def check_authorization(*args, **kwargs): # If the function is not a direct api_repsonse, it means it credentials have already been checked #So we return the function itself if(kwargs.get('api_response', True)): updated_token = None try: updated_token = process_token(json.loads(request.form['token'])) project_access(kwargs.get('project_id'),updated_token) #project_id past in contructor except InvalidCredential as invalid: return response.error(invalid.args[0]) except AccessDenied as denied: error = response.error(denied.args[0]) mesg = response.add_token(updated_token, error) return mesg return response.add_token(updated_token, function(*args, **kwargs)) else: return function(*args, **kwargs)
def login(): '''Called when a user is loging in (shocker) Checks the provided email and password with the values stored in the database''' credentials_form = json.loads(request.form['payload']) credentials_form = sanitize.form_keys(credentials_form) provided_credentials = Credentials.map_from_form(credentials_form) stored_credentials = user_select.login_credentials(provided_credentials) try: validate.login(stored_credentials, provided_credentials) except InvalidCredential as invalid: return response.error(invalid.args[0]) token = Token() token.user_id = stored_credentials.id token.update() user_update.token(token) return response.add_token(token = token)