Search code examples
pythonoopcookiestornado

How to check users' cookie in tornado object orientally?

I am using tornado web framework with python language. I want to make a parent class named for example

class parentClass(tornado.web.RequestHandler):
def get(self):
    cookie = self.get_cookie("cookie")

After that I want to make child classes, such as

class childClass(parentClass):
self.write("you have permission")

How can I check if the user is permitted to use the website in the parent class? How can I control the child class from the parent class?

Solution

  • if your usecase is user authentication this is perfectly handled in tornado using the @tornado.web.authenticated decorator on any method with secured access in your handlers. This will call the get_current_user method of the handler which you can implement in the Baseclass (Which would be your ParentClass in your example)

    For more info and working code see the excerpt below which I have taken from the according tornado documentation

    User authentication

    The currently authenticated user is available in every request handler as self.current_user, and in every template as current_user. By default, current_user is None.

    To implement user authentication in your application, you need to override the get_current_user() method in your request handlers to determine the current user based on, e.g., the value of a cookie. Here is an example that lets users log into the application simply by specifying a nickname, which is then saved in a cookie:

    class BaseHandler(tornado.web.RequestHandler):
    def get_current_user(self):
        return self.get_secure_cookie("user")

class MainHandler(BaseHandler):
    def get(self):
        if not self.current_user:
            self.redirect("/login")
            return
        name = tornado.escape.xhtml_escape(self.current_user)
        self.write("Hello, " + name)

class LoginHandler(BaseHandler):
    def get(self):
        self.write('<html><body><form action="/login" method="post">'
                   'Name: <input type="text" name="name">'
                   '<input type="submit" value="Sign in">'
                   '</form></body></html>')

    def post(self):
        self.set_secure_cookie("user", self.get_argument("name"))
        self.redirect("/")

application = tornado.web.Application([
    (r"/", MainHandler),
    (r"/login", LoginHandler),
], cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__")

    You can require that the user be logged in using the Python decorator tornado.web.authenticated. If a request goes to a method with this decorator, and the user is not logged in, they will be redirected to login_url (another application setting). The example above could be rewritten:

    class MainHandler(BaseHandler):
    @tornado.web.authenticated
    def get(self):
        name = tornado.escape.xhtml_escape(self.current_user)
        self.write("Hello, " + name)

settings = {
    "cookie_secret": "__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__",
    "login_url": "/login",
}
application = tornado.web.Application([
    (r"/", MainHandler),
    (r"/login", LoginHandler),
], **settings)