GAE通过app.yaml,python装饰器或users.get_current_user强制登录? [英] GAE enforcing sign in by app.yaml, python decorators or users.get_current_user?
问题描述
我在我的app.yaml配置文件中为GAE应用程序使用'login'选项。看起来像这样:
- url:/admin/.*
脚本:myapp.app
登录:admin
$ b - url:/.*
script:myapp.app
login:required
更新(通过建议 bossylobster ):我希望用户始终登录(未签名的用户无法执行任何操作),并且我需要知道用户是谁。实际上,我需要OAuth2凭据与Google API进行通信(例如,我需要使用Google个人档案API获取某些用户的信息,并使用Google Calendar API在用户的日历中写入)。最后,我需要一个管理员用户来执行一些操作(例如使用Google Provisioning API创建新域用户)。
我使用的是google-api-client库,玩oauth2装饰者。然后,在我的RequestHandlers中,我有这个:
$ p $ class MainHandler(webapp.RequestHandler):
@ decorator.oauth_aware
def get(self):$ b $如果decorator.has_credentials():
#做某事
else:
url =装饰者。 authorize_url()
self.response.out.write(template.render('templates / index.html',
{'authorize_url':url}))
最后,我读了另一种方法:
user = users.get_current_user()
如果用户:
#做某事
else:
greeting =(< a href = \%s \ >登录或注册< / a> ;.%
users.create_login_url(/))
self.response.out.write(< html>< >%s< / body>< / html>%greeting)
方法来处理用户的身份验证以适应我的需求(请参阅UPDATE)?
非常感谢advanc e
我认为您可能会混淆OAuth 2.0装饰器与其他两种方法的区别。 b
$ b
OAuth 2.0装饰器并非特定于您的应用,如果您想为用户获取OAuth 2.0凭据,然后使用它们与Google API进行通信,则可以使用它。
另外两个是从App Engine设置的会话cookie获取用户信息的简单方法。
如果你确实需要一个装饰器,您可以使用 login_required ,记录在这里:
https://developers.google.com/appengine/docs/python/tools/webapp/utilmodule
在 app.yaml 中指定,检查 users.get_current_user 是无或在指定的处理程序上使用 @login_required 。
您希望使用这三个不同时间的粗略近似如下所示:
1)如果您希望用户被记录in,但不需要知道具体用户,在 app.yaml 中使用 login:required 2)如果想知道用户,但如果用户没有登录,也可以使用后备,使用 users.get_current_user None 。
3)If你想知道用户并且总是有一个登录,使用 @login_required 。
更新:
(基于对需求的进一步解释)由于您始终希望将用户登录并始终需要OAuth 2.0凭据,因此应始终使用 因此,您需要使用 使用 我最近为支持 实现允许两个令牌/凭证对象 I'm using 'login' option in my app.yaml configuration file for a GAE application. Looks like this: UPDATE (by suggestion of bossylobster): I want a user always signed in (unsigned users can't do anything), and I need to know who the user is. Actually, I need OAuth2 credentials to communicate with Google APIs (for example, I need to fetch some user's info with Google Profiles API, and write in the user's calendar with Google Calendar API). Finally, I need an admin user to perform some operations (like create new domain's users, with Google Provisioning API) I'm using google-api-client library, and playing around with oauth2 decorators. Then, in my RequestHandlers, I have this: Finally, I've read about another method: What is the best method to handle the user's authentication to fit my needs (see UPDATE)? Many thanks in advance I think you may be confusing what the OAuth 2.0 decorator does vs. the other two approaches. The OAuth 2.0 decorator is not specific to your app, you would use it if you want to get OAuth 2.0 credentials for your users and then use those to communicate with Google APIs. The other two are simply ways to get the user information from a session cookie that is set by App Engine. If you really want a decorator, you would use There is no one best approach between specifying in A rough approximation of the three distinct times you'd want to use these are the following: 1) If you want users to be logged in, but don't need to know the specific user, use 2) If want to know the user, but also have a fallback if the user is not logged in, use 3) If you want to know the user and always have one logged in, use (Based on a further explanation of needs.) Since you always want to log your users in and always want OAuth 2.0 credentials for them, you should always use As for using the APIs, only the Google Calendar API can be used with the As a result, you'll need to use the When using I recently added support for this to The implementation allows the two token/credentials objects 这篇关于GAE通过app.yaml,python装饰器或users.get_current_user强制登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!至于使用API,只有 -apps / calendar /rel =nofollow> Google Calendar API 可以与 google-api-python-client 库一起使用。 Google Apps Provisioning API 是 Google数据API ,而Calendar API是基于发现的API 。
gdata-python-client 图书馆使用配置API。您需要手动转换 oauth2client.client.OAuth2Credentials 对象转换为 gdata.gauth.OAuth2Token 对象对任何一个使用相同的标记。
OAuth2Decorator 时,您将可以访问 oauth2client.client.OAuth2Credentials via decorator.credentials()。
第二次更新:
gdata-python-client 。
from gdata.gauth import OAuth2TokenFromCredentials
AU th_token = OAuth2TokenFromCredentials(decorator.credentials())
auth_token.authorize(client)
decorator.credentials()和 auth_token 保持同步,而不管哪个对象你改变价值。- url: /admin/.*
script: myapp.app
login: admin
- url: /.*
script: myapp.app
login: required
class MainHandler(webapp.RequestHandler):
@decorator.oauth_aware
def get(self):
if decorator.has_credentials():
# do something
else:
url = decorator.authorize_url()
self.response.out.write(template.render('templates/index.html',
{'authorize_url': url}))
user = users.get_current_user()
if user:
# do something
else:
greeting = ("<a href=\"%s\">Sign in or register</a>." %
users.create_login_url("/"))
self.response.out.write("<html><body>%s</body></html>" % greeting)
login_required, documented here:
https://developers.google.com/appengine/docs/python/tools/webapp/utilmoduleapp.yaml, checking if users.get_current_user is None or using @login_required on specified handlers.login: required in app.yaml.users.get_current_user and tailor your behavior to the user or to None if that is the returned value.@login_required.UPDATE:
decorator.oauth_required.google-api-python-client library. The Google Apps Provisioning API is a Google Data API, while the Calendar API is a discovery-based API.gdata-python-client library to use the Provisioning API. You'll need to manually convert from a oauth2client.client.OAuth2Credentials object to a gdata.gauth.OAuth2Token object to use the same token for either one.OAuth2Decorator, you'll be able to access an instance of oauth2client.client.OAuth2Credentials via decorator.credentials().SECOND UPDATE:
gdata-python-client.from gdata.gauth import OAuth2TokenFromCredentials
auth_token = OAuth2TokenFromCredentials(decorator.credentials())
auth_token.authorize(client)
decorator.credentials() and auth_token to stay in sync, no matter which object you change values on.
