From d3cfddfcac2986374c4eb6e5f961c47b22c0974b Mon Sep 17 00:00:00 2001 From: Eric Butler Date: Tue, 23 Jul 2013 15:37:28 -0700 Subject: [PATCH] Use token_callback for checking tokens. Fixes error if user is not found. --- flask_security/decorators.py | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/flask_security/decorators.py b/flask_security/decorators.py index 79b4bae..5eb06e5 100644 --- a/flask_security/decorators.py +++ b/flask_security/decorators.py @@ -53,21 +53,17 @@ def _check_token(): token = request.args.get(args_key, header_token) if request.json: token = request.json.get(args_key, token) - serializer = _security.remember_token_serializer - try: - data = serializer.loads(token) - except: - return False + user = _security.login_manager.token_callback(token) - user = _security.datastore.find_user(id=data[0]) - - if utils.md5(user.password) == data[1]: + if user and user.is_authenticated(): app = current_app._get_current_object() _request_ctx_stack.top.user = user identity_changed.send(app, identity=Identity(user.id)) return True + return False + def _check_http_auth(): auth = request.authorization or BasicAuth(username=None, password=None)