As we have seen, Tornado helps you deal with Cookies and Secure cookies so what’s the next logical thing? Yes, user login. Let’s look at the Tornado’s capability for providing user authentication.
Tornado provides get_current_user() method to determine if the user is already logged in. Developers need to override this method to get the current user and that can be done through cookies (secure). Every logged-in user, is represented by Tornado as self.current_user. By default this value is set to None.
Let’s see how these two work in conjunction in the example below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import tornado.ioloop | |
import tornado.web | |
class Main(tornado.web.RequestHandler): | |
def get_current_user(self): | |
return self.get_secure_cookie("user") | |
def get(self): | |
if not self.current_user: | |
self.redirect("/login") | |
return | |
username = self.current_user | |
self.write('Hi there, '+ username) | |
class Login(Main): | |
def get(self): | |
self.render('auth.html') | |
def post(self): | |
self.set_secure_cookie("user", self.get_argument("username")) | |
self.redirect("/") | |
application = tornado.web.Application([ | |
(r"/", Main), | |
(r"/login", Login), | |
(r"/(style\.css)",tornado.web.StaticFileHandler, {"path": "./css/"}), | |
],debug=True, cookie_secret="61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=") | |
if __name__ == "__main__": | |
application.listen(8888) | |
tornado.ioloop.IOLoop.instance().start() |
Sequence of events,
- When user browses to http://127.0.0.1:8888/, GET method of Main Handler is called.
- In order to check if user has logged-in (with self.current_user), the call is routed to get_current_user().
- In the first run, since there is no authenticated user, the client is redirected to /login page, with Get request.
- In Login Handler, auth.html web page is rendered to the client and user is asked to log-in with username.
- When the user enters a username and submits it, a Post request is sent to /login where a secure cookie is set for the username entered and the client gets redirected to the Main Handler ‘/’. This time round, since the user has logged-in, self.current_user is not None and a message ‘Hi there, ” with username is received on the client’s browser.
/login page
Response
Python Decorator – @tornado.web.authenticated
The above behavior can also be achieved with decorator @tornado.web.authenticated. Example below:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import tornado.ioloop | |
import tornado.web | |
class Main(tornado.web.RequestHandler): | |
def get_current_user(self): | |
return self.get_secure_cookie("user") | |
@tornado.web.authenticated | |
def get(self): | |
## This work is achieved by decorator @tornado.web.authenticated | |
#if not self.current_user: | |
# self.redirect("/login") | |
# return | |
username = self.current_user | |
self.write('Hi there, '+ username) | |
class Login(Main): | |
def get(self): | |
self.render('auth.html') | |
def post(self): | |
self.set_secure_cookie("user", self.get_argument("username")) | |
self.redirect("/") | |
settings = { | |
"cookie_secret":"61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=", | |
"login_url":"/login", | |
"debug":"True", | |
} | |
application = tornado.web.Application([ | |
(r"/", Main), | |
(r"/login", Login), | |
(r"/(style\.css)",tornado.web.StaticFileHandler, {"path": "./css/"}), | |
], **settings) | |
if __name__ == "__main__": | |
application.listen(8888) | |
tornado.ioloop.IOLoop.instance().start() |
In this code snippet, we need not worry about getting self.current_user. This work is done by the decorator. So here if the user is not logged in, the request is redirected to login_url application setting, which is /login in this case.
tornado.web.Application aplicação = ([
(r “/”, Principal),
(r “login /”, Login),
(r “/ (estilo \ css).”, tornado.web.StaticFileHandler, {“caminho”: “. / css /”}),
], debug = True, cookie_secret = “61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo =”)
Acima nenhum Código, porqué eu tenho Que informar IstoÉ: cookie_secret = “61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo =”
Onde e Momento los Que FOI Gerado Este Código:
61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo =