对于我的webapp,我使用beaker和sessionauthenticationpolicy。 在查看pyramid.security时,我注意到"记得" " sessionauthenticationpolicy"的功能返回一个空列表,这样我就无法设置cookie 在响应中返回给用户(在登录视图中)以跟踪他的基础 他的"用户ID"下次他提出请求时。
由于
答案 0 :(得分:0)
您可以从服务器端的会话存储中读取用户ID。应用程序通常也会公开request.user属性:https://github.com/websauna/websauna/blob/master/websauna/system/init.py#L201
以下是add_request_method(原始来源https://github.com/websauna/websauna/blob/master/websauna/system/auth/authentication.py)
"""The user authentication helper functions."""
from pyramid.settings import aslist
from pyramid.security import unauthenticated_userid
from websauna.system.http import Request
from websauna.system.user.models import User
from websauna.system.user.utils import get_user_registry
def get_user(session_token: str, request: Request) -> User:
"""Extract the logged in user from the request object using Pyramid's authentication framework."""
# user_id = unauthenticated_userid(request)
# TODO: Abstract this to its own service like in Warehouse?
user_registry = get_user_registry(request)
if session_token is not None:
user = user_registry.get_user_by_session_token(session_token)
# Check through conditions why this user would no longer be valid
if user:
if not user.can_login():
# User account disabled while in mid-session
return None
return user
return None
def get_request_user(request:Request) -> User:
"""Reify method for request.user"""
user_id = unauthenticated_userid(request)
return get_user(user_id, request) if user_id else None