tags:

views:

2863

answers:

4
+9  Q: 

Simple User management example for Google App Engine ?

Hi, I am newbie in Google App Engine. While I was going through the tutorial, I found several things that we do in php-mysql is not available in GAE. For example in dataStore auto increment feature is not available. Also I am confused about session management in GAE. Over all I am confused and can not visualize the whole thing.

Please advise me a simple user management system with user registration, user login, user logout, session (create,manage,destroy) with data Store. Also please advise me where I can get simple but effective examples.

Thanks in advance.

+5  A: 

Django is your best bet -- with the version I pointed you to, auth and sessions should both "just work" as per the Django docs. this article gives simple instructions and example of how to proceed from there.

For Django sessions, see here; for Django auth, here.

Alex Martelli  2009-06-23 02:19:41
Though I have used Django-on-AppEngine, I would not advocate ignoring appengines builtin auth over django. Any reason that you do? (Yes, I use Django outside of appengine too)
ironfroggy  2009-06-23 02:24:00
GAE's "builtin auth" only supports Google accounts, and in particular does not support "user registration", which the question very specifically requires (that's also why I didn't even bother suggesting OpenID this time -- last few times I did the askers saw it apparently as an attack on their desire to deal with their own user registration!-).
Alex Martelli  2009-06-23 02:36:30
Users can register against the app specifically the first time they log in with their Google (or OpenId) credentials.
Nick Johnson  2009-06-23 11:57:43
+2  A: 

You don't write user management and registration and all that, because you use Google's own authentication services. This is all included in the App Engine documentation.

ironfroggy  2009-06-23 02:22:54
So, my user have to use Google username? Can't they register only into my website? So, what will happen for user registration?
fireball003  2009-06-23 03:00:43
+11  A: 

I tend to use my own user and session manangement

For my web handlers I will attach a decorator called session and one called authorize. The session decorator will attach a session to every request, and the authorize decorator will make sure that the user is authorised

(A word of caution, the authorize decorator is specific to how I develop my applications - the username being the first parameter in most requests)

So for example a web handler may look like:

class UserProfile(webapp.RequestHandler):
  @session
  @authorize
  def get(self, user):
     # Do some funky stuff
     # The session is attached to the self object.
     someObjectAttachedToSession = self.SessionObj.SomeStuff
     self.response.out.write("hello %s" % user)

In the above code, the session decorator attaches some session stuff that I need based on the cookies that are present on the request. The authorize header will make sure that the user can only access the page if the session is the correct one.

The decorators code are below:

import functools
from model import Session
import logging

def authorize(redirectTo = "/"):
    def factory(method):
     'Ensures that when an auth cookie is presented to the request that is is valid'
     @functools.wraps(method)
     def wrapper(self, *args, **kwargs):

      #Get the session parameters
      auth_id = self.request.cookies.get('auth_id', '')
      session_id = self.request.cookies.get('session_id', '')

      #Check the db for the session
      session = Session.GetSession(session_id, auth_id)   

      if session is None:
       self.redirect(redirectTo)
       return
      else:
       if session.settings is None:
        self.redirect(redirectTo)
        return

       username = session.settings.key().name()

       if len(args) > 0:    
        if username != args[0]:
         # The user is allowed to view this page.
         self.redirect(redirectTo)
         return

      result = method(self, *args, **kwargs)

      return result
     return wrapper
    return factory

def session(method):
    'Ensures that the sessions object (if it exists) is attached to the request.'
    @functools.wraps(method)
    def wrapper(self, *args, **kwargs):

     #Get the session parameters
     auth_id = self.request.cookies.get('auth_id', '')
     session_id = self.request.cookies.get('session_id', '')

     #Check the db for the session
     session = Session.GetSession(session_id, auth_id)   

     if session is None:
      session = Session()
      session.session_id = Session.MakeId()
      session.auth_token = Session.MakeId()
      session.put()

     # Attach the session to the method
     self.SessionObj = session   

     #Call the handler.   
     result = method(self, *args, **kwargs)

     self.response.headers.add_header('Set-Cookie', 'auth_id=%s; path=/; HttpOnly' % str(session.auth_token))
     self.response.headers.add_header('Set-Cookie', 'session_id=%s; path=/; HttpOnly' % str(session.session_id))

     return result
    return wrapper

def redirect(method, redirect = "/user/"):
    'When a known user is logged in redirect them to their home page'
    @functools.wraps(method)
    def wrapper(self, *args, **kwargs):
     try: 
      if self.SessionObj is not None:
       if self.SessionObj.settings is not None:
        # Check that the session is correct
        username = self.SessionObj.settings.key().name()

        self.redirect(redirect + username)
        return
     except:
      pass
     return method(self, *args, **kwargs)
    return wrapper
Kinlan  2009-06-23 15:33:11
Thanks a lot! It makes sense. However I am troubled all day long if I will have to integrate django just for own user management. As far I get it , webapp only supports google users and all sort of support for that. Any help or advice on this? Can I simply do that without going for Django?
fireball003  2009-06-23 17:44:57
The above code isn't dependent on the Google Users, so you lose some ease of development but you get more control - none of the above requires Django... - All my user management is done without Googles User API (that is for twollo.com, ff.amplifeeder.com etc). I only use Django for template rendering at the moment so there is no requirement for Django either.
Kinlan  2009-06-23 20:50:40
A: 

What is users don't have a google account? Am I missing something?

Denis  2010-05-20 08:43:58
There's an "experimental" option to allow users to use OpenID.
Andrew Hedges  2010-08-11 06:29:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases