def verify_user(self, require_admin=True, require_credentials=True):
auth = request.authorization
if not auth:
return False
username = auth.username
password = auth.password
user = self._mongo.db['users'].find_one({'username': username})
if not user:
return False
result = False
ip = get_ip()
if not require_credentials:
result = self._verify_user_by_token(user, password, ip)
if not result and self._is_blocked_temporarily(username):
return False
if not result:
result = _verify_user_by_credentials(user, password)
if not result:
self._add_block_entry(username)
return False
if not require_admin or user['is_admin']:
return True
return False
评论列表
文章目录
