def test_session_token(self): user = User(email="*****@*****.**") user.put() token = user.get_session_token() self.assertIsNotNone(token) valid, data = User.verify_session_token(token) self.assertTrue(valid) self.assertEqual(user.key.id(), data['user_id']) token = user.get_session_token(expiration=-1) self.assertIsNotNone(token) valid, data = User.verify_session_token(token) self.assertFalse(valid)
def current_user(): args = token_parser.parse_args() token = args['X-Session-Token'] valid, data = User.verify_session_token(token) g.user = None if valid: if not data.get('password_reset'): g.user = User.get_by_id(data.get('user_id'))
def post(self): args = password_confirm_post.parse_args() token = args['reset_token'] password = args['password'] valid, data = user_model.verify_session_token(token) if not valid or not data.get('password_reset'): api.abort(400, 'Reset token is invalid') user = user_model.get_by_id(data.get('user_id')) user.set_password(password) user.put() return '', 200