Flask登录，会话管理和AJAX [英] Flask-Login, Session Management and AJAX

问题描述

我无法通过AJAX调用来与Flask-Login current_user 对象和 @login_required 装饰器一起使用.我认为这与会议未通过有关.

I'm having trouble getting an AJAX call to work with the Flask-Login current_user object and the @login_required decorator. I believe it has something to do with the session not being passed.

目标是使用户单击一个对路由URL进行AJAX调用的链接，该URL将通过SOAP服务提供SSO会话ID.SOAP服务要求传递一个emp_id，可以通过 current_user.emp_id 属性对其进行访问.

The goal is for a user to click on a link that makes an AJAX call to a route URL that will provide a SSO session ID through a SOAP service. The SOAP service requires an emp_id to be passed which can be accessed through the current_user.emp_id attribute.

最初，我尝试使用没有 @login_required 装饰器的AJAX调用，只是传递了一条简单的消息，该消息成功返回了:

I initially attempted the AJAX call without the @login_required decorator and just passing a simple message as such which returned successfully:

app.js

const ssoLinks = document.querySelectorAll('.sso');

ssoLinks.forEach((ssoLink) => {
  ssoLink.addEventListener('click', (e) => generateSSOLink(e, ssoLink.id));
});


function generateSSOLink(e, page) {
  e.preventDefault();

  fetch("/get_bpm_sso_link")
    .then(response => response.json())
    .then(data => console.log(data))
}

views.py

@app.route('/get_bpm_sso_link')
def get_bpm_sso_link():
    data = {
        'msg': 'success'
    }

    print('*'*75)
    print('SUCCESS')
    print('*'*75)

    return jsonify(data)

我的下一个尝试是访问 current_user 中的emp_id:

My next attempt was to access the emp_id in current_user:

views.py

@app.route('/get_bpm_sso_link')
def get_bpm_sso_link():
    data = {
        'msg': 'success'
    }

    print('*'*75)
    print(current_user.emp_id)
    print('*'*75)

    return jsonify(data)

哪个给我这个错误:

AttributeError:"AnonymousUserMixin"对象没有属性"emp_id"

AttributeError: 'AnonymousUserMixin' object has no attribute 'emp_id'

好的，所以我决定尝试在初始索引页面(AJAX所在的位置)上访问相同的emp_id属性，并且能够做到这一点.听起来像是在AJAX请求期间，烧瓶登录LoginManager无法识别 current_user 的会话.为了进一步说明这一点，我在路由中添加了 @login_required 装饰器，并且JSON响应将重定向返回到登录页面.

Okay, so then I decided to try and access the same emp_id attribute on the initial index page(where the AJAX lives as well) and was able to do so. It sounds like during an AJAX request, the Flask-Login LoginManager doesn't recognize the session of the current_user. To further this claim, I added the @login_required decorator to the route and the JSON response returned a redirect to the login page.

在进行AJAX通话期间，如何使Flask-Login识别用户?如果没有，其他哪些库可以无缝处理用户会话管理和AJAX请求?

What can I do to have Flask-Login recognize a user during an AJAX call? If not, what other libraries can handle user session management and AJAX requests seamlessly?

推荐答案

所以本周我在克利夫兰的Pycon 2018上做了一些挖掘，遇到了关于Fetch API的值得注意的话题.默认情况下，该API似乎不发送任何用户凭据.为了解决这个问题，一切都归结为在API中设置一个选项:

So I did some digging this week at Pycon 2018 in Cleveland and came across a noteworthy topic regarding the Fetch API. Seems by default that the API doesn't send any user credentials. To remedy this, it all came down to setting an option within the API:

app.js

function generateSSOLink(e, page) {
  e.preventDefault();

  fetch("/get_bpm_sso_link", {
    credentials: 'include'
  })
    .then(response => response.json())
    .then(data => console.log(data))
}

现在，即使使用 @login_required 装饰器，我的AJAX请求也可以显示我的视图.

Now my AJAX request hits my view even with the @login_required decorator.

这篇关于Flask登录，会话管理和AJAX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！