def get(self): self.response.headers['Content-Type'] = 'application/json' auth = self.request.params.get('auth') or self.session.get('auth') if auth: auth_token = AuthToken.query(AuthToken.token == auth).get() auth_token.key.delete() if self.session.get('auth'): self.session['auth'] = None logging.info('removed auth token %s ' % auth) result = {'message': 'logout success'} self.response.out.write(json.dumps(result))
def inner(*args, **kwargs): handler = args[0] account_id = kwargs.get('account_id') auth = handler.request.params.get('auth') or handler.session.get('auth') if auth: account = Account.get_by_id(int(account_id)) auth_token = AuthToken.query(AuthToken.token == auth, ancestor=account.key).get() if auth_token and auth_token.account.id() == int(account_id): ret = func(*args, **kwargs) return ret handler.response.headers['Content-Type'] = 'application/json' handler.response.set_status(401, 'Not Authenticated') handler.response.out.write(json.dumps({'error': 'Not Authenticated'}))
def post(self): self.response.headers['Content-Type'] = 'application/json' login_data = json.loads(self.request.body) username = login_data.get('username') password = login_data.get('password') account = Account.query(Account.username == username, Account.password == password).get() if account: self.session['auth'] = uuid.uuid1().hex token = AuthToken.query(AuthToken.account == account.key, ancestor=account.key).get() if token: token.token = self.session['auth'] else: token = AuthToken(account=account.key, token=self.session['auth'], parent=account.key) token.put() result = {'auth': token.token, 'account_id': account.key.id(), 'username': account.username} self.response.out.write(json.dumps(result)) else: result = {'error': 'Invalid credentials', 'message': 'Invalid credentials'} self.response.set_status(401, json.dumps(result)) self.response.out.write(json.dumps(result))