/usr/share/doc/python-werkzeug-doc/examples/cookieauth.py is in python-werkzeug-doc 0.9.4+dfsg-1.1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 | #!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Cookie Based Auth
~~~~~~~~~~~~~~~~~
This is a very simple application that uses a secure cookie to do the
user authentification.
:copyright: Copyright 2009 by the Werkzeug Team, see AUTHORS for more details.
:license: BSD, see LICENSE for more details.
"""
from werkzeug.serving import run_simple
from werkzeug.utils import cached_property, escape, redirect
from werkzeug.wrappers import Request, Response
from werkzeug.contrib.securecookie import SecureCookie
# don't use this key but a different one; you could just use
# os.unrandom(20) to get something random. Changing this key
# invalidates all sessions at once.
SECRET_KEY = '\xfa\xdd\xb8z\xae\xe0}4\x8b\xea'
# the cookie name for the session
COOKIE_NAME = 'session'
# the users that may access
USERS = {
'admin': 'default',
'user1': 'default'
}
class AppRequest(Request):
"""A request with a secure cookie session."""
def logout(self):
"""Log the user out."""
self.session.pop('username', None)
def login(self, username):
"""Log the user in."""
self.session['username'] = username
@property
def logged_in(self):
"""Is the user logged in?"""
return self.user is not None
@property
def user(self):
"""The user that is logged in."""
return self.session.get('username')
@cached_property
def session(self):
data = self.cookies.get(COOKIE_NAME)
if not data:
return SecureCookie(secret_key=SECRET_KEY)
return SecureCookie.unserialize(data, SECRET_KEY)
def login_form(request):
error = ''
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
if password and USERS.get(username) == password:
request.login(username)
return redirect('')
error = '<p>Invalid credentials'
return Response('''
<title>Login</title><h1>Login</h1>
<p>Not logged in.
%s
<form action="" method="post">
<p>
<input type="hidden" name="do" action="login">
<input type="text" name="username" size=20>
<input type="password" name="password", size=20>
<input type="submit" value="Login">
</form>''' % error, mimetype='text/html')
def index(request):
return Response('''
<title>Logged in</title>
<h1>Logged in</h1>
<p>Logged in as %s
<p><a href="/?do=logout">Logout</a>
''' % escape(request.user), mimetype='text/html')
@AppRequest.application
def application(request):
if request.args.get('do') == 'logout':
request.logout()
response = redirect('.')
elif request.logged_in:
response = index(request)
else:
response = login_form(request)
request.session.save_cookie(response)
return response
if __name__ == '__main__':
run_simple('localhost', 4000, application)
|