def retrieve(self): credentials = credentials_parser.parse_args() # @UndefinedVariable user = User.get(credentials['username']) if not user: return {"detail": "Not found"}, 404 if not user.check_password(credentials['password']): return {"detail": "Forbidden"}, 403 token = Token(user) token.save() return marshal(token, token_fields)
def get_user_from_request(request): header_value = request.headers.get(HTTP_AUTH_HEADER, None) if header_value is None: return None chunks = header_value.split(" ") if len(chunks) != 2: return None key = chunks[1] token = Token.get(key) if not token: return None return token.user
def destroy(self, key): token = Token.get(key) if not token: return {"detail": "Not found"}, 404 if token.user != g.user: return {"detail": "Forbidden"}, 403 token.delete() return {}, 202