Пример #1
0
 def delete(self, item_id):
     """delete item"""
     item = Item.query.get_or_404(item_id)
     if g.current_user != item.author:
         return api_abort(403)
     db.session.delete(item)
     db.session.commit()
     return '', 204
Пример #2
0
 def put(self, item_id):
     """Edit item"""
     item = Item.query.get_or_404(item_id)
     if g.current_user != item.author:
         return api_abort(403)
     item.body = get_item_body()
     db.session.commit()
     return '', 204
Пример #3
0
 def patch(self, item_id):
     """Toggle item"""
     item = Item.query.get_or_404(item_id)
     if g.current_user != item.author:
         return api_abort(403)
     item.done = not item.done
     db.session.commit()
     return '', 204
Пример #4
0
 def post(self):
     username = request.json.get('username')
     password = request.json.get('password')
     user = User.query.filter_by(username=username).first()
     if user is None:
         return api_abort(400, '该用户不存在。')
     elif not user.check_password(password):
         return api_abort(400, '密码错误。')
     token, expiration = generate_token(user)
     response = jsonify({
         'access_token': token,
         'token_type': 'Bearer',
         'expires_in': expiration
     })
     response.headers['Cache-Control'] = 'no-store'
     response.headers['Pragma'] = 'no-cache'
     return response
Пример #5
0
 def decrated(*args, **kwargs):
     token_type, token = get_token()
     if request.method != 'OPTIONS':
         if token_type is None or token_type.lower() != 'bearer':
             return api_abort(400, 'The token type must be bearer.')
         if token is None:
             return token_missing()
         if not validate_token(token):
             return invalid_token()
     return f(*args, **kwargs)
Пример #6
0
 def wrapper(*args, **kwargs):
     token_type, token = get_token()
     if request.method != 'OPTIONS':
         if token is None:
             return token_missing()
         if not validate_token(token):
             return invalid_token()
         if token_type is None or token_type.lower() != 'bearer':
             return api_abort(400, 'token_type必须是bearer')
     return f(*args, **kwargs)
Пример #7
0
    def post(self):
        grant_type = request.form.get('grant_type')
        username = request.form.get('username')
        password = request.form.get('password')
        if grant_type is None or grant_type.lower() != 'password':
            return api_abort(400, message='The grant type must be password.')

        user = User.query.filter_by(username=username).first()
        if user is None or not user.validate_password(password):
            return api_abort(
                400, messages='Either the username or password was invalid.')

        token, expiration = generate_token(user)
        response = jsonify({
            'access_token': token,
            'token_type': 'Bearer',
            'expires_in': expiration
        })
        response.headers['Cache-Control'] = 'no-store'
        response.headers['Pragma'] = 'no-cache'
        return response
Пример #8
0
    def post(self):
        grand_type = request.form.get("grant_type")
        username = request.form.get("username")
        password = request.form.get("password")

        if grand_type is None or grand_type.lower != "password":
            return api_abort(400, "The grant type has to be password.")

        user = User.query.filter_by(username=username).first()
        if user is None or not user.validate_password(password):
            return api_abort(400, "The username and password is invalid")

        token, expiration = generate_token(user)

        response = jsonify({
            "access_token":token,
            "token_type":"Bearer",
            "expire_in": expiration
        })
        response.headers['Cache-Control'] = "no-store"
        response.headers["Pragma"] = "no-cache"
        return response
Пример #9
0
    def decorated(*args, **kwargs):
        token_type, token = get_token()

        # Flask normally handles OPTIONS requests on its own, but in the
        # case it is configured to forward those to the app, we
        # need to ignore authentication headers and let the request through
        # to avoid unwanted interactions with CORS.
        if request.method != "OPTIONS":
            if token_type is None or token_type.lower() != "bearer":
                return api_abort(400, "The token type has to be bearer")
            if token is None:
                return token_missing()
            if not validate_token(token):
                return invalid_token()
        return f(*args, **kwargs)
Пример #10
0
 def get(self, item_id):
     """Get item"""
     item = Item.query.get_or_404(item_id)
     if g.current_user != item.author:
         return api_abort(403)
     return jsonify(item_schema(item))