SegAnnDB Login System
Wed 17 August 2016The authentication is pretty basic which can be summed up in the following steps -
- User logs in via Google OAuth
- The user information is retrieved from Google’s API
- Using pyramid, we set a cookie on with the name of user_id
- Everytime a request comes in we decode the cookie, and get the user_id
- For logout, a simple javascript function clears out the cookie by invalidating it based on expire time.
- For retrieving the
user_id
from the cookie in the server-side I wrote down a simple function which takes the request and retrieves theuser_id
from the cookie.
Picking up from my last (blog
post)[http://abstatic.github.io/session-vs-token-authourization.html] , I was
experimenting around with pyramid_google_login
for implementing a OAuth2
based login system.
Turns out, pyramid_google_login
had some compatibility issues with the
version of pyramid we were using in SegAnnDB. So I decided to fork the repo
and fixed all the compatibility issues. Added to that I also made some
modifications in the code to set cookie in the returning response in case of
a successful login.
For handling the logout, I had to rely on javascript because I was not storing any information about the session cookie using pyramid. Here is the JS code that handles the logout functionality -
File: static/auth.js
// check if user is logged in or not
// on basis of that show appropriate buttons
var user = getCookie("authtkt");
var divElem = $("#auth");
if (user != "")
{
var button = "<button onclick='bye()'>Log Out</button>";
divElem.append(button);
}
else
{
// okay the user is not logged in
// render the login button
var button = "<a href='/auth/signin_redirect'><button>Login</button></a>";
divElem.append(button);
}
// function to erase cookies
// courtsey StackOverflow :)
// - http://stackoverflow.com/questions/179355/clearing-all-cookies-with-javascript
function eraseCookieFromAllPaths(name) {
// This function will attempt to remove a cookie from all paths.
var pathBits = location.pathname.split('/');
var pathCurrent = ' path=';
// do a simple pathless delete first.
document.cookie = name + '=; expires=Thu, 01-Jan-1970 00:00:01 GMT;';
for (var i = 0; i < pathBits.length; i++) {
pathCurrent += ((pathCurrent.substr(-1) != '/') ? '/' : '') + pathBits[i];
document.cookie = name + '=; expires=Thu, 01-Jan-1970 00:00:01 GMT;' + pathCurrent + ';';
}
}
// function to logout the user
function bye()
{
eraseCookieFromAllPaths("authtkt");
//now we need to refresh the page as well.
location.reload();
}
// function to get a cookie from cookie storage
function getCookie(cname)
{
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i = 0; i < ca.length; i++)
{
var c = ca[i];
while (c.charAt(0) == ' ')
{
c = c.substring(1);
}
if (c.indexOf(name) == 0)
{
return c.substring(name.length, c.length);
}
}
return "";
}
I also had to override a default pyramid function in file views.py
# I am trying to override the authenticated_userid function here
# retrieve the cookie and return to the user
def authenticated_userid(request):
"""This function returns the user_id from the request"""
try:
val = request.cookies["authtkt"]
except:
# in case the cookie is not found it applies, unauthenticated user
val = None;
print val
return val
Now as mentioned earlier, I had to find a way to upload my modified version of
the login module of pyramid_google_login
to pypi so that it can be used in SegAnnDB
For that, I refractored all the code of pyramid_google_login
into a new
module named seganndb_login
. It lives in
github and
pypi as well.
I also added a cookie based authentication mechanism into the module, and
uploaded it to PyPi. We install the new login module using pip install
seganndb_login
and easily import it into pyramid configuration file.
Using seganndb_login
module can be easily used in any other login
application too. You only need to install it and add it in your configuration
file of pyramid using - config.include('seganndb-login')
The next post will be about creating a container for SegAnnDB both for the old version and the new GSoC code.
Comments