-
Notifications
You must be signed in to change notification settings - Fork 0
/
authenticationfilter.py
88 lines (74 loc) · 2.79 KB
/
authenticationfilter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import logging
import traceback
import urllib.parse
import config
import security.authholder as authholder
from security.authentication import AuthenticationProvider, AuthenticationException
import pzx.account as account
check_uri = '/check'
logout_uri = '/logout'
referer_key = 'referer'
redirect_key = 'redirect'
username_key = 'username'
password_key = 'password'
authentication_provider = AuthenticationProvider(account)
def authentication(pattern=None):
def interceptor(func):
def wrap(request, response):
# 请求登录验证的
if require_to_check(request):
login(request, response)
return
# 获取认证对象
authentication = get_authentication(request)
#/ 注销
if require_to_logout(request):
logout(authentication, request, response)
return;
authholder.set(authentication)
try:
return func(request, response)
finally:
# 及时清除Thread变量,防止Thread重用带来bug
authholder.set(None)
return wrap
return interceptor
def login(request, response):
username = request.get_param(username_key)
password = request.get_param(password_key)
logging.info('用户[%s]请求系统认证' % username);
try:
authentication_provider.authenticate(username, password)
except Exception as e:
raise e
# 认证失败统一由异常处理
response.set_cookie(username_key, username, config.cookie_path, config.cookie_domain)
response.set_cookie(password_key, password, config.cookie_path, config.cookie_domain)
redirect = request.get_param(redirect_key)
response.redirect(redirect if redirect else '/')
def get_authentication(request):
cookies = request.get_cookies()
username = cookies.get(username_key);
if not username:
return None
password = cookies.get(password_key);
try:
#验证登录
return authentication_provider.authenticate(username, password)
except AuthenticationException as e:
logging.warn(e)
traceback.print_exc()
return None
def logout(authentication, request, response):
logging.info('用户[%s]请求注销' % str(authentication))
try:
authentication_provider.logout(authentication)
except Exception as e:
raise e
response.set_cookie(username_key, '', config.cookie_path, config.cookie_domain)
response.set_cookie(password_key, '', config.cookie_path, config.cookie_domain)
response.redirect(request.get_header(referer_key, '/'))
def require_to_logout(request):
return request.get_path().startswith(logout_uri)
def require_to_check(request):
return request.get_path().startswith(check_uri)