def post(self): email = request.json['email'] hashed_pass = hash_password(request.json['password']) user = User.by_email_and_password(email, hashed_pass) if not user: return unauthorized('User not found.') return ok(Token(user.key.id()).json())
def wrapper(*args, **kwargs): if 'Authorization' not in request.headers: kwargs['current_user'] = None return func(*args, **kwargs) authorization = request.headers['Authorization'] token = authorization.replace('Bearer ', '') try: user_id = TOKEN_UTIL.verify(token) except SignatureExpired: return unauthorized('Token expired.') except BadSignature: return unauthorized('Invalid token.') user = User.get(int(user_id)) if not user: return unauthorized('User not found.') kwargs['current_user'] = user return func(*args, **kwargs)