[google-appengine] Re: login: admin in python37

2021-01-25 Thread 'Elliott (Cloud Platform Support)' via Google App Engine 
Hello Joshua,

I understand that you would like an easy way to implement authentication 
because you may not continue to use login: admin. I was able to confirm 
this. First, I would like to apologize for the inconvenience. There is no 
easy way other than to implement one of the options listed in this document 

.

You are presented with some options including Firebase Authentication, 
Google Sign-In and OAuth 2.0 and OpenID Connect. Each of these technologies 
are described in the document.

I would like your thoughts on the recommended ways so that we may find a 
solution that agrees with you.

I hope that we may now have enough to elaborate on this discussion.


On Friday, January 22, 2021 at 1:07:16 PM UTC-5 Joshua Smith wrote:

> In my quest to figure out how to keep using Google App Engine when 
> Python27 eventually goes away, I've just run into yet another case where 
> something simple seems to have been replaced with a nightmare of 
> complexity 
> 
> .
>
> In my old app.yaml, I had this:
>
> - url: /admin/.*
>   script: main.app
>   secure: always
>   login: admin
>
> Unfortunately, python37 doesn't support *login: admin* any more (!). I'm 
> facing a mountain of documentation detailing a bunch of different ways I 
> can do authentication now.
>
> Stack overflow is no help at all in simplifying this.
>
> Anyone here have advice on the *easiest possible way* to get the old 
> Python27 behavior that you have to be logged in as the app administrator in 
> order to hit a certain URL?
>
> This isn't for ensuring crons are only run by cron. That seems pretty easy 
> by looking at headers.
>
> This is for when you have administrative functions that only the 
> developers need access to, and I'm looking for the easiest way to ensure a 
> URL is only accessible to those particular people.
>
> In case it matters, I'm using Flask.
>
> -Joshua
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/05ac62c4-6c44-4e7b-8068-1601d6a4eef0n%40googlegroups.com.

[google-appengine] Re: login: admin in python37

2021-02-15 Thread NoCommandLine 

   
   1. Create an object for a user that you will store in session. This 
   object could have the following attributes - email, isAdmin, userId
   2. Put a login decorator in front of the route. The decorator will 
   ensure (force a login) there is a logged in user before they can access the 
   endpoint (just Google 'python login_decorator' for sample codes)
   3. When the decorator forces a user to login and you retrieve stuff like 
   user email address, check if this email matches the email of the person (or 
   persons) you expect to be your admin. If there is a match, set 'isAdmin' to 
   True, then store the user object in session
   4. After the login decorator code runs, it then moves into the code for 
   your endpoint and there you check if the value of 'isAdmin' is True. If so, 
   you continue processing. If False, you deliver a message to the user and 
   exit
   

In simple terms, Python37 (which doesn't support 'users api') is forcing 
you to write some of the code behind the 'login:admin' entry in your 
app.yaml. The advantage of (doing this hard/extra work) is that you can 
extend this capability to support people as 'admin' even without a Google 
Account i.e. you can grant admin privilege to someone based on their 
twitter login or facebook login or even a manual user Id 


*.* NoCommandLine *..*
*If you miss GAE Launcher, try* https://nocommandline.com

On Friday, January 22, 2021 at 10:07:16 AM UTC-8 Joshua Smith wrote:

> In my quest to figure out how to keep using Google App Engine when 
> Python27 eventually goes away, I've just run into yet another case where 
> something simple seems to have been replaced with a nightmare of 
> complexity 
> 
> .
>
> In my old app.yaml, I had this:
>
> - url: /admin/.*
>   script: main.app
>   secure: always
>   login: admin
>
> Unfortunately, python37 doesn't support *login: admin* any more (!). I'm 
> facing a mountain of documentation detailing a bunch of different ways I 
> can do authentication now.
>
> Stack overflow is no help at all in simplifying this.
>
> Anyone here have advice on the *easiest possible way* to get the old 
> Python27 behavior that you have to be logged in as the app administrator in 
> order to hit a certain URL?
>
> This isn't for ensuring crons are only run by cron. That seems pretty easy 
> by looking at headers.
>
> This is for when you have administrative functions that only the 
> developers need access to, and I'm looking for the easiest way to ensure a 
> URL is only accessible to those particular people.
>
> In case it matters, I'm using Flask.
>
> -Joshua
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/google-appengine/8679aa4e-7090-4394-b0c1-be580a60fdf1n%40googlegroups.com.