_token': token, 'token_type': 'Bearer', 'expires_in': expiration #过期时间 }) response.headers['Cache-Control'] = 'no-store' response.headers['Pragma'] = 'no-cache' return response
def post(self): """ Bearer授权接口 --- parameters: - name: username in: form required: true - name: password in: form required: true responses: 200: description: 返回授权token """ # grant_type = request.form.get('grant_type') grant_type = 'password' username = request.form.get('username') password = request.form.get('password') if grant_type is None or grant_type.lower() != 'password': return api_abort(code=400, message='The grant type must be password.') user = User.query.filter_by(username=username).first() if user is None or not user.validate_password(password): return api_abort( code=400, message='Either the username or password was invalid.') token, expiration = generate_token(user) response = jsonify({ 'access_token': generate_token(user), 'token_type': 'Bearer', 'expires_in': expiration }) response.headers['Cache-Control'] = 'no-store' response.headers['Pragma'] = 'no-cache' return response
def post(self): """必须实现下面三个值,还有一个是scope,代表允许的权限范围,由api提供方自己定义。""" grant_type = request.form.get('grant_type') username = request.form.get('username') password = request.form.get('password') if grant_type is None or grant_type.lower() != 'password': return api_abort(code=400, message='授权类型必须是密码。') user = User.query.filter_by(username=username).first() if user is None or not user.validate_password(password): return api_abort(code=400, message='无效的账户密码') token, expiration = generate_token(user) response = jsonify({ 'access_token': token, # access_token 令牌 'token_type': 'Bearer', # 认证类型 'expires_in': expiration # 过期时间 }) response.headers['Cache-Control'] = 'no-store' response.headers['Pragma'] = 'no-cache' return response