Commit e35eafd

committed

1 parent e4d5959 commit e35eafdCopy full SHA for e35eafd

File tree

4 files changed

+43

-10

lines changed

code/ch6-users-and-forms
- infrastructure
  - cookie_auth.py
  - num_convert.py
- viewmodels/shared
  - viewmodel.py
- views
  - account.py

4 files changed

+43

-10

lines changed

`‎code/ch6-users-and-forms/infrastructure/cookie_auth.py‎`

Lines changed: 33 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,18 +1,43 @@`
	`1`	`+import hashlib`
`1`	`2`	`from typing import Optional`
`2`	`3`
`3`		`-from starlette.requests import Request`
`4`		`-from starlette.responses import Response`
	`4`	`+from fastapi import Request`
	`5`	`+from fastapi import Response`
`5`	`6`
`6`		`-auth_key = 'pypi_account'`
	`7`	`+from infrastructure.num_convert import try_int`
	`8`	`+`
	`9`	`+auth_cookie_name = 'pypi_account'`
`7`	`10`
`8`	`11`
`9`	`12`	`def set_auth(response: Response, user_id: int):`
`10`		`- response.set_cookie(auth_key, str(user_id), secure=False, httponly=True)`
	`13`	`+ hash_val = __hash_text(str(user_id))`
	`14`	`+ val = "{}:{}".format(user_id, hash_val)`
	`15`	`+ response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')`
	`16`	`+`
	`17`	`+`
	`18`	`+def __hash_text(text: str) -> str:`
	`19`	`+ text = 'salty__' + text + '__text'`
	`20`	`+ return hashlib.sha512(text.encode('utf-8')).hexdigest()`
`11`	`21`
`12`	`22`
`13`		`-def get_user_id_from_auth_cookie(request: Request) -> Optional[int]:`
`14`		`- if auth_key not in request.cookies:`
	`23`	`+def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:`
	`24`	`+ if auth_cookie_name not in request.cookies:`
	`25`	`+ return None`
	`26`	`+`
	`27`	`+ val = request.cookies[auth_cookie_name]`
	`28`	`+ parts = val.split(':')`
	`29`	`+ if len(parts) != 2:`
`15`	`30`	`return None`
`16`	`31`
`17`		`- user_id = int(request.cookies[auth_key])`
`18`		`- return user_id`
	`32`	`+ user_id = parts[0]`
	`33`	`+ hash_val = parts[1]`
	`34`	`+ hash_val_check = __hash_text(user_id)`
	`35`	`+ if hash_val != hash_val_check:`
	`36`	`+ print("Warning: Hash mismatch, invalid cookie value")`
	`37`	`+ return None`
	`38`	`+`
	`39`	`+ return try_int(user_id)`
	`40`	`+`
	`41`	`+`
	`42`	`+def logout(response: Response):`
	`43`	`+ response.delete_cookie(auth_cookie_name)`

`‎code/ch6-users-and-forms/infrastructure/num_convert.py‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	`+def try_int(text) -> int:`
	`2`	`+ try:`
	`3`	`+ return int(text)`
	`4`	`+ except:`
	`5`	`+ return 0`

`‎code/ch6-users-and-forms/viewmodels/shared/viewmodel.py‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ def __init__(self, request: Request):`
`13`	`13`	`self.user_id: Optional[int] = None`
`14`	`14`
`15`	`15`	`# We'll get this once we have users from the cookies.`
`16`		`- self.is_logged_in = cookie_auth.get_user_id_from_auth_cookie(self.request)`
	`16`	`+ self.is_logged_in = cookie_auth.get_user_id_via_auth_cookie(self.request)`
`17`	`17`
`18`	`18`	`def to_dict(self) -> dict:`
`19`	`19`	`return self.__dict__`

`‎code/ch6-users-and-forms/views/account.py‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -54,4 +54,7 @@ def login(request: Request):`
`54`	`54`
`55`	`55`	`@router.get('/account/logout')`
`56`	`56`	`def logout(request: Request):`
`57`		`- return {}`
	`57`	`+ response = fastapi.responses.RedirectResponse(url='/', status_code=status.HTTP_302_FOUND)`
	`58`	`+ cookie_auth.logout(response)`
	`59`	`+`
	`60`	`+ return response`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit e35eafd

File tree

4 files changed

4 files changed

`‎code/ch6-users-and-forms/infrastructure/cookie_auth.py‎`

`‎code/ch6-users-and-forms/infrastructure/num_convert.py‎`

`‎code/ch6-users-and-forms/viewmodels/shared/viewmodel.py‎`

`‎code/ch6-users-and-forms/views/account.py‎`

0 commit comments