| 注册
请输入搜索内容

热门搜索

Java Linux MySQL PHP JavaScript Hibernate jQuery Nginx
lihua184
9年前发布

使用 Flask 和 rauth 进行 Github Oauth 登陆

来自: http://python.jobbole.com/84283/

最近我研究了一下Flask的OAuth库。情况并不乐观,大部分的包都已过时并且不再被支持了。大家熟知的Flask-Oauth基本上已经被废弃了,我也不推荐依赖这个库。有趣的是OAuth本身其实是很简单的,认证之后你会得到一个访问token,你只需将其作为GET参数或者作为request的特殊的header即可。也许其他的OAuth提供者需要更复杂的逻辑,但是Github仅此就足够。

我在StackOverflow上请教了如何解决Flask-OAuth的问题 ,从rauth的作者那里得到回答,他建议试一下他写的库。本文就是对他及开源社区的回报。我写了这个真实的例子,告诉你如何使用Flask、rauth、Github和会话来对你的站点的用户进行认证。

首先你需要设置好本地的环境。你需要安装好python、pip和virtualenv。接下来对环境进行设置:

$ virtualenv venv  $ source venv/bin/activate   (venv)$ pip install rauth Flask Flask-SQLAlchemy
$ virtualenvvenv  $ sourcevenv/bin/activate   (venv)$ pipinstallrauthFlaskFlask-SQLAlchemy

如果要运行我的例子,你还需要安装Sqlite的python绑定,SQLAlchemy会需要它:

(venv)$ pip install pysqlite
(venv)$ pipinstallpysqlite

pip会安装所有需要的依赖,所以你的环境已经就绪了。

现在你需要到Github设置页面里找到 Applications sections ,为你设置好一个新的应用。下图显示了在我的配置区域。

下面是代码,主模块如下:

# github.py  from flask import (Flask, flash, request, redirect,      render_template, url_for, session)  from flask.ext.sqlalchemy import SQLAlchemy    from rauth.service import OAuth2Service    # Flask config  SQLALCHEMY_DATABASE_URI = 'sqlite:///github.db'  SECRET_KEY = '\xfb\x12\xdf\xa1@i\xd6>V\xc0\xbb\x8fp\x16#Z\x0b\x81\xeb\x16'  DEBUG = True    # Flask setup  app = Flask(__name__)  app.config.from_object(__name__)  db = SQLAlchemy(app)    # Use your own values in your real application   github = OAuth2Service(      name='github',      base_url='https://api.github.com/',      access_token_url='https://github.com/login/oauth/access_token',      authorize_url='https://github.com/login/oauth/authorize',      client_id= '477151a6a9a9a25853de',      client_secret= '23b97cc6de3bea712fddbef70a5f5780517449e4',  )    # models  class User(db.Model):      id = db.Column(db.Integer, primary_key=True)      login = db.Column(db.String(80), unique=True)      name = db.Column(db.String(120))        def __init__(self, login, name):          self.login = login          self.name = name        def __repr__(self):          return '<User %r>' % self.login        @staticmethod      def get_or_create(login, name):          user = User.query.filter_by(login=login).first()          if user is None:              user = User(login, name)              db.session.add(user)              db.session.commit()          return user    # views  @app.route('/')  def index():      return render_template('login.html')    @app.route('/about')  def about():      if session.has_key('token'):          auth = github.get_session(token = session['token'])          resp = auth.get('/user')          if resp.status_code == 200:              user = resp.json()            return render_template('about.html', user = user)      else:          return redirect(url_for('login'))    @app.route('/login')  def login():      redirect_uri = url_for('authorized', next=request.args.get('next') or          request.referrer or None, _external=True)      print(redirect_uri)      # More scopes http://developer.github.com/v3/oauth/#scopes      params = {'redirect_uri': redirect_uri, 'scope': 'user:email'}      print(github.get_authorize_url(**params))      return redirect(github.get_authorize_url(**params))    # same path as on application settings page  @app.route('/github/callback')  def authorized():      # check to make sure the user authorized the request      if not 'code' in request.args:          flash('You did not authorize the request')          return redirect(url_for('index'))        # make a request for the access token credentials using code      redirect_uri = url_for('authorized', _external=True)        data = dict(code=request.args['code'],          redirect_uri=redirect_uri,          scope='user:email,public_repo')        auth = github.get_auth_session(data=data)        # the "me" response      me = auth.get('user').json()        user = User.get_or_create(me['login'], me['name'])        session['token'] = auth.access_token      session['user_id'] = user.id        flash('Logged in as ' + me['name'])      return redirect(url_for('index'))    if __name__ == '__main__':      db.create_all()      app.run()
# github.py  fromflaskimport (Flask, flash, request, redirect,      render_template, url_for, session)  fromflask.ext.sqlalchemyimportSQLAlchemy     fromrauth.serviceimportOAuth2Service     # Flask config  SQLALCHEMY_DATABASE_URI = 'sqlite:///github.db'  SECRET_KEY = '\xfb\x12\xdf\xa1@i\xd6>V\xc0\xbb\x8fp\x16#Z\x0b\x81\xeb\x16'  DEBUG = True     # Flask setup  app = Flask(__name__)  app.config.from_object(__name__)  db = SQLAlchemy(app)     # Use your own values in your real application  github = OAuth2Service(      name='github',      base_url='https://api.github.com/',      access_token_url='https://github.com/login/oauth/access_token',      authorize_url='https://github.com/login/oauth/authorize',      client_id= '477151a6a9a9a25853de',      client_secret= '23b97cc6de3bea712fddbef70a5f5780517449e4',  )     # models  class User(db.Model):      id = db.Column(db.Integer, primary_key=True)      login = db.Column(db.String(80), unique=True)      name = db.Column(db.String(120))         def__init__(self, login, name):          self.login = login          self.name = name         def__repr__(self):          return '<User %r>' % self.login         @staticmethod      defget_or_create(login, name):          user = User.query.filter_by(login=login).first()          if useris None:              user = User(login, name)              db.session.add(user)              db.session.commit()          return user     # views  @app.route('/')  defindex():      return render_template('login.html')     @app.route('/about')  defabout():      if session.has_key('token'):          auth = github.get_session(token = session['token'])          resp = auth.get('/user')          if resp.status_code == 200:              user = resp.json()             return render_template('about.html', user = user)      else:          return redirect(url_for('login'))     @app.route('/login')  deflogin():      redirect_uri = url_for('authorized', next=request.args.get('next') or          request.referreror None, _external=True)      print(redirect_uri)      # More scopes http://developer.github.com/v3/oauth/#scopes      params = {'redirect_uri': redirect_uri, 'scope': 'user:email'}      print(github.get_authorize_url(**params))      return redirect(github.get_authorize_url(**params))     # same path as on application settings page  @app.route('/github/callback')  defauthorized():      # check to make sure the user authorized the request      if not 'code' in request.args:          flash('You did not authorize the request')          return redirect(url_for('index'))         # make a request for the access token credentials using code      redirect_uri = url_for('authorized', _external=True)         data = dict(code=request.args['code'],          redirect_uri=redirect_uri,          scope='user:email,public_repo')         auth = github.get_auth_session(data=data)         # the "me" response      me = auth.get('user').json()         user = User.get_or_create(me['login'], me['name'])         session['token'] = auth.access_token      session['user_id'] = user.id         flash('Logged in as ' + me['name'])      return redirect(url_for('index'))     if __name__ == '__main__':      db.create_all()      app.run()

模板:

<!-- templates/about.html -->  <!doctype html>  <title>Login</title>    <h1>About you</h1>  Welcome , and your email is  <br />  <a href ="">Main page</a>
<!-- templates/about.html -->  <!doctypehtml>  <title>Login</title>     <h1>Aboutyou</h1>  Welcome , and youremailis  <br />  <a href ="">Mainpage</a>
<!-- templates/login.html -->  <!doctype html>  <title>Login</title>    <h1>Login</h1>  <a href ="">Login with OAuth2</a>  <h1>About</h1>  <a href="">About</a> If you are not logged in then you will be redirected to login page.
<!-- templates/login.html -->  <!doctypehtml>  <title>Login</title>     <h1>Login</h1>  <a href ="">LoginwithOAuth2</a>  <h1>About</h1>  <a href="">About</a> If youarenot loggedin then youwillberedirectedto loginpage.

启动后将创建数据库:

(venv)$ python github.py
(venv)$ pythongithub.py

在浏览器打开网站后,将在 session 保存 login.access_token,这是不安全的,但作为例子已经足够了。实际的网站中你可以这样使用:

# Probably your User model placed in different blueprint  from authmodule.models import User    @app.before_request  def before_request():      g.user = None      if 'user_id' in session:          if session['user_id']:              user = User.query.get(session['user_id'])              if user:                  g.user = user              else:                  del session['user_id']
# Probably your User model placed in different blueprint  fromauthmodule.modelsimportUser     @app.before_request  defbefore_request():      g.user = None      if 'user_id' in session:          if session['user_id']:              user = User.query.get(session['user_id'])              if user:                  g.user = user              else:                  delsession['user_id']
</div>

 本文由用户 lihua184 自行上传分享,仅供网友学习交流。所有权归原作者,若您的权利被侵害,请联系管理员。
 转载本站原创文章,请注明出处,并保留原始链接、图片水印。
 本站是一个以用户分享为主的开源技术平台,欢迎各类分享!
 本文地址:https://www.open-open.com/lib/view/open1454461078573.html
Flask OAuth 安全相关 Github