python - 金字塔安全认证请求
问题描述
我正在使用金字塔身份验证,这是我下面的代码来记住请求并查看是否对同一用户进行了身份验证。
from pyramid.view import forbidden_view_config
from pyramid.response import Response
from pyramid.httpexceptions import HTTPFound, HTTPSeeOther
from pyramid.security import NO_PERMISSION_REQUIRED, Everyone, remember, authenticated_userid, unauthenticated_userid
from .oauth import OAuth
from .utils import redirect_path
from pyramid.view import (
view_config,
)
import requests
import logging
import json
log = logging.getLogger(__name__)
@view_config(route_name='login')
def login(request):
print('login **** start')
sm_user = request.headers.get('sm_user')
userid = request.cookies.get('userid')
print('sm_user - {0}'.format(sm_user))
print('userid - {0}'.format(userid))
if not sm_user and not userid:
return HTTPFound(request.route_url('callback'))
login_url = request.route_url('login')
redirect_to = redirect_path(request)
response = Response(json.dumps({'note': 'testing'}))
return response
@view_config(route_name='callback')
def callback(request):
log.debug('********* callback **********')
print_requests(request)
code = request.params.get('code')
# userid, name = OAuth(code).get_user_info()
userid ='lak'
name = 'test'
headers = remember(request, userid)
login_url = request.route_url('login')
print('login_url - ', login_url)
response = HTTPSeeOther(location=login_url, headers=headers)
response.set_cookie('name', name)
response.set_cookie('userid', userid)
return response
# @view_config(route_name='resource_1', permission='edit')
@view_config(route_name='resource_1')
def resource_1(request):
print('u - ',unauthenticated_userid(request))
print('a -', authenticated_userid(request))
r = {'test': 'resource_1'}
return Response(json.dumps(r))
@forbidden_view_config()
def resource_2(request):
return Response('You are not allowed', status='403 Forbidden')
@view_config(route_name='mashup')
def mashup(request):
print('mashup')
r = {'Note': 'Undergoing test'}
return Response(json.dumps(r))
def print_requests(request):
pass
主文件
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from .security import groupfinder
def main(global_config, **settings):
config = Configurator(settings=settings,
root_factory='.resources.Root')
config.include('pyramid_chameleon')
# Security policies
authn_policy = AuthTktAuthenticationPolicy(
settings['tutorial.secret'], callback=groupfinder,
hashalg='sha512')
authz_policy = ACLAuthorizationPolicy()
config.set_authentication_policy(authn_policy)
config.set_authorization_policy(authz_policy)
config.add_route('login', '/')
config.add_route('callback', '/login/oauth2/code')
config.add_route('resource_1', '/resource_1')
config.add_route('resource_2', '/resource_2')
config.add_route('mashup', '/mashup.html')
config.scan('.views')
return config.make_wsgi_app()
安全.py
import bcrypt
def hash_password(pw):
pwhash = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt())
return pwhash.decode('utf8')
def check_password(pw, hashed_pw):
expected_hash = hashed_pw.encode('utf8')
return bcrypt.checkpw(pw.encode('utf8'), expected_hash)
USERS = {'editor': hash_password('editor'),
'viewer': hash_password('viewer')}
GROUPS = {'editor': ['group:editors'],
'lak': ['group:editors']}
def groupfinder(userid, request):
print('******** groupfinder ****', userid)
print('group - ', GROUPS.get(userid, []))
if userid in USERS:
return GROUPS.get(userid, [])
资源.py
from pyramid.security import Allow, Everyone
class Root(object):
__acl__ = [(Allow, Everyone, 'view'),
(Allow, 'group:editors', 'edit')]
def __init__(self, request):
pass
Github 网址:-
解决方案
默认情况下,authenticated_userid
不会在您调用的同一请求中更改remember
。它只是在响应对象上设置一个cookie,客户端将在指示身份验证状态的NEXT请求中返回该cookie。在当前请求中,如果您希望authenticated_userid
更改其值,那么您将必须实现自己的remember
或其他机制来管理它 - Pyramid 默认情况下不会在其任何身份验证策略中执行此操作。身份验证策略 API 很简单,如果您觉得需要更改其工作方式,您可以继承/覆盖它。
推荐阅读
- python - BeautifulSoup 抓取数据 - 指定行?子分类?
- javascript - 这叫什么出口形式?导出默认名称({...})(类)
- python - 在 Jinja2 模板中更改 CSS
- kotlin - 获取按给定离散概率分布的布尔值
- php - 如何在后端的php中将大文件上传到onedrive
- python - 手动删除文件后连续保存文件到目录
- youtube - YouTube 数据 API 的问题:有时会崩溃并且无法正常工作
- api - 如何在使用 POSTMAN 发送另一个请求之前触发请求
- symfony - Symfony 和 Doctrine 在不同项目上的交流
- python - Ansible 和 python 实现