def switch_user_off(self):
# todo 设置一个token.当开启自动计算时,自动计算token.否则需要手动提供token
# 开启自动计算功能通过运行时修改配置达到-.-
response = Response("switch user off")
response.delete_cookie("god_token")
response.delete_cookie("god_uid")
return response
def save_session(self, app: flask.Flask, session: StorageAccountSession, response: flask.Response) -> None:
"""
Serializes the data to JSON, encrypts the data using AES
and stores the encrypted data along with a verification tag to azure storage.
Only stores the UUID of the table entry inside the session_cookie
"""
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
if not session:
if session.modified:
self.storage.delete(session.sid)
response.delete_cookie(app.session_cookie_name, domain=domain, path=path)
return
if session.modified:
encryption_key = self.get_encryption_key_from_app_secret(app)
self.storage.write(session.sid, dict(session), encryption_key)
httponly = True
secure = self.get_cookie_secure(app)
samesite = self.get_cookie_samesite(app)
if samesite is None:
samesite = 'Lax'
expires = self.get_expiration_time(app, session)
response.set_cookie(app.session_cookie_name, session.sid, expires=expires, httponly=httponly, domain=domain,
path=path, secure=secure, samesite=samesite)
def delete_cookie():
resp = Response("删除成功")
#如果你要删除的 cookie 有域名限制 那么 你在删除cookie的时候也要加上 domain这个参数
# resp.delete_cookie('username',domain=".jd.com")
#如果你要删除的cookie 是 指定的 路径 那么 删除cookie的时候 也要加上 path参数
resp.delete_cookie('username', path='/login/')
return resp
def logout():
"""Handle logout requests
Delete user's session entry in the sessions table
Also, delete user's cookie whether session entry delete is successful or not
Return 200 OK on success
Otherwise, return 500 INTERNAL SERVER ERROR
"""
DBSessionMaker = sessionmaker(bind=engine)
db_session = DBSessionMaker()
# Find and delete user's session entry in the session table
try:
cookie_sess_id = request.cookies.get('session')
db_session.query(Sessions).filter(Sessions.id==cookie_sess_id).delete()
db_session.commit()
logout_resp = Response(status=200)
logout_resp.delete_cookie('session')
return logout_resp
except Exception:
db_session.rollback()
# Delete user's cookie if something went wrong
err_resp = Response(status=500)
err_resp.delete_cookie('session')
return err_resp
def switch_user_off(self):
# todo 设置一个token.当开启自动计算时,自动计算token.否则需要手动提供token
# 开启自动计算功能通过运行时修改配置达到-.-
response = Response('switch user off')
response.delete_cookie('god_token')
response.delete_cookie('god_uid')
return response
def login():
"""Handle login requests
On successfull login a session with a length of an hour should be generated.
On failure an error should be thrown.
"""
hasher = PasswordHasher()
payload = request.json
username = payload['user']
password = payload['pass']
DBSessionMaker = sessionmaker(bind=engine)
db_session = DBSessionMaker()
try:
user = db_session.query(Users).get(username)
hasher.verify(user.password, password)
# If the hash parameters are out of date or the user update the hash
# One example of an out of date parameter is a insufficient time cost
if hasher.check_needs_rehash(user.password):
user.password = hasher.hash(password)
# calculate an expiration time one our from now
expire = datetime.utcnow() + timedelta(hours=1)
session_id = uuid.uuid4().hex
user_session = Sessions(
# This must be a uuid4 or large cryptographically secure random number
# A other formats of UUID can have several bytes perdicted presenting
# a potential brute forcing risk
# This implimentation choice assumes CPython is being used.
id=session_id,
username=username,
session_expire=expire
)
db_session.add(user_session)
db_session.commit()
auth_resp = Response(status=200)
auth_resp.set_cookie('session', session_id)
db_session.commit()
return auth_resp
# For security reasons only two responses may be provided
# Thus errors do not need to be handled individually
except Exception:
db_session.rollback()
# If we get to the end of this funtion something went wrong.
# Thus make sure the user does not think they are logged in
err_resp = Response(status=401)
err_resp.delete_cookie('session')
return err_resp
def test():
# username = request.form['username']
# password = request.form['password']
cookie = request.cookies
username2 = cookie.get("username")
password2 = cookie.get("password")
resp = Response("服务器返回信息")
#设置cookie,
resp.set_cookie('username', 'derek')
resp.delete_cookie('username')
def save_session(self, app: Flask, session: ServerSideSession,
response: Response) -> None:
"""This is called for actual sessions returned by :meth:`open_session`
at the end of the request. This is still called during a request
context so if you absolutely need access to the request you can do
that.
"""
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
sid = session.sid
saved_session = (self.orm_session.query(self.sql_session_model).filter(
self.sql_session_model.session_id == sid).first())
if not session:
if session.modified:
if saved_session:
self.orm_session.delete(saved_session)
self.orm_session.commit()
response.delete_cookie(app.session_cookie_name,
domain=domain,
path=path)
return
if not self.should_set_cookie(app, session):
return
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
val = self.serializer.dumps(dict(session))
if saved_session:
saved_session.data = val
saved_session.expiry = expires
self.orm_session.commit()
else:
new_session: UserSessionTableProtocol = self.sql_session_model(
id=self.make_id(),
session_id=session.sid,
data=val,
expires_at=expires)
self.orm_session.add(new_session)
self.orm_session.commit()
session_id = session.sid
response.set_cookie(
app.session_cookie_name,
session_id,
expires=expires,
httponly=httponly,
domain=domain,
path=path,
secure=secure,
samesite=current_app.config.get("SESSION_COOKIE_SAMESITE",
"Strict"),
)
def delete_cookie():
"""删除cookie"""
key = request.args.get('key') or 'count'
cookies = request.cookies
print(cookies)
response = Response()
response.delete_cookie(key)
response.set_data('request cookies:<br>' + str(request.cookies) +
'<br><br>' + 'response header:<br>' +
str(response.headers))
return response
def quit():
required = ['stuid']
values = request.form
if not all(k in values for k in required):
return 'Missing values', 403
stuid = values.get('stuid')
c*k = request.cookies
stuid = c*k.get("stuid")
# cok_password = c*k.get('password')
resp = Response(render_template("quit.html"))
resp.delete_cookie("stuid")
resp.delete_cookie("password")
return resp
def __new__(
cls,
resp: Response,
status_code: int = 200,
cookies: dict = {},
):
for k, v in cookies.items():
if v is None:
resp.delete_cookie(k)
else:
d = k.split('_httponly')
resp.set_cookie(d[0], v, httponly=bool(d[1:]))
return super().__new__(tuple, (resp, status_code))
def slo():
"""
Revokes the delivered access token. Logs out the user
"""
if not request.referrer or request.host not in request.referrer:
return redirect_to('/')
log.info('Preparing to logging out: %s' % c.user)
g = model.Group.get(session['organization_id'])
org_url = url_for(host=request.host,
controller='organization',
action='read',
id=g.name,
qualified=True)
org_url = str(org_url)
if c.user:
client = Clients.get_client(g)
logout_url = client.end_session_endpoint
redirect_uri = org_url + '/logout'
# revoke the access token (https://doc.ozwillo.com/#1-revoke-known-tokens)
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = 'token=' + session.get('access_token')
data += '&token_type_hint=access_token'
client.http_request(client.revocation_endpoint,
'POST',
data=data,
headers=headers)
# Invalidate the local session (https://doc.ozwillo.com/#2-invalidate-the-applications-local-session)
id_token = session.get('id_token')
session.invalidate()
c.user = None
c.userobj = None
response = Response()
for cookie in request.cookies:
response.delete_cookie(cookie)
# redirect to IDP logout (https://doc.ozwillo.com/#3-single-sign-out)
logout_url += '?id_token_hint=%s&' % id_token
logout_url += 'post_logout_redirect_uri=%s' % redirect_uri
log.info('Redirecting user to: %s' % logout_url)
return redirect_to(str(logout_url))
return redirect_to(org_url)
def index():
"""创建返回对象"""
res = Response("返回对象")
"""设置cookies
max_age=None, 最大存活时间(s)
expires=None, 通过datetime设置准确时间
path="/",
domain=None, 设置子域名的cookies
"""
res.set_cookie('name', 'jack')
"""删除cookies"""
res.delete_cookie("")
return res
def login():
if request.method == 'GET':
print(request.method)
res = Response(render_template('login.html'))
ex = datetime(year=2020, month=1, day=1, hour=0, minute=0, second=0)
res.set_cookie('username', 'zzw', expires=ex, max_age=10)
res.delete_cookie()
return res
else:
print(request.method)
username = request.form.get('username')
password = request.form.get('password')
repeatpasswd = request.form.get('repeatpasswd')
print(username, password, repeatpasswd)
return 'success'
def del_info():
required = ['stuid']
values = request.form
if not all(k in values for k in required):
return 'Missing values', 403
stuid = values.get('stuid')
userdb.db_delete_user_info(stuid)
stu_img_path = os.path.abspath(f'./static/vc_images/{stuid}_img.png')
if os.path.exists(stu_img_path):
os.remove(stu_img_path)
resp = Response("<h1>delete success</h1>")
resp.delete_cookie("stuid")
gen_log.warning(
f"学号 {stuid} ,通过浏览器删除了自己信息,时间为{datetime.datetime.now().strftime('%m/%d/%Y, %H:%M:%S')}"
)
return resp, 200
def logout(self):
log.info('Logging out user: %s' % session.get('user'))
response = Response()
session['user'] = None
session.save()
g = model.Group.get(session['organization_id'])
for cookie in request.cookies:
response.delete_cookie(cookie)
if g:
org_url = url_for(host=request.host,
controller='organization',
action='read',
id=g.name,
qualified=True)
redirect_to(str(org_url))
else:
redirect_to('/')
def logout():
eid = int(request.cookies.get('eID'))
time = str(logged_in[eid])
del logged_in[eid]
print(logged_in)
database.save_logout_info(eid, time)
resp=Response()
return redirect(url_for('index')), resp.delete_cookie("eID")
def save_session(self, app: Flask, session: Session, response: Response):
if session is None:
# This should never be the case
return
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
if not session:
# ``not session`` equates to an empty session
if session.modified or not session.authenticated:
# The session has been modified. This indicates, that
# a session has been invalidated by deleting it or
# removing authentication. Thus, we try to remove any
# traces
self._redis.delete(self.get_key(session.sid))
response.delete_cookie(
app.session_cookie_name, domain=domain, path=path
)
return
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
samesite = self.get_cookie_samesite(app)
raw_session = self._serializer.dumps(session)
# ``setex`` is used to create an entry that expires
self._redis.setex(
name=self.get_key(session.sid),
time=app.permanent_session_lifetime,
value=raw_session,
)
sid_signed = self._signer.sign(session.sid)
response.set_cookie(
app.session_cookie_name,
sid_signed,
domain=domain,
path=path,
httponly=httponly,
expires=expires,
secure=secure,
samesite=samesite,
)
def COOKIE():
# response = Response("设置cookie")
# response.set_cookie("name", "laobian")
"""
key, cookie的键
value="",cookie的值
max_age = None,cookie的寿命
expires = None,cookie的过期时间
path = "/", cookie在当前项目的作用域
domain = None, cookie起作用的子域名
"""
cookie = request.cookies.get("name") #获取cookie
print(cookie)
response = Response("设置cookie")
response.set_cookie("name", "laobian")
response.delete_cookie("name") #删除cookie
# 设置session
session["username"] = "******" #设置session的值
session.get("username") #获取session
del session["username"] #删除session
return "设置session"
def delete_cookie():
response = Response('<b>范冰冰</b>')
response.delete_cookie('user')
return response
def delcookie():
res = Response(response='删除cookie')
res.delete_cookie(key='username')
return res
def Logout():
response = Response("")
response.delete_cookie('refresh_token')
return response
def logout():
response = Response('用户注销')
response.delete_cookie('user')
return response
def del_cookie():
html = render_template('js_cookie.html')
response = Response(html)
response.delete_cookie('mooc')
return response
def logout():
resp = Response('', 200)
resp.delete_cookie('token')
return resp
def delete(self):
response = Response(None, 204)
response.delete_cookie('access_token')
return response
def del_cookie():
resp = Response('删除Cookie')
resp.delete_cookie('username')
return resp
def logout(response: Response):
response.delete_cookie(auth_cookie_name)
def delete_cookie():
resp = Response("删除cookie")
resp.delete_cookie('username')
return resp
def del_cookie():
resp = Response('aaa')
resp.delete_cookie('cookie_key')
return resp
def delete():
req = Response('delect')
req.delete_cookie('username')
return req