diff options
| author | Chris McDonough <chrism@plope.com> | 2016-09-14 16:09:42 -0400 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2016-09-14 16:09:42 -0400 |
| commit | 85bd2b8187c39e44285983261a74aa815f2b19ed (patch) | |
| tree | 4bc2269119fbe03d1fa54171148ff0cc5d88fd93 /docs/quick_tutorial/authorization | |
| parent | d350714a917b1a06dd4be6092e7b3da64771a4af (diff) | |
| parent | 4acd85dc98fb2a43eae54d2116cc4bf383157269 (diff) | |
| download | pyramid-85bd2b8187c39e44285983261a74aa815f2b19ed.tar.gz pyramid-85bd2b8187c39e44285983261a74aa815f2b19ed.tar.bz2 pyramid-85bd2b8187c39e44285983261a74aa815f2b19ed.zip | |
Merge branch 'master' of github.com:Pylons/pyramid
Diffstat (limited to 'docs/quick_tutorial/authorization')
| -rw-r--r-- | docs/quick_tutorial/authorization/setup.py | 3 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/security.py | 16 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/views.py | 7 |
3 files changed, 21 insertions, 5 deletions
diff --git a/docs/quick_tutorial/authorization/setup.py b/docs/quick_tutorial/authorization/setup.py index 2221b72e9..7a6ff4226 100644 --- a/docs/quick_tutorial/authorization/setup.py +++ b/docs/quick_tutorial/authorization/setup.py @@ -2,7 +2,8 @@ from setuptools import setup requires = [ 'pyramid', - 'pyramid_chameleon' + 'pyramid_chameleon', + 'bcrypt' ] setup(name='tutorial', diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index ab90bab2c..e585e2642 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,5 +1,17 @@ -USERS = {'editor': 'editor', - 'viewer': 'viewer'} +import bcrypt + + +def hash_password(pw): + pwhash = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt()) + return pwhash.decode('utf8') + +def check_password(pw, hashed_pw): + expected_hash = hashed_pw.encode('utf8') + return bcrypt.checkpw(pw.encode('utf8'), expected_hash) + + +USERS = {'editor': hash_password('editor'), + 'viewer': hash_password('viewer')} GROUPS = {'editor': ['group:editors']} diff --git a/docs/quick_tutorial/authorization/tutorial/views.py b/docs/quick_tutorial/authorization/tutorial/views.py index 43d14455a..b2dc905c0 100644 --- a/docs/quick_tutorial/authorization/tutorial/views.py +++ b/docs/quick_tutorial/authorization/tutorial/views.py @@ -10,7 +10,10 @@ from pyramid.view import ( forbidden_view_config ) -from .security import USERS +from .security import ( + USERS, + check_password +) @view_defaults(renderer='home.pt') @@ -42,7 +45,7 @@ class TutorialViews: if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] - if USERS.get(login) == password: + if check_password(password, USERS.get(login)): headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) |