def check_session_soft():
"""Determine whether the user is logged in."""
if "username" not in request.cookies:
return False
if "login_token" not in request.cookies:
return False
username = request.cookies["username"]
login_token = request.cookies["login_token"]
return Users.verify_session(username, login_token)
def _check_session():
"""Verify that the user is logged in to allow a request."""
if "username" not in request.cookies:
abort(400)
if "login_token" not in request.cookies:
abort(400)
username = request.cookies["username"]
login_token = request.cookies["login_token"]
if not Users.verify_session(username, login_token):
logger.warning(
f"User likely attempted to forge login token: {username}")
abort(403)