def check_session_soft(): """Determine whether the user is logged in.""" if "username" not in request.cookies: return False if "login_token" not in request.cookies: return False username = request.cookies["username"] login_token = request.cookies["login_token"] return Users.verify_session(username, login_token)
def _check_session(): """Verify that the user is logged in to allow a request.""" if "username" not in request.cookies: abort(400) if "login_token" not in request.cookies: abort(400) username = request.cookies["username"] login_token = request.cookies["login_token"] if not Users.verify_session(username, login_token): logger.warning( f"User likely attempted to forge login token: {username}") abort(403)