| 244 | ) -> Callable[Concatenate[AuthRequestHandler, P], R | None]: |
| 245 | @functools.wraps(fn) |
| 246 | def wrapper( |
| 247 | self: AuthRequestHandler, *args: P.args, **kwargs: P.kwargs |
| 248 | ) -> R | None: |
| 249 | if not self.current_user: |
| 250 | password = "" |
| 251 | if auth_header := self.request.headers.get("Authorization"): |
| 252 | auth_scheme, _, auth_params = auth_header.partition(" ") |
| 253 | if auth_scheme == "Bearer": |
| 254 | password = auth_params |
| 255 | |
| 256 | if not password: |
| 257 | password = self.get_argument("token", default="") |
| 258 | |
| 259 | if not self.settings["is_valid_password"](password): |
| 260 | self.set_status(403) |
| 261 | self.auth_fail(bool(password)) |
| 262 | return None |
| 263 | self.set_signed_cookie( |
| 264 | self.settings["auth_cookie_name"](), |
| 265 | self.AUTH_COOKIE_VALUE, |
| 266 | expires_days=400, |
| 267 | httponly=True, |
| 268 | samesite="Strict", |
| 269 | ) |
| 270 | return fn(self, *args, **kwargs) |
| 271 | |
| 272 | return wrapper |
| 273 | |