2020-2-11(168)_切削液有什么作用2020-2-142.3万阅读-优快云博客

本文链接：https://blog.youkuaiyun.com/Folivoraxue/article/details/104271691

本文详细介绍了一种基于Python的用户认证与权限管理系统的设计与实现，包括用户注册、登录、密码加密、异常处理、权限分配及检查等功能。通过具体代码案例，展示了如何使用SHA256算法加密密码，以及如何通过类和异常处理来增强系统的健壮性和安全性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

#[102]案例学习 auth.py

import hashlib
class User:
    def __init__(self,username,password):
        '''创建一个用户，密码在存储前将会被加密'''
        self.username = username
        self.password = self._encrypr_pw(password)
        self.is_logged_in = False
        
    def _encrypr_pw(self,password):
        '''密码加密，使用用户名+密码的形式加密，加密算法sha256，
           并返回加密结果'''
        hash_string = self.username + password
        hash_string = hash_string.encode("utf-8")
        return hashlib.sha256(hash_string).hexdigest()
    
    def check_password(self,password):
        '''如果密码对该用户有效，则返回true，否则返回false'''
        encryted = self._encrypr_pw(password)
        if encryted == self.password:
            return True
        else:
            return False
      

class AuthException(Exception):
    def __init__(self,username,user = None):
        super().__init__(username,user)
        self.username = username
        #user为User类的实例
        self.user = user

#用户名已存在异常类
class UsernameAlreadyExists(AuthException):
    pass

#密码过短异常类
class PasswordTooShort(AuthException):
    pass
    
class InvalidUsername(AuthException):
    pass

class InvalidPassword(AuthException):
    pass    

   
class Authenticator:
    '''身份验证'''
    def __init__(self):
        self.users = {}
        
    def add_user(self,username,password):    
        if username in self.users:
            raise UsernameAlreadyExists("%s 已存在" %username)
        if len(password) < 6:
            raise PasswordTooShort("%s 密码位数不足6位" %username)
        #实例化User类
        self.users[username] = User(username,password)
    
    def login(self,username,password):
        try:
            user = self.users[username]
        except KeyError: #用户名不在self.users中
            raise InvalidUsername("用户名无效")
        
        if not user.check_password(password):
            raise InvalidPassword("密码无效")
        #用户登录状态置为True
        user.is_logged_in = True
        return True
        
    def is_login(self,username):
        '''查看登录状态'''
        if username in self.users:
            return self.users[username].is_logged_in
        return False

class PermissionError(Exception):
    pass       

class NotLoggedInError(AuthException):
    pass
    
class NotPermittedError(AuthException):
    pass
        
class Authorizor:
    '''给用户加权限'''
    def __init__(self):
        self.authenticator = Authenticator()
        #权限
        self.permissions = {}

    def add_permission(self, perm_name):
        '''添加权限'''
        try:
            perm_set = self.permissions[perm_name]    
        except KeyError:
            self.permissions[perm_name] = set()
        else:
            raise PermissionError("该权限已存在")

    def permit_user(self, perm_name, username):
        '''授权权限给用户'''
        try:
            perm_set = self.permissions[perm_name]
        except KeyError:
            raise PermissionError("该权限不存在")
        else:
            if username not in self.authenticator.users:
                raise InvalidUsername("用户名无效")
            perm_set.add(username)
                
    def check_permission(self, perm_name, username):     
        '''检查某个用户是否有某个权限'''    
        #用户必须为登录状态
        if not self.authenticator.is_login(username):
            raise NotLoggedInError(username)
        try:
            perm_set = self.permissions[perm_name]
        except KeyError:
            raise PermissionError("该权限不存在") 
        else:
            if username not in perm_set:
                raise NotPermittedError(username)
            else:
                return True

import auth

obj1 = auth.Authorizor()
#加用户
obj1.authenticator.add_user("cc","123456")
obj1.authenticator.add_user("zz","123456")
obj1.authenticator.add_user("bb","1234567890")
#加权限
obj1.add_permission("add")
obj1.add_permission("del")
#给用户赋予权限
obj1.permit_user("add","cc")

class Editor:
    def __init__(self):
        self.username = None
        self.menu_map = {
                         "login": self.login,
                         "test": self.test,
                         "change": self.change,
                         "quit": self.quit
                         }
    def login(self):
        logged_in = False   
        while not logged_in:
            username = input("username: ")
            password = input("password: ")
            try:
                logged_in = obj1.authenticator.login(username,password)
            except auth.InvalidUsername:
                print("**用户名无效**")    
            except auth.InvalidPassword:
                print("**密码无效**")     
            else:
                self.username = username    
    
    def is_permitted(self, permission):
        try:
            obj1.check_permission(permission, self.username)
        except auth.NotLoggedInError as e:
            print(e.username)
            return False
        except auth.NotPermittedError as e:
            print(e.username)
            return False
        else:
            return True
            
    def test(self):
        if self.is_permitted("add"):
            print("ADDing...")
    
    def change(self):
        if self.is_permitted("del"):
            print("DEling...")
          
    def quit(self):
        raise SystemExit()
    
    def menu(self):
        try:
            answer = ""
            while True:
                answer = input("enter a command: ").lower()
                try:
                    func = self.menu_map[answer]
                except KeyError:
                    print("输入的命令无效")                
                else:
                    func()
        finally:
            print("Thank you for testing the auth module")
            
Editor().menu()