如何处理repoze.who(和bottle.py)的退出?

2024-05-15 09:42:47 发布

您现在位置:Python中文网/ 问答频道 /正文

我在努力瓶子.py与休息。谁,到目前为止,我们使用我发现的各种示例的组合,成功地将以下非常简单的程序组合在一起以使其工作。显然,这不是我在生产环境中运行的东西,我只是在尽可能地编写最简单的代码,这样我就可以学习如何使用它——但不幸的是,使用教程瓶子.py与休息。谁很少有。在

下面的示例可以工作,并且允许用户使用admin/admin的用户名/密码登录。我该怎么办休息。谁使logout()函数正常工作?我想有一个forget函数可能是为了这个目的,但是我不知道该如何调用它。在

谢谢。在

from bottle import route, run, app, get, abort, request

from StringIO import StringIO
import repoze
from repoze.who.middleware import PluggableAuthenticationMiddleware
from repoze.who.interfaces import IIdentifier
from repoze.who.interfaces import IChallenger
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.cookie import InsecureCookiePlugin
from repoze.who.plugins.form import FormPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin
from repoze.who.classifiers import default_request_classifier
from repoze.who.classifiers import default_challenge_decider    

import logging, sys
import pprint

@route('/')
def root():
    if request.environ.get('repoze.who.identity') is None:
        abort(401, "Not authenticated")
    return "Authenticated"


@route('/hello')
def index():
    identity = request.environ.get('repoze.who.identity')
    if identity == None:
        abort(401, "Not authenticated")

    user = identity.get('repoze.who.userid')
    return '<b>Hello %s!</b>' % user

@route('/logout')
def logout():
    # I have no idea what to put here
    pass

io = StringIO()
salt = 'aa'

for name, password in [ ('admin', 'admin'), ('paul', 'paul') ]:
    io.write('%s:%s\n' % (name, password))
io.seek(0)

def cleartext_check(password, hashed):
    return password == hashed

htpasswd = HTPasswdPlugin(io, cleartext_check)
basicauth = BasicAuthPlugin('repoze.who')
auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt')
form = FormPlugin('__do_login', rememberer_name='auth_tkt')
form.classifications = { IIdentifier:['browser'],
                         IChallenger:['browser'] }
identifiers = [('form', form),('auth_tkt',auth_tkt),('basicauth',basicauth)]
authenticators = [('htpasswd', htpasswd)]
challengers = [('form',form), ('basicauth',basicauth)]
mdproviders = []


log_stream = None
import os
if os.environ.get('WHO_LOG'):
    log_stream = sys.stdout

middleware = PluggableAuthenticationMiddleware(
    app(),
    identifiers,
    authenticators,
    challengers,
    mdproviders,
    default_request_classifier,
    default_challenge_decider,

    log_stream = log_stream,
    log_level = logging.DEBUG
    )

if __name__ == '__main__':
    run(app=middleware, host='0.0.0.0', port=8080, reloader=True)
else:
    application = middleware

run(host='0.0.0.0', port=8080)

Tags: fromimportformauthloggetadminrequest
2条回答

如果可以的话,我会用RedirectingFormPlugin而不是FormPluginRedirectingFormPlugin允许您注册注销URL。有了它,您就不必实现/logout处理程序,例如RedirectingFormPlugin会为您拦截请求并处理forget等调用。我已经用这个与波波和阿彭金和它的工作很好。在

如果你还想用以前没有准备好的方式去做休息。谁v1,以下对我有用:

from bottle import response # , redirect
# ...
@route('/logout')
def logout():
    identity = request.environ.get('repoze.who.identity')
    if identity:
        for (i_name, i) in identifiers:
            hdrs = i.forget(request.environ, identity)
            [ response.add_header(*h) for h in hdrs ]
    ## following would be nice, but does not work,
    ## since redirect is not using defined response headers
    # rfr = request.get_header('referer', '/')
    # redirect(rfr)
    ## so we do just this:
    return "you have been hopefully logged out"

相关问题 更多 >