def user(self): user = None if 'user_key' in self.session: str_key = self.session['user_key'] user = model.getByKey(str_key) if not user: del self.session['user_key'] return user
def user(self): user = None if 'auth_key' in self.session: str_key = self.session['auth_key'] auth = model.getByKey(str_key) if auth: user = auth.user else: del self.session['auth_key'] return user
def before(self): is_valid = False self.key = self.request.get("key") self.token = self.request.get("token") if self.key and self.token: self.user = model.getByKey(self.key) if self.user and self.user.token and self.token == self.user.token: # token is valid for one hour if (datetime.utcnow() - self.user.token_date).total_seconds() < 3600: is_valid = True if not is_valid: self.flash("error", "That reset password link has expired.") self.redirect("/forgotpassword")