diff options
| author | Dariusz Górecki <darek.krk@gmail.com> | 2016-08-10 11:10:49 +0100 |
|---|---|---|
| committer | Dariusz Górecki <darek.krk@gmail.com> | 2016-08-10 11:10:49 +0100 |
| commit | f2f196db97462d5d19253d261cb2167fd19c1108 (patch) | |
| tree | 8f14e42096c343b57d4ccae486dea0309bad4b49 /docs/quick_tutorial/authorization | |
| parent | c0ddbc37530042119539b60245e2e2a4fccc83c0 (diff) | |
| parent | a69db3dc7c57f318308434905ee96e23d0c0d3df (diff) | |
| download | pyramid-f2f196db97462d5d19253d261cb2167fd19c1108.tar.gz pyramid-f2f196db97462d5d19253d261cb2167fd19c1108.tar.bz2 pyramid-f2f196db97462d5d19253d261cb2167fd19c1108.zip | |
Merge branch 'master' into extract_http_basic
Diffstat (limited to 'docs/quick_tutorial/authorization')
| -rw-r--r-- | docs/quick_tutorial/authorization/setup.py | 3 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/security.py | 16 | ||||
| -rw-r--r-- | docs/quick_tutorial/authorization/tutorial/views.py | 7 |
3 files changed, 21 insertions, 5 deletions
diff --git a/docs/quick_tutorial/authorization/setup.py b/docs/quick_tutorial/authorization/setup.py index 2221b72e9..7a6ff4226 100644 --- a/docs/quick_tutorial/authorization/setup.py +++ b/docs/quick_tutorial/authorization/setup.py @@ -2,7 +2,8 @@ from setuptools import setup requires = [ 'pyramid', - 'pyramid_chameleon' + 'pyramid_chameleon', + 'bcrypt' ] setup(name='tutorial', diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py index ab90bab2c..e585e2642 100644 --- a/docs/quick_tutorial/authorization/tutorial/security.py +++ b/docs/quick_tutorial/authorization/tutorial/security.py @@ -1,5 +1,17 @@ -USERS = {'editor': 'editor', - 'viewer': 'viewer'} +import bcrypt + + +def hash_password(pw): + pwhash = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt()) + return pwhash.decode('utf8') + +def check_password(pw, hashed_pw): + expected_hash = hashed_pw.encode('utf8') + return bcrypt.checkpw(pw.encode('utf8'), expected_hash) + + +USERS = {'editor': hash_password('editor'), + 'viewer': hash_password('viewer')} GROUPS = {'editor': ['group:editors']} diff --git a/docs/quick_tutorial/authorization/tutorial/views.py b/docs/quick_tutorial/authorization/tutorial/views.py index 43d14455a..b2dc905c0 100644 --- a/docs/quick_tutorial/authorization/tutorial/views.py +++ b/docs/quick_tutorial/authorization/tutorial/views.py @@ -10,7 +10,10 @@ from pyramid.view import ( forbidden_view_config ) -from .security import USERS +from .security import ( + USERS, + check_password +) @view_defaults(renderer='home.pt') @@ -42,7 +45,7 @@ class TutorialViews: if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] - if USERS.get(login) == password: + if check_password(password, USERS.get(login)): headers = remember(request, login) return HTTPFound(location=came_from, headers=headers) |