def wrapper(*args, **kwargs):
data = request_data()
token = data[0].get('token')
u = current_user()
t = Token.find_by(token=token)
if t is not None and t.username == u.username:
# csrf_tokens.pop(token)
return f(*args, **kwargs)
else:
abort(401)
def test_2():
form = {
"code": random_string(20),
"access_token": random_string(40),
}
user_id = 0
oauth_id = 1
Token.add(form, user_id, oauth_id)
code = form['code']
t = Token.find_by(code=code)
assert t.code == form['code']
assert t.access_token == form['access_token']
def f():
log('oauth_required')
authorization = request.headers.get('Authorization')
access_token = authorization[6:]
token = Token.find_by(access_token=access_token)
user_id = token.user_id
user = User.find_by(id=user_id)
if user == None:
log('未授权')
return redirect(url_for('user.login_view'))
else:
log('已授权用户', route_function)
return route_function(user)
def get_token(uid):
token = Token.find_by(user_id=uid)
if token is None:
token = Token.new({}, user_id=uid)
token = flash_token(token)
return token
