fix: Handle edge cases for verify_session decorator

KShivendu · KShivendu · commit c844d0ef945c · 2023-06-13T13:22:19.000+05:30
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+### Changes
+
+- Throw error when `verify_sesion` is used with a view that allows `OPTIONS` or `TRACE` requests
+- Allow `verify_session` decorator to be with `@app.before_request` in Flask without returning a response
+
 
 ## [0.14.3] - 2023-06-7
 
diff --git a/supertokens_python/recipe/session/api/implementation.py b/supertokens_python/recipe/session/api/implementation.py
@@ -73,6 +73,8 @@ async def verify_session(
     ) -> Union[SessionContainer, None]:
         method = normalise_http_method(api_options.request.method())
         if method in ("options", "trace"):
+            if session_required:
+                raise Exception(f"verify_session cannot be used with {method} method")
             return None
         incoming_path = NormalisedURLPath(api_options.request.get_path())
         refresh_token_path = api_options.config.refresh_token_path
diff --git a/supertokens_python/recipe/session/framework/flask/__init__.py b/supertokens_python/recipe/session/framework/flask/__init__.py
@@ -61,8 +61,9 @@ def wrapped_function(*args: Any, **kwargs: Any):
                 baseRequest.set_session_as_none()
             else:
                 baseRequest.set_session(session)
-            response = make_response(f(*args, **kwargs))
-            return response
+
+            response = f(*args, **kwargs)
+            return make_response(response) if response is not None else None
 
         return cast(_T, wrapped_function)
 
