App Engine Howto通过用户服务维护http和https上的登录 [英] App Engine Howto maintain login on both http and https with Users service

查看:77
本文介绍了App Engine Howto通过用户服务维护http和https上的登录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

以下代码演示了我遇到的问题,它可在 Github 上获得。当我删除用于登录的安全路由时,该代码起作用,但是当我确保页面不安全时。或者,如果我使主页安全:始终/可选。除非您将main.py中的http方案从https更改为http,否则此代码无法在您的开发服务器上运行。



为什么此代码不适用于登录过去https?



app.yaml 

  application:testapp 
版本:1 
运行时:python27 
 api_version:1 
线程安全:是
 
函数库:
  - 名称:webapp2 
版本:latest 
 
处理程序:
  -  url:/ login 
 script:main.app 
 secure:始终
 $ b  -  url:/.* 
 script:main.app 
 secure:从不

main.py 

 从google.appengine.ext.webapp导入webapp2 
导入模板$ b $ from google.appengine.api导入用户
 from login导入LoginHandler $ b $ from admin导入AdminHandler 
 $ b $ class HomeHandler(webapp2.RequestHandler):
 def get(self):
 user = users.get_current_user ()
如果users.is_current_user_admin():
 lo ggedin =Admin
 values = {'loggedin':loggedin,$ b $'logout_url':users.create_logout_url(/)} 
 elif user:
 loggedin =User 
 values = {'loggedin':loggedin,
'logout_url':users.create_logout_url(/)} 
 else:
 loggedin =Anonymous
 values = {'loggedin':loggedin,
'logout_url':users.create_logout_url(/)} 
 self.response.out.write(template.render('home.html',values) )
 
 app = webapp2.WSGIApplication([
 webapp2.Route(r'/',HomeHandler),
 webapp2.Route(r'/ login',LoginHandler,schemes = ['https']),
 webapp2.Route(r'/ admin',AdminHandler,schemes = ['https'])
],debug = True)

login.py 

  import webapp2 $来自google.appengine.ext.webapp的b $ b导入模板
 from google.appengine.api导入用户
 
#登录页面请求处理程序类
 class LoginHandler(webapp2.RequestHandler):
 def get(self):
 user = users.get_current_user()
 
 values = {'login_url':users.create_login_url(/)} 
 self.response.out.write(template.render('login。 html',values))

admin.py 

 从google.appengine.ext.webapp导入模板导入webapp2 
从google.appengine.api导入模板
导入用户
 
#登录页面请求处理程序类
类AdminHandler(webapp2.RequestHandler):
 def get(self):
 user = users.get_current_user()
 
 values = {'user ':users.nickname()} 
 self.response.out.write(template.render('admin.html',values))

home.html 

 < html> 
< body> 
< p>登录用户:{{loggedin}}< / p> 
< ul> 
< li> 
 {%ifequal loggedin匿名%} 
< a href =/ login>登录< / a> 
 {%else%}<! - 用户已登录 - > 
< a href ={{logout_url}}>注销< / a> 
 {%endifequal%} 
< / li> 
 {%ifequal loggedin管理员%} 
< li class =right> 
< a href =/ admin>管理员< / a> 
< / li> 
 {%endifequal%} 
< / ul> 
< / body> 
< / html>

login.html 

 < HTML> 
< body> 
< ul> 
< li> 
< a href ={{login_url}}>登入< / a> 
< / li> 
< / ul> 
< / body> 
< / html>

admin.html 

 < HTML> 
< body> 
< p>您的登录身份为:{{user}}< / p> 
< / body> 
< / html>

正如您看到一个非常简单的示例,用户单击登录链接,进入登录页面他们使用Google身份验证登录并重定向到不安全的主页。当用户回到主页时,预期的行为是谁登录返回admin / user /匿名,但我得到的只是匿名,不会添加注销url或管理员用户的管理员url。如果我使登录正常http,然后如果我有一个安全的路线说/管理该请求收到401错误。

这个代码只有在我做出所有HTTPS的时候才有效。我知道其他人正在使用安全的登录页面,并仍然能够访问不安全页面上的用户信息。我相信这与Cookie的设置有关,但是我对我做错的事情感到不知所措。

解决方案

您是否使用FireCookie(或类似的)检查了cookie的详细信息?路径,域等?
您是否使用不同的域名进行担保?像secure.app.com为https和www.app.com为http?



我从未在GAE上尝试过https,我只是想知道如何帮助如此抱歉if我说的是明显的东西。


The following code demonstrates the problem I have, it is available on Github. When I remove the secure route for login the code works, but when I secure the page it doesn't. Or if I make the homepage secure:always / optional. This code won't work on your dev server unless you change the http scheme in main.py from https to http.

Why does this code not work with logins going over https?

app.yaml

application: testapp
version: 1
runtime: python27
api_version: 1
threadsafe: yes

libraries:
- name: webapp2
  version: latest

handlers:
- url: /login
  script: main.app
  secure: always

- url: /.*
  script: main.app
  secure: never

main.py

import webapp2
from google.appengine.ext.webapp import template
from google.appengine.api import users
from login import LoginHandler
from admin import AdminHandler

class HomeHandler(webapp2.RequestHandler):
    def get(self):
        user = users.get_current_user()
        if users.is_current_user_admin():
            loggedin = "Admin"
            values = {'loggedin': loggedin,
                      'logout_url': users.create_logout_url("/")}
        elif user:
            loggedin = "User"
            values = {'loggedin': loggedin,
                      'logout_url': users.create_logout_url("/")}
        else:
            loggedin = "Anonymous"
            values = {'loggedin': loggedin,
                      'logout_url': users.create_logout_url("/")}
        self.response.out.write(template.render('home.html', values))

app = webapp2.WSGIApplication([
    webapp2.Route(r'/', HomeHandler),
    webapp2.Route(r'/login', LoginHandler, schemes=['https']),
    webapp2.Route(r'/admin', AdminHandler, schemes=['https'])
], debug=True)

login.py

import webapp2
from google.appengine.ext.webapp import template
from google.appengine.api import users

#  Login page Request Handler Class
class LoginHandler(webapp2.RequestHandler):
    def get(self):
        user = users.get_current_user()

        values = {'login_url': users.create_login_url("/")}
        self.response.out.write(template.render('login.html', values))

admin.py

import webapp2
from google.appengine.ext.webapp import template
from google.appengine.api import users

#  Login page Request Handler Class
class AdminHandler(webapp2.RequestHandler):
    def get(self):
        user = users.get_current_user()

        values = {'user': users.nickname()}
        self.response.out.write(template.render('admin.html', values))

home.html

<html>
<body>
<p>Who is logged in: {{loggedin}}</p>
<ul>
  <li>
    {% ifequal loggedin "Anonymous" %}
      <a href="/login">Login</a>
    {% else %} <!-- user is logged in -->
      <a href="{{logout_url}}">Logout</a>
    {% endifequal %}
  </li>
  {% ifequal loggedin "Admin" %}
    <li class="right">
      <a href="/admin">Admin</a>
    </li>
  {% endifequal %}
</ul>
</body>
</html>

login.html

<html>
<body>
<ul>
  <li>
      <a href="{{login_url}}">Login</a>
  </li>
</ul>
</body>
</html>

admin.html

<html>
<body>
      <p>Your logged in as: {{user}}</p>
</body>
</html>

As you can see a very simple example, user clicks the login link, goes to the login page where they login with Google Authentication and redirected back to the unsecured home page. When the user gets back to the home page the expected behavior is that "Who is logged in" returns either admin/user/anonymous but all I get is anonymous, the logout url isn't added or the admin url for an admin user. If I make the login normal http then if I have a secure route to say /admin that request receives a 401 Error.

This code only works when I make make everything HTTPS. I know others are using secure login pages and still able to access the user information on unsecure pages. I believe this has to do with how the cookie is being set, but I am at a loss at what I'm doing wrong.

解决方案

Have you checked with FireCookie (or similar) the cookie's details? The path, the domain and so on? Are you using different domain name for secured? like secure.app.com for https and www.app.com for http?

I never tried https on GAE, i'm just wondering trying to help so sorry if I'm saying obvious stuff.

这篇关于App Engine Howto通过用户服务维护http和https上的登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Python最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆