def set_auth(request: Request, user_id: int): hash_val = __hash_text(str(user_id)) val = f'{user_id}:{hash_val}' request.add_response_callback(lambda req, resp: __add_cookie_callback( req, resp, auth_cookie_name, val ))
def login_view(request: Request): """Login form. After successful login redirects to the URL in the query or post parameter ``next``. By default redirects to the index page. """ def set_csrf_token(value, max_age=None): def set_cookie(request, response): response.set_cookie('csrf_token', value=value, path=request.path, secure=request.scheme == 'https', httponly=True, samesite='Strict', max_age=max_age) return set_cookie next_url = request.params.get('next') or request.route_url('index') if request.user: return HTTPFound(location=next_url) username = '' failed = False if 'submit' in request.POST: username = request.POST.get('username', '') password = request.POST.get('password', '') csrf_token = request.POST.get('csrf_token', '') expected_csrf_token = request.cookies.get('csrf_token', '') if not hmac.compare_digest(csrf_token, expected_csrf_token): raise BadCSRFToken() user = db.user.authenticate(request.db, username, password) if user: # Important - at the very least generate a new session id at # login/logout to prevent session fixation attacks. request.session.invalidate() request.user = user headers = remember(request, user.user_id) request.add_response_callback(set_csrf_token('', 0)) return HTTPFound(location=next_url, headers=headers) failed = True csrf_token = os.urandom(16).hex() url = request.route_url('login') request.add_response_callback(set_csrf_token(csrf_token)) return dict(username=username, next=next_url, failed=failed, login_url=url, csrf_token=csrf_token)
def logout(request: Request): request.add_response_callback( lambda req, resp: __delete_cookie_callback(resp, auth_cookie_name))
def set_auth(request: Request, user_id: int): hash_val = __hash_text(str(user_id)) val = "{}:{}".format(user_id, hash_val) request.add_response_callback(lambda req, resp: __add_cookie_callback( req, resp, auth_cookie_name, val))
def request_factory(environ): environ['HTTP_ACCEPT'] = 'application/json' request = Request(environ) request.response = Response() request.add_response_callback(finish_callback) return request