我正在尝试让 bottle.py 与 repoze.who 一起工作,到目前为止,我已经成功地组合了以下非常简单的程序来让它工作,使用我发现的各种示例的组合。显然这不是我在生产中运行的东西,我只是想尽可能地编写最简单的代码,以便我可以学习如何使用它——但不幸的是,将 bottle.py 与 repoze.who 一起使用的教程是很少见。
下面的示例有效,并允许某人使用 admin/admin 的用户名/密码登录。我应该如何处理 repoze.who 才能使 logout() 函数正常工作?我发现有一个 forget 函数可能就是为了这个目的,但我不知道该如何调用它。
谢谢。
from bottle import route, run, app, get, abort, request
from StringIO import StringIO
import repoze
from repoze.who.middleware import PluggableAuthenticationMiddleware
from repoze.who.interfaces import IIdentifier
from repoze.who.interfaces import IChallenger
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin
from repoze.who.plugins.cookie import InsecureCookiePlugin
from repoze.who.plugins.form import FormPlugin
from repoze.who.plugins.htpasswd import HTPasswdPlugin
from repoze.who.classifiers import default_request_classifier
from repoze.who.classifiers import default_challenge_decider
import logging, sys
import pprint
@route('/')
def root():
if request.environ.get('repoze.who.identity') is None:
abort(401, "Not authenticated")
return "Authenticated"
@route('/hello')
def index():
identity = request.environ.get('repoze.who.identity')
if identity == None:
abort(401, "Not authenticated")
user = identity.get('repoze.who.userid')
return '<b>Hello %s!</b>' % user
@route('/logout')
def logout():
# I have no idea what to put here
pass
io = StringIO()
salt = 'aa'
for name, password in [ ('admin', 'admin'), ('paul', 'paul') ]:
io.write('%s:%s\n' % (name, password))
io.seek(0)
def cleartext_check(password, hashed):
return password == hashed
htpasswd = HTPasswdPlugin(io, cleartext_check)
basicauth = BasicAuthPlugin('repoze.who')
auth_tkt = AuthTktCookiePlugin('secret', 'auth_tkt')
form = FormPlugin('__do_login', rememberer_name='auth_tkt')
form.classifications = { IIdentifier:['browser'],
IChallenger:['browser'] }
identifiers = [('form', form),('auth_tkt',auth_tkt),('basicauth',basicauth)]
authenticators = [('htpasswd', htpasswd)]
challengers = [('form',form), ('basicauth',basicauth)]
mdproviders = []
log_stream = None
import os
if os.environ.get('WHO_LOG'):
log_stream = sys.stdout
middleware = PluggableAuthenticationMiddleware(
app(),
identifiers,
authenticators,
challengers,
mdproviders,
default_request_classifier,
default_challenge_decider,
log_stream = log_stream,
log_level = logging.DEBUG
)
if __name__ == '__main__':
run(app=middleware, host='0.0.0.0', port=8080, reloader=True)
else:
application = middleware
run(host='0.0.0.0', port=8080)
最佳答案
如果可以的话,我会使用 RedirectingFormPlugin 而不是 FormPlugin。 RedirectingFormPlugin 允许您注册注销 URL。有了它,您不必实现 /logout 处理程序,例如 RedirectingFormPlugin 会拦截请求并为您处理遗忘等调用。我已经将它与 Bobo 和 appengine 一起使用,效果很好。
关于python - 如何使用 repoze.who(和 bottle.py)处理注销?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11450282/