def invalidate_token(self, token_value): auth_query = BoruvkaAuthQuery(self._dao) token = auth_query.get_token( value=token_value, ) token.expirationDate = 0 self._dao.update(token)
def verify_token(self, token_value): auth_query = BoruvkaAuthQuery(self._dao) token = auth_query.get_token( value=token_value, ) if token: token_date = datetime.utcfromtimestamp(token.expirationDate) if token_date > datetime.now(): # Possibly return authorized user id/name return True return False
def login(self, payload): username = payload['username'] password = payload['password'] hashed_password = self.hash_password( username, password, ) user_query = BoruvkaUserQuery(self._dao) user = user_query.get_user( username=username, password=hashed_password, ) if not user: return None, None auth_query = BoruvkaAuthQuery(self._dao) if user.tokenId: token = auth_query.get_token( id=user.tokenId, ) token_date = datetime.utcfromtimestamp(token.expirationDate) if token_date > datetime.now(): return user.id, token.value # generate token token_value, token_date = self.__generate_token() token = auth_query.create_token( value=token_value, date=token_date, ) user.tokenId = token.id self._dao.update(user) # api call returns token, whilst webapp sets cookie return user.id, token.value