def post(self): supplied_token = self.get_body_argument("token") match = TokenValidate.validator.match(supplied_token) if not match: return self.error(((1, "Token format not recognized"),)) sess = Session() token_name = match.group("token_name") token_secret = match.group("token_secret") username = match.group("name") token = UserToken.get_by_value(sess, username, token_name) if token is None: return self.error(((2, "Token specified does not exist"),)) if not token.enabled: return self.error(((3, "Token is disabled"),)) if not token.check_secret(token_secret): return self.error(((4, "Token secret mismatch"),)) return self.success({ "owner": username, "identity": str(token), "act_as_owner": True, "valid": True, })