Fix #353, if user use an old access token, then the user will be None…

…, so we have to return False if user is None
pallets-eco · Jan 7, 2015 · 6f6699b · 6f6699b
1 parent c7d0ea9
commit 6f6699b
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/flask_security/decorators.py b/flask_security/decorators.py
@@ -55,6 +55,8 @@ def _check_token():
         token = request.json.get(args_key, token)
 
     user = _security.login_manager.token_callback(token)
+    if user == None:
+        return False
 
     if user and user.is_authenticated():
         app = current_app._get_current_object()