1
這是一個多部分的問題,我一直在使用Google App Engine開發一個博客,爲了實現這個功能,我爲包含主題和文本的博客創建了一個數據存儲類。我想練實現用戶註冊,並因此創造了另一個類包含的用戶名,密碼哈希,電子郵件用戶和創建日期爲什麼我的實體即使顯示在儀表板上,也不會顯示在devserver上?
這兩個類的應用程序引擎創造實體和顯示在儀表盤上,但我的用戶表(因爲它是一個NoSql實現,我不知道該怎麼稱呼它)沒有顯示在我的本地devserver儀表板上
當我在Users表上運行一個查詢時,它返回true,即使用戶名從未被註冊。
我也實現了一個登錄功能,它總是返回用戶名或密碼無效的信息,當然這些信息只有當它們無效時纔會出現,我知道它們不是我輸入時的信息。
這是我的資料儲存庫實體代碼
class Blog(db.Model):
subject = db.StringProperty(required = True)
blog = db.TextProperty(required = True)
time_created = db.DateTimeProperty(auto_now_add = True)
day_created = db.DateProperty(auto_now_add = True)
class Users(db.Model):
username = db.StringProperty(required = True)
pw_hash = db.StringProperty(required = True)
emai = db.StringProperty()
user_since = db.DateTimeProperty(auto_now_add = True)
@classmethod
def by_id(cls, uid):
return Users.get_by_id(uid)
@classmethod
def by_name(cls, name):
user = Users.all().filter('name = ', name).get()
return user
@classmethod
def register(cls, name, pw, email = None):
pw_h = make_pw_h(name, pw)
return Users(username = name,
pw_hash = pw_h,
email = email)
@classmethod
def login(cls, name, pw):
u = cls.by_name(name)
if u and check_pw(pw):
return u
這是註冊一個新用戶
class Signup(BaseHandler):
def get(self):
self.render("signup-form.html")
def post(self):
have_error = False
self.username = self.request.get('username')
self.password = self.request.get('password')
self.verify = self.request.get('verify')
self.email = self.request.get('email')
params = dict(username = self.username,
email = self.email)
if not valid_username(self.username):
params['error_username'] = "That's not a valid username."
have_error = True
if not valid_password(self.password):
params['error_password'] = "That wasn't a valid password."
have_error = True
elif self.password != self.verify:
params['error_verify'] = "Your passwords didn't match."
have_error = True
if not valid_email(self.email):
params['error_email'] = "That's not a valid email."
have_error = True
if have_error:
self.render('signup-form.html', **params)
else:
u = db.GqlQuery("SELECT username FROM Users WHERE username='self.username'")
if u:
msg = "User already exists"
self.render('signup-form.html', error_username = msg)
else:
sing_user = Users.register(self.username, self.password, self.email)
sing_user.put()
#self.login(sing_user)
self.set_sec_coki('user-id', sing_user.key().id())
self.redirect('/welcome')
這是記錄在
用戶的函數的函數class Login(BlogHandler):
def get(self):
self.render('login-form.html')
def post(self):
username = self.request.get('username')
password = self.request.get('password')
u = User.login(username, password)
if u:
self.login(u)
self.redirect('/blog')
else:
msg = 'Invalid login'
self.render('login-form.html', error = msg)
這是我的BaseHandle r功能繼承了webapp2的類
class BaseHandler(webapp2.RequestHandler):
def render(self, template, **kw):
self.response.out.write(render_str(template, **kw))
def write(self, *a, **kw):
self.response.out.write(*a, **kw)
def set_sec_coki(self, name, val):
sec_val = make_secure_val(str(val))
self.response.headers.add_header('Set-Cookie', "%s=%s; Path=/" % (name,sec_val))
def read_secure_cookie(self, name):
cookie_val = self.request.cookies.get(name)
return cookie_val and check_secure_val(cookie_val)
def login(self, user):
self.set_secure_cookie('user_id', str(user.key().id()))
def logout(self):
self.response.headers.add_header('Set-Cookie', 'user_id=; Path=/')
而這些都是我用散列較小的功能和鹽餅乾和密碼
def make_secure_val(val):
return '%s|%s' % (val, hmac.new(secret, val).hexdigest())
def check_secure_val(sec_val):
val = sec_val.split('|')[0]
if sec_val == make_secure_val(val):
return val
def make_salt():
chars = string.ascii_uppercase + string.ascii_lowercase + string.digits
return ''.join(random.choice(chars) for x in range(5))
def make_pw_h(name, pw, salt = None):
if salt is None:
salt = make_salt()
return "%s,%s" % (salt, hashlib.sha256(name + pw + salt).hexdigest())
def check_pw_h(name, pw, h):
h = h.split(',')[1]
return h == make_pw_h(name, pw, h)
看看@馬丁感謝提示。 – Bhargav