Flask 登录 is_authenticated 不一致
Flask-Login is_authenticated inconsistency
我正在使用一个测试单元来验证 Flask-Login 的登录。这样做的目的是验证凭据不正确的用户的行为:
def test_login_user(self):
'''test user login'''
user = User(email='teste@teste.com', pass='teste')
db.session.add(user)
db.session.commit()
response = self.app.post('/login_user', data={'email':
'teste@teste.com', 'pass': 'tste'}, follow_redirects=True)
print(response.get_data(), user.is_authenticated)
assert user.is_authenticated == True
self.assertEqual(response.status, "200 OK")
问题是 assert user.is_authenticated
通过了测试,即使最后一个断言失败了:
Traceback (most recent call last):
File "./test.py", line 58, in test_login_user
self.assertEqual(response.status, "200 OK")
AssertionError: '401 UNAUTHORIZED' != '200 OK'
- 401 UNAUTHORIZED
+ 200 OK
我的登录视图实现如下:
@app.route('/login_user', methods=['GET', 'POST'])
def login_user():
if request.method == 'POST':
user_requested = User.query.filter_by(email=request.form['email']).first()
if user_requested is not None:
if sha256_crypt.verify(request.form['pass'], user_requested.pass):
return redirect(url_for('student'))
return redirect(url_for('error'))
此外,在 class 用户上,我正在扩展 UserMixin。为什么 user.is_authenticated returns 不是假的?
您没有在登录视图中调用 login_user
。当您重定向时,login_required
在受保护的视图上失败。在重定向之前将您从数据库中获取的用户传递给 login_user
。
所有用户实例都经过身份验证,即使他们没有登录。只有匿名用户没有经过身份验证。查看上下文中的 current_user
以查看哪个用户已登录。您可以使用 with app.test_client() as c
块来保留上下文。
with app.test_client() as c:
r = c.post('/login', data={...})
self.assertEqual(current_user.email, '...')
这是 Flask-Login 设置和测试的最小示例。
import unittest
from flask import Flask, redirect, url_for, request
from flask.ext.login import login_required
from flask_login import LoginManager, UserMixin, login_user, current_user
class TestApp(unittest.TestCase):
def setUp(self):
app.testing = True
def tearDown(self):
app.testing = False
def test_login(self):
with app.test_client() as c:
r = c.post('/login', data={'id': 400617}, follow_redirects=True)
# current_user is only set in context
self.assertEqual(current_user.id, 400617)
# resopnse doesn't depend on context, so can be tested outside block
self.assertEqual(r.status, '200 OK')
# any non-anonymous user is authenticated, even if not logged in
self.assertTrue(User(123).is_authenticated)
app = Flask(__name__)
app.secret_key = 'Stack Overflow'
login = LoginManager(app)
login.login_view = 'login'
class User(UserMixin):
def __init__(self, id):
self.id = id
@login.user_loader
def user_loader(id):
return User(int(id))
@app.route('/')
@login_required
def index():
return 'index'
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
user = User(id=request.form.get('id', type=int))
login_user(user)
return redirect(url_for('index'))
return 'login'
$ python -m unittest -v app
test_login (app.TestApp) ... ok
----------------------------------------------------------------------
Ran 1 test in 0.017s
OK
我正在使用一个测试单元来验证 Flask-Login 的登录。这样做的目的是验证凭据不正确的用户的行为:
def test_login_user(self):
'''test user login'''
user = User(email='teste@teste.com', pass='teste')
db.session.add(user)
db.session.commit()
response = self.app.post('/login_user', data={'email':
'teste@teste.com', 'pass': 'tste'}, follow_redirects=True)
print(response.get_data(), user.is_authenticated)
assert user.is_authenticated == True
self.assertEqual(response.status, "200 OK")
问题是 assert user.is_authenticated
通过了测试,即使最后一个断言失败了:
Traceback (most recent call last):
File "./test.py", line 58, in test_login_user
self.assertEqual(response.status, "200 OK")
AssertionError: '401 UNAUTHORIZED' != '200 OK'
- 401 UNAUTHORIZED
+ 200 OK
我的登录视图实现如下:
@app.route('/login_user', methods=['GET', 'POST'])
def login_user():
if request.method == 'POST':
user_requested = User.query.filter_by(email=request.form['email']).first()
if user_requested is not None:
if sha256_crypt.verify(request.form['pass'], user_requested.pass):
return redirect(url_for('student'))
return redirect(url_for('error'))
此外,在 class 用户上,我正在扩展 UserMixin。为什么 user.is_authenticated returns 不是假的?
您没有在登录视图中调用 login_user
。当您重定向时,login_required
在受保护的视图上失败。在重定向之前将您从数据库中获取的用户传递给 login_user
。
所有用户实例都经过身份验证,即使他们没有登录。只有匿名用户没有经过身份验证。查看上下文中的 current_user
以查看哪个用户已登录。您可以使用 with app.test_client() as c
块来保留上下文。
with app.test_client() as c:
r = c.post('/login', data={...})
self.assertEqual(current_user.email, '...')
这是 Flask-Login 设置和测试的最小示例。
import unittest
from flask import Flask, redirect, url_for, request
from flask.ext.login import login_required
from flask_login import LoginManager, UserMixin, login_user, current_user
class TestApp(unittest.TestCase):
def setUp(self):
app.testing = True
def tearDown(self):
app.testing = False
def test_login(self):
with app.test_client() as c:
r = c.post('/login', data={'id': 400617}, follow_redirects=True)
# current_user is only set in context
self.assertEqual(current_user.id, 400617)
# resopnse doesn't depend on context, so can be tested outside block
self.assertEqual(r.status, '200 OK')
# any non-anonymous user is authenticated, even if not logged in
self.assertTrue(User(123).is_authenticated)
app = Flask(__name__)
app.secret_key = 'Stack Overflow'
login = LoginManager(app)
login.login_view = 'login'
class User(UserMixin):
def __init__(self, id):
self.id = id
@login.user_loader
def user_loader(id):
return User(int(id))
@app.route('/')
@login_required
def index():
return 'index'
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
user = User(id=request.form.get('id', type=int))
login_user(user)
return redirect(url_for('index'))
return 'login'
$ python -m unittest -v app
test_login (app.TestApp) ... ok
----------------------------------------------------------------------
Ran 1 test in 0.017s
OK