5Jan/080
Django Authentication from Flex
This method isn't very good, and I would recommend using this instead. This will still work, but I believe it is better to maintain a proper browser session and not do all this monkey work for authentication.
Django 'salts' passwords for added protection. They use SHA1 with a random key applied to further obfuscate the resulting hash. This is a good thing, but it threw me off for a bit. I don't want to send the unencrypted passwords over the wire, so I needed to grab the hash string from Django, break it apart, and reassemble it inside of flex. This did the trick:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | private function onGetUsersComplete( re:ResultEvent ):void { var users:Array = re.result as Array; var userArray:Array = []; for ( var ii:int = 0; ii < users.length; ii++ ) { var user:UserVO = users[ii] as UserVO; userArray.push( user ); trace( users[ii].first_name ); } var isValidUser:Boolean = false; loginService.removeEventListener(ResultEvent.RESULT, onGetUsersComplete); for ( var i:int = 0; i < users.length; i++ ) { if ( users[i].username == this.username ) { currentUser = users[i] as UserVO; var salt:String = users[i].password.split('$')[1]; //django specific password scheme password = 'sha1$' + salt + '$' + SHA1.hash( salt + password ); loginService.verify_credentials( username, password ); loginService.addEventListener(ResultEvent.RESULT, onVerifyCredentialsResult, false, 0, true ); isValidUser = true; } } if ( !isValidUser ) { sendNotification( ApplicationFacade.LOGIN_FAILED, "Invalid Username" ) } } |
The Django Authentication from Flex by Joel Hooks, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 United States License.
