如何将用户定向到登录页面而不是 Flask HTTPBasicAuth 中的登录弹出窗口?
How to direct user to a login page instead of a login popup in Flask HTTPBasicAuth?
使用 HTTPBasicAuth 重定向到登录页面的正确方法是什么?截至目前,它总是将我带到 verify_password 函数,并且会显示一个弹出窗口,要求输入用户名和密码。相反,我希望它重定向到登录页面,然后记住用户已通过该登录页面成功进行身份验证。 HTTPBasicAuth官方页面没有解释。
这是我当前的代码:
#!flask/bin/python
from flask import Flask, jsonify, abort, request, make_response, url_for
from flask import render_template
from flask_httpauth import HTTPBasicAuth
#Attribution: https://blog.miguelgrinberg.com/post/designing-a-restful-api-with-python-and-flask
#reference: https://github.com/realpython/discover-flask
#Needs: pip install flask-httpauth
app = Flask(__name__)
auth = HTTPBasicAuth()
@app.route('/', methods=['GET','POST'])
@auth.login_required
def login():
print('in login')
print(request.values.get('email'), request.values.get('password'))
templateToReturn = 'login.html'
if request.method == 'POST':
print('in post')
username = request.values.get('email')
password = request.values.get('password')
if verify_password(username, password):
print('password verified')
templateToReturn = 'index.html'
print('Curr user', auth.current_user())
print('request: ', request.method)
if request.method == 'GET' and auth.current_user():
templateToReturn = 'index.html'
return render_template(templateToReturn)
@auth.verify_password
def verify_password(email, password):
print('in verify pwd')
return verifyAuthentication(email, password)
def verifyAuthentication(email, password):
knownUsers = {'p1@gmail.com': 'pass',
'p2@yahoo.com': 'pass'}
authenticated = False
if email in knownUsers:
if knownUsers[email] == password:
authenticated = True
return authenticated
@app.route('/logout')
def logout():
return render_template('logout.html')
@auth.error_handler
def unauthorized():
return '<!DOCTYPE html><html><body><div style="text-align: center;">Unauthorized access</div></body></html>'
@app.errorhandler(400)
def bad_request(error):
return '<!DOCTYPE html><html><body><div style="text-align: center;">Bad request</div></body></html>'
@app.errorhandler(404)
def not_found(error):
return '<!DOCTYPE html><html><body><div style="text-align: center;">Page not found</div></body></html>'
if __name__ == '__main__':
app.run(debug=True, host="0.0.0.0")
和login.html的登录表单:
<form action="{{ url_for('/') }}" method="POST">
<div class="row">
<div class="input-field col s12">
<input id="email" name="email" type="email" class="validate">
<label for="email">Email</label>
</div>
</div>
<div class="row">
<div class="input-field col s12">
<input id="password" name="password" type="password" class="validate">
<label for="password">Password</label>
</div>
</div>
<button type="submit" id="login" class="waves-effect waves-light btn blue darken-1" style="width:100%;">Login</button>
<br>
</form>
根据HTTPBasicAuth作者的回复:
The library implements a few algorithms from the HTTP standard, most
importantly the HTTP Basic Authentication protocol. This is not a
library to create login forms, and normally you would not even use
login forms with it.
If you want to create a login experience for an application that uses
HTML, I recommend that you look at the Flask-Login extension, which is
more appropriate for your use case.
使用 HTTPBasicAuth 重定向到登录页面的正确方法是什么?截至目前,它总是将我带到 verify_password 函数,并且会显示一个弹出窗口,要求输入用户名和密码。相反,我希望它重定向到登录页面,然后记住用户已通过该登录页面成功进行身份验证。 HTTPBasicAuth官方页面没有解释。
这是我当前的代码:
#!flask/bin/python
from flask import Flask, jsonify, abort, request, make_response, url_for
from flask import render_template
from flask_httpauth import HTTPBasicAuth
#Attribution: https://blog.miguelgrinberg.com/post/designing-a-restful-api-with-python-and-flask
#reference: https://github.com/realpython/discover-flask
#Needs: pip install flask-httpauth
app = Flask(__name__)
auth = HTTPBasicAuth()
@app.route('/', methods=['GET','POST'])
@auth.login_required
def login():
print('in login')
print(request.values.get('email'), request.values.get('password'))
templateToReturn = 'login.html'
if request.method == 'POST':
print('in post')
username = request.values.get('email')
password = request.values.get('password')
if verify_password(username, password):
print('password verified')
templateToReturn = 'index.html'
print('Curr user', auth.current_user())
print('request: ', request.method)
if request.method == 'GET' and auth.current_user():
templateToReturn = 'index.html'
return render_template(templateToReturn)
@auth.verify_password
def verify_password(email, password):
print('in verify pwd')
return verifyAuthentication(email, password)
def verifyAuthentication(email, password):
knownUsers = {'p1@gmail.com': 'pass',
'p2@yahoo.com': 'pass'}
authenticated = False
if email in knownUsers:
if knownUsers[email] == password:
authenticated = True
return authenticated
@app.route('/logout')
def logout():
return render_template('logout.html')
@auth.error_handler
def unauthorized():
return '<!DOCTYPE html><html><body><div style="text-align: center;">Unauthorized access</div></body></html>'
@app.errorhandler(400)
def bad_request(error):
return '<!DOCTYPE html><html><body><div style="text-align: center;">Bad request</div></body></html>'
@app.errorhandler(404)
def not_found(error):
return '<!DOCTYPE html><html><body><div style="text-align: center;">Page not found</div></body></html>'
if __name__ == '__main__':
app.run(debug=True, host="0.0.0.0")
和login.html的登录表单:
<form action="{{ url_for('/') }}" method="POST">
<div class="row">
<div class="input-field col s12">
<input id="email" name="email" type="email" class="validate">
<label for="email">Email</label>
</div>
</div>
<div class="row">
<div class="input-field col s12">
<input id="password" name="password" type="password" class="validate">
<label for="password">Password</label>
</div>
</div>
<button type="submit" id="login" class="waves-effect waves-light btn blue darken-1" style="width:100%;">Login</button>
<br>
</form>
根据HTTPBasicAuth作者的回复:
The library implements a few algorithms from the HTTP standard, most importantly the HTTP Basic Authentication protocol. This is not a library to create login forms, and normally you would not even use login forms with it.
If you want to create a login experience for an application that uses HTML, I recommend that you look at the Flask-Login extension, which is more appropriate for your use case.