谷歌AppEngine上：自定义验证 [英] Google AppEngine: custom authentication

问题描述

我可以使用谷歌账户在AppEngine上验证我的用户的方法就是美好的。

The way I can authenticate my users in AppEngine using Google Accounts is simply wonderful.

不过，我需要用我的自定义认证登录系统

我将有一个AppUsers表，用用户名和加密的密码。

I will have a AppUsers table, with usernames and encrypted passwords.

我读一些有关GAE会话，但我需要启动我的应用程序安全性的帮助。

I read something about sessions on gae, but I need help on starting up my app security.

我如何跟踪我的身份验证的用户会话？设置一个cookie？

How can I track my authenticated user session? Setting a cookie?

一个初学者。

推荐答案

您可以使用的cookie这样做...这是真的不是那么难。您可以使用cookie来跟踪用户的身份验证，并存储在数据存储GAE会话密钥。

You can use cookie to do so... It is really not so hard. You can use cookie to track user's authenticated and store the session key in gae datastore.

有一个例子（它只是显示基本的想法，我不保证code，可以直接使用）

There is an example (It just show the basic idea, I don't guarantee the code can be used directly)

基本的用户表：

# simply add an property to store the session key
class User(db.Model):    
    username = db.StringProperty()
    password = db.StringProperty()
    session = db.StringProperty()

登录功能

# Do the following step:
# 1. make sure user provide correct username and password
# 2. generate a random session key 
# 3. store the session key to datastore
# 4. set the session key and user name in cookie
class LoginAPI( Webapp.RequestHandler ):   
    def get(self):
        username = self.getVar( 'username', username )
        password = self.getVar( 'password', password )

        user = User.all().filter("username = ", username).get()
        password = encrypted_the_password(password) # encrypted your password with your own method!

        if user.password == password:
             # User login successfually
             session = generate_random_session_key() # generate your session key here
             user.session = session
             user.put()

             expires_time = decide_your_expires_time() # decide how long the login session is alive.
             cookie_time_format = "%a, %d-%b-%Y %H:%M:%S GMT"
             expires_datetime = datetime.datetime.fromtimestamp(expires_time)

             # set cookie as session
             self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( user.username,expires_datetime.strftime( cookie_time_format ) ) )
             self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( user.session, expires_datetime.strftime( cookie_time_format ) ) )
        else:
             #User login failed
             pass

登出功能

# Remove the previous cookie info 
class LoginAPI( Webapp.RequestHandler ):
        def get(self):
            # remove the cookie
            self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( "",expires_datetime.strftime( cookie_time_format ) ) )
            self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( "", expires_datetime.strftime( cookie_time_format ) ) )

当您需要用户登录

# Get the session info from cookie. If the session info match the info stored in datastore
# Then user authenticate successfully.
class SomePage(Webapp.RequestHandler):
    def get(self):
        # get cookie info
        username_from_cookie = self.request.cookies.get("user", "")
        session_from_cookie = self.request.cookies.get("session", "")

        if username_from_cookie and session_from_cookie:
            user = User.all().filter("username = ", username_from_cookie).get()
            if user.session == session_from_cookie:
                # the user is login correctly
                pass
            else:
                # the user is not login
                pass
        else:
            # the user is not login
            pass

这篇关于谷歌AppEngine上：自定义验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！