def load_token(token):
"""
Flask-Login token_loader callback.
The token_loader function asks this function to take the token that was
stored on the users computer process it to check if its valid and then
return a User Object if its valid or None if its not valid.
:param token: Token generated by :meth:`app.models.User.get_auth_token`
"""
# The Token itself was generated by User.get_auth_token. So it is up to
# us to known the format of the token data itself.
# The Token was encrypted using itsdangerous.URLSafeTimedSerializer which
# allows us to have a max_age on the token itself. When the cookie is
# stored
# on the users computer it also has a exipry date, but could be changed by
# the user, so this feature allows us to enforce the exipry date of the
# token
# server side and not rely on the users cookie to exipre.
max_age = current_app.config['REMEMBER_COOKIE_DURATION'].total_seconds()
# Decrypt the Security Token, data = [username, hashpass, id]
s = URLSafeTimedSerializer(
current_app.config['SECRET_KEY'],
salt='user-auth',
signer_kwargs=dict(key_derivation='hmac',
digest_method=hashlib.sha256))
try:
data = s.loads(token, max_age=max_age)
except (BadTimeSignature, SignatureExpired):
return None
# Find the User
user = User.query.get(data[2])
# 2FA check
totp_endpoint = request.endpoint == 'auth.verify_totp'
if user and user.otp_enabled and not totp_endpoint and len(data) < 4:
return None
# Check Password and return user or None
if user and data[1] == user._password:
return user
return None
评论列表
文章目录
