在生成路径登录身份验证令牌并要求其在其他路线 [英] Generate auth token in login route and require it in other routes
问题描述
我生成一个单独的serviceIn登录从我生成认证令牌的一些服务帮助的帮助下身份验证令牌。我产生了登录
路由标记。我怎样才能prevent访问其他路线,直到登录令牌生成了,我怎么能访问令牌中的其他路线?
@ app.route('/登录,方法= ['GET','POST'])
高清登录():
错误=无
如果request.method =='POST':
!如果的Request.Form [用户名] ='管理员'或的request.form ['密码'] ='1234':
错误='无效的凭证。请再试一次。'
其他:
用户名=的Request.Form [用户名]
密码=的Request.Form ['密码']
auth_url =的http://192.168.206.133:5000 / V2.0
令牌=的generateToken(用户名=用户名,密码=密码,auth_url = auth_url)
返回重定向(url_for('getstats'))
返回render_template('的login.html',错误=错误)#这条路线应要求并使用身份验证令牌
@ app.route('/计量')
高清getstats():
返回render_template('metering.html')
所以它似乎您试图访问令牌在不同的路线。
我建议将其存储在一个会话。要做到这一点,请务必从瓶
导入会议
变量:从瓶中导入会话
。
您要设置的令牌的在会话值。
现在,我将使用的auth_token
作为会议现场,但你可以使用任何你想要的:
@ app.route('/登录,方法= ['GET','POST'])
高清登录():
错误=无
如果request.method =='POST':
!如果的Request.Form [用户名] ='管理员'或的request.form ['密码'] ='1234':
错误='无效的凭证。请再试一次。'
其他:
用户名=的Request.Form [用户名]
密码=的Request.Form ['密码']
auth_url =的http://192.168.206.133:5000 / V2.0
令牌=的generateToken(用户名=用户名,密码=密码,auth_url = auth_url)
会议[的auth_token] =令牌#专卖店在会话令牌这里
会议[认证] =真
返回重定向(url_for('getstats'))
返回render_template('的login.html',错误=错误)从functools进口包装高清authenticated_resource(功能):
@wraps(功能)
高清装饰(* ARGS,** kwargs):
如果session.get(认证):
返回功能(* ARGS,** kwargs)
返回重定向(url_for(登录))
返回装饰
然后,以访问令牌:
@ app.route('/计量')
@authenticated_resource
高清getstats():
令牌= session.get(AUTH_TOKEN)
#你可能需要验证令牌是会话,因为这样
如果令牌:
返回render_template('metering.html')
其他:
中止(403)
注意:使用中止
,你还需要进口,从瓶
I am generating an auth token with the help of a separate serviceIn login from I am generating authentication token with help of some service. I generate the token in the login
route. How can I prevent access to other routes until the login token is generated, and how can I access that token in the other routes?
@app.route('/login', methods=['GET', 'POST'])
def login():
error=None
if request.method=='POST':
if request.form['username']!='admin' or request.form['password']!='1234':
error ='Invalid Credentials. Please try again.'
else:
username=request.form['username']
password=request.form['password']
auth_url='http://192.168.206.133:5000/v2.0'
token = generateToken(username=username, password=password, auth_url=auth_url)
return redirect(url_for('getstats'))
return render_template('login.html', error=error)
# this route should require and use the auth token
@app.route('/metering')
def getstats():
return render_template('metering.html')
So it appears that you are trying to access the token in different routes.
I suggest storing them in a session. To do so, make sure to import the session
variable from flask
: from flask import session
.
You want to set the token's value in the session.
Right now, I will use auth_token
as the session field, but you can use anything you want:
@app.route('/login', methods=['GET', 'POST'])
def login():
error=None
if request.method=='POST':
if request.form['username']!='admin' or request.form['password']!='1234':
error ='Invalid Credentials. Please try again.'
else:
username=request.form['username']
password=request.form['password']
auth_url='http://192.168.206.133:5000/v2.0'
token = generateToken(username=username, password=password, auth_url=auth_url)
session["auth_token"] = token # store the token in the session here
session["authenticated"] = True
return redirect(url_for('getstats'))
return render_template('login.html', error=error)
from functools import wraps
def authenticated_resource(function):
@wraps(function)
def decorated(*args, **kwargs):
if session.get("authenticated"):
return function(*args, **kwargs)
return redirect(url_for("login"))
return decorated
Then, to access the token:
@app.route('/metering')
@authenticated_resource
def getstats():
token = session.get("auth_token")
# you might want to verify that the token was in the session, as such
if token:
return render_template('metering.html')
else:
abort(403)
Note: to use abort
, you also need to import that from flask
.
这篇关于在生成路径登录身份验证令牌并要求其在其他路线的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!