async def get_user(self):
"""
Return the user model instance associated with the given session.
If no user is retrieved, return an instance of `AnonymousUser`.
"""
user = None
try:
user_id = _get_user_session_key(self)
backend_path = self.session[BACKEND_SESSION_KEY]
except KeyError:
pass
else:
if backend_path in settings.AUTHENTICATION_BACKENDS:
backend = load_backend(backend_path)
user = await backend.get_user(user_id)
# Verify the session
if hasattr(user, 'get_session_auth_hash'):
session_hash = self.session.get(HASH_SESSION_KEY)
session_hash_verified = session_hash and constant_time_compare(
session_hash, user.get_session_auth_hash())
if not session_hash_verified:
self.session.flush()
user = None
return user or AnonymousUser()
async def get_user(self):
"""
Return the user model instance associated with the given session.
If no user is retrieved, return an instance of `AnonymousUser`.
"""
user = None
try:
user_id = _get_user_session_key(self)
except KeyError:
pass
else:
user = await RemoteUser(id=user_id).get()
# Verify the session
if hasattr(user, 'get_session_auth_hash'):
session_hash = self.session.get(HASH_SESSION_KEY)
session_hash_verified = session_hash and constant_time_compare(
session_hash, user.get_session_auth_hash())
if not session_hash_verified:
self.session.flush()
user = None
return user or AnonymousUser()
def __init__(self, user: Optional[RemoteUser] = None):
self.user = user or AnonymousUser()
async def logout(self):
if not isinstance(self.current_user, (AnonymousUser, type(None))):
self.session.flush()
# noinspection PyAttributeOutsideInit
self.current_user = AnonymousUser()