def authentication_required(f):
""" This login decorator verifies that the correct username
and password are sent over POST in the XML format.
"""
@wraps(f)
def decorated_function(*args, **kwargs):
postdata = request.data.decode('utf-8')
if len(postdata) == 0:
app.logger.error('Authentication: No xml post data in request')
return abort(403)
else:
root = ETdefused.fromstring(postdata)
user_data = root.find("./Authentication/username")
pass_data = root.find("./Authentication/token")
if user_data is None or pass_data is None:
app.logger.error('Authentication: Invalid XML, token not present or empty')
return abort(403)
username = user_data.text
password = pass_data.text
if not authenticate(username, password):
app.logger.error("Authentication failure for user %s", username)
return abort(403)
return f(*args, **kwargs)
return decorated_function
评论列表
文章目录
