问题描述
在金字塔文档中,SQLAlchemy的调度教程使用在 security.py 虚拟数据。我需要使用MySQL的数据,所以我实现它是这样的:
In the pyramid documentation, the Sqlalchemy Dispatch Tutorial uses dummy data in security.py. I needed to use mysql data so I implemented it like this:
我的登录code
@view_config(route_name='login', renderer='json',permission='view')
def user_login(request):
session = DBSession
username = request.params['username']
password = request.params['password']
sha = hashlib.md5()
sha.update(password)
password = sha.digest().encode('hex')
user = session.query(Users).filter(and_(Users.username==username,Users.password ==password)).count()
if(user != 0):
headers = remember(request, username)
return HTTPFound(location = '/index/',
headers =headers)
else:
print "error"
以上使系统记住用户名,将在 security.py 使用。下面,我用这个来获得该组的用户在
The above makes the system remember username that will be used in security.py. Below, I use this to get the group the user is in.
from .models import (
DBSession,
Users,
)
def groupfinder(userid, request):
session = DBSession()
for instance in session.query(Users).filter(Users.username==userid):
group = 'group:'+instance.group
lsth = {'userid':[group]}
return lsth.get ('userid')
这是用金字塔授权的最好方法?
Is this the best way to use pyramid authorization?
推荐答案
您有这个想法的权利。
您groupfinder是正确的,现在打破。请注意你有一个for循环里面一个return语句。该groupfinder应返回的至少空列表 [] 如果用户是有效的。仅返回无如果用户是无效的。
Your groupfinder is broken right now. Notice you have a for-loop with a return statement inside. The groupfinder should return at least an empty list [] if the user is valid. Only return None if the user is invalid.
另外一个口令的MD5是pretty蹩脚的这些日子。看cryptacular或passlib库通过bcrypt而不是执行加密哈希。
Also an md5 of the password is pretty crappy these days. Look at the cryptacular or passlib libraries for performing a cryptographic hash instead via bcrypt.
这篇关于使用金字塔认证金字塔的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!