Google AppEngine:自定义身份validation
我可以使用Google帐户在AppEngine中validation用户身份的方式非常棒。
但是,我需要使用我的自定义身份validation登录系统 。
我将有一个AppUsers表,带有用户名和加密密码。
我读了一些关于gae会话的内容,但我需要帮助才能启动我的应用安全性。
如何跟踪经过身份validation的用户会话? 设置cookie?
一个初学者。
你可以使用cookie来做到这一点……真的不是那么难。 您可以使用cookie跟踪用户的身份validation,并将会话密钥存储在gae数据存储中。
有一个例子(它只显示基本思路,我不保证代码可以直接使用)
基本用户表:
# simply add an property to store the session key class User(db.Model): username = db.StringProperty() password = db.StringProperty() session = db.StringProperty()
登录function
# Do the following step: # 1. make sure user provide correct username and password # 2. generate a random session key # 3. store the session key to datastore # 4. set the session key and user name in cookie class LoginAPI( Webapp.RequestHandler ): def get(self): username = self.getVar( 'username', username ) password = self.getVar( 'password', password ) user = User.all().filter("username = ", username).get() password = encrypted_the_password(password) # encrypted your password with your own method! if user.password == password: # User login successfually session = generate_random_session_key() # generate your session key here user.session = session user.put() expires_time = decide_your_expires_time() # decide how long the login session is alive. cookie_time_format = "%a, %d-%b-%Y %H:%M:%S GMT" expires_datetime = datetime.datetime.fromtimestamp(expires_time) # set cookie as session self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( user.username,expires_datetime.strftime( cookie_time_format ) ) ) self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( user.session, expires_datetime.strftime( cookie_time_format ) ) ) else: #User login failed pass
注销function
# Remove the previous cookie info class LoginAPI( Webapp.RequestHandler ): def get(self): # remove the cookie self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( "",expires_datetime.strftime( cookie_time_format ) ) ) self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( "", expires_datetime.strftime( cookie_time_format ) ) )
当您需要用户登录时
# Get the session info from cookie. If the session info match the info stored in datastore # Then user authenticate successfully. class SomePage(Webapp.RequestHandler): def get(self): # get cookie info username_from_cookie = self.request.cookies.get("user", "") session_from_cookie = self.request.cookies.get("session", "") if username_from_cookie and session_from_cookie: user = User.all().filter("username = ", username_from_cookie).get() if user.session == session_from_cookie: # the user is login correctly pass else: # the user is not login pass else: # the user is not login pass