Created
June 30, 2014 09:22
-
-
Save kenchangh/7d38f93c9898f5e413fa to your computer and use it in GitHub Desktop.
A simple authentication / sign up / login system implemented in Google App Engine Python
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########## | |
| import json | |
| import hmac | |
| import logging | |
| from hashlib import sha256 | |
| from utils.validate import make_salt, make_cookie | |
| from utils.validate import SafeLogin | |
| from utils.base_handler import BaseHandler | |
| from models.models import User | |
| from google.appengine.ext import db | |
| from google.appengine.api import memcache | |
| ########## | |
| class SignUp(BaseHandler): | |
| def get(self): | |
| # TODO render 404 here | |
| pass | |
| def post(self): | |
| # Getting value from Ajax request | |
| # Name, class and confirm are Javascript reserved words | |
| # Therefore the trailing _ | |
| username = self.request.get('username') | |
| name = self.request.get('name') | |
| form = int(self.request.get('form')) | |
| class_ = self.request.get('class_') | |
| pw = self.request.get('pw') | |
| confirm = self.request.get('confirm_') | |
| sql = "SELECT * FROM User WHERE username = '{0}'".format(username) | |
| already_user = db.GqlQuery(sql).get() | |
| # If username is not taken | |
| if not already_user: | |
| salt = make_salt() | |
| hashed_pw = hmac.new(salt, pw, sha256).hexdigest() | |
| new_user = User(username = username, | |
| name = name, | |
| form = form, | |
| class_ = class_, | |
| pw = hashed_pw, | |
| salt = salt) | |
| new_user.put() | |
| # TODO Set session cookie on signup | |
| else: | |
| # Returns error to Ajax request | |
| # Sends error message to user | |
| logging.error('Username is already available') | |
| self.error(500) | |
| class Login(SafeLogin): | |
| def get(self): | |
| # TODO render 404 here | |
| if self.valid_login(): | |
| self.render('index.html') | |
| else: | |
| self.redirect('/') | |
| def post(self): | |
| username = self.request.get('username') | |
| pw = self.request.get('pw') | |
| rmb_me = self.request.get('rmb_me') | |
| # Separate string to avoid SQL injection | |
| sql = "SELECT * FROM User WHERE username = '{0}'".format(username) | |
| user = db.GqlQuery(sql).get() | |
| logging.info(user) | |
| # If username exists | |
| if user: | |
| hashed_pw = hmac.new(str(user.salt), str(pw), sha256).hexdigest() | |
| # If correct password | |
| if hashed_pw == user.pw: | |
| memcache.set('login_' + username, hashed_pw) | |
| # Set cookie | |
| if rmb_me == 'true': | |
| # 3 months' time in seconds | |
| # Login cookie expires in 3 months | |
| MONTHS_3 = int(7.88923e6) | |
| self.response.set_cookie('login', make_cookie(username, hashed_pw), MONTHS_3) | |
| elif rmb_me == 'false': | |
| # Session cookie | |
| self.response.set_cookie('login', make_cookie(username, hashed_pw)) | |
| else: | |
| self.error(500) | |
| # If username does not exist | |
| else: | |
| # Sends server error to Ajax request | |
| self.error(500) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment