- if user_required and getattr(request, 'user', None) is None:
- raise Unauthorized('Access denied')
+
+ if user_required:
+ token = None
+ if request.method in ('HEAD', 'GET') and COOKIE_NAME in request.COOKIES:
+ cookie_value = unquote(request.COOKIES.get(COOKIE_NAME, ''))
+ if cookie_value and '|' in cookie_value:
+ token = cookie_value.split('|', 1)[1]
+ get_user(request, IDENTITY_BASEURL, AUTHENTICATION_USERS, token)
+ if getattr(request, 'user', None) is None:
+ raise Unauthorized('Access denied')