Fix load token bug
This commit is contained in:
Matthew Scragg
parent
2856dc076f
commit
0b213883ed
|
|
@ -15,24 +15,24 @@ def load_user(user_id):
|
||||||
@login_manager.token_loader
|
@login_manager.token_loader
|
||||||
def load_token(token):
|
def load_token(token):
|
||||||
# Load unsafe because payload is needed for sig
|
# Load unsafe because payload is needed for sig
|
||||||
sig_okay, payload = URLSafeSerializer(None).loads_unsafe(token)
|
sig_okay, payload = URLSafeSerializer(config.SECRET_KEY).loads_unsafe(token)
|
||||||
|
|
||||||
if not payload:
|
if not payload:
|
||||||
return False
|
return None
|
||||||
|
|
||||||
# User key *could* be stored in payload to avoid user lookup in db
|
# User key *could* be stored in payload to avoid user lookup in db
|
||||||
user = User.get_by_id(payload.get('id'))
|
user = User.get_by_id(payload.get('id'))
|
||||||
|
|
||||||
if not user:
|
if not user:
|
||||||
return False
|
return None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if User.signer(sha256(user.password).hexdigest()).loads(token):
|
if User.signer(sha256(user.password).hexdigest()).loads(token):
|
||||||
return user
|
return user
|
||||||
else:
|
else:
|
||||||
return False
|
return None
|
||||||
except BadSignature:
|
except BadSignature:
|
||||||
return False
|
return None
|
||||||
|
|
||||||
|
|
||||||
class AnonUser(AnonymousUserMixin):
|
class AnonUser(AnonymousUserMixin):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue