def wrapper(*args, **kwargs): data = request_data() token = data[0].get('token') u = current_user() t = Token.find_by(token=token) if t is not None and t.username == u.username: # csrf_tokens.pop(token) return f(*args, **kwargs) else: abort(401)
def test_2(): form = { "code": random_string(20), "access_token": random_string(40), } user_id = 0 oauth_id = 1 Token.add(form, user_id, oauth_id) code = form['code'] t = Token.find_by(code=code) assert t.code == form['code'] assert t.access_token == form['access_token']
def f(): log('oauth_required') authorization = request.headers.get('Authorization') access_token = authorization[6:] token = Token.find_by(access_token=access_token) user_id = token.user_id user = User.find_by(id=user_id) if user == None: log('未授权') return redirect(url_for('user.login_view')) else: log('已授权用户', route_function) return route_function(user)
def get_token(uid): token = Token.find_by(user_id=uid) if token is None: token = Token.new({}, user_id=uid) token = flash_token(token) return token