Search code examples
pythongoogle-app-engineauthenticationwebapp2

python Google App Engine : Webapp2 : Authentication

i am using custom user accounts for one of my projects and am using the User model and authentication provided by webapp2. Everything runs perfect but i am stuck at the part where authentication is not successful.

For Example:

#imports
from webapp2_extras.appengine.auth.models import User

class LoginHandler(SomeBaseRequestHandler):
  def get(self):
  '''self code goes in here'''

  def post(self):
    auth_id = 'authentication:id'
    password = 'somepassword'

    user = User.get_by_auth_password(authid, password)
    if user:
      # code to set a session and redirect to homepage
    else:
      # append error list and render a template

I am able to login the user however the problem arises if a user provides a wrong user name or password. if the user provides any of the wrong credentials it raises a server side error.

Traceback (most recent call last):
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 1536, in __call__
rv = self.handle_exception(request, response, e)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 1530, in __call__
rv = self.router.dispatch(request, response)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 1278, in default_dispatcher
return route.handler_adapter(request, response)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 1102, in __call__
return handler.dispatch()
File "/home/tigerstyle/orbit/orbit/orbit/handlers.py", line 36, in dispatch
webapp2.RequestHandler.dispatch(self)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 572, in dispatch
return self.handle_exception(e, self.app.debug)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2.py", line 570, in dispatch
return method(*args, **kwargs)
File "/home/tigerstyle/orbit/orbit/orbit/handlers.py", line 239, in post
user = User.get_by_auth_password(auth_id, password)
File "/opt/google_appengine_1.6.4/lib/webapp2/webapp2_extras/appengine/auth/models.py",    line 301, in get_by_auth_password
raise auth.InvalidPasswordError()
InvalidPasswordError
Solution

  • You can use try / except to control your login flow:

    def post(self):
  """
  username: Get the username from POST dict
  password: Get the password from POST dict
  """
  username = self.request.POST.get('username')
  password = self.request.POST.get('password')
  # Try to login user with password
  # Raises InvalidAuthIdError if user is not found
  # Raises InvalidPasswordError if provided password doesn't match with specified user
  try:
    self.auth.get_user_by_password(username, password)
    self.redirect('/secure')
  except (InvalidAuthIdError, InvalidPasswordError), e:
    # Returns error message to self.response.write in the BaseHandler.dispatcher
    # Currently no message is attached to the exceptions
    return e