重定向到登录页面,而不登录时显示禁止消息 [英] Redirect to login page rather than showing a Forbidden message when not logged in
问题描述
我有一个 authenticated_resource
修饰符,如果用户没有登录,将阻止访问某些路由。如果用户不是,我想重定向到登录页面登录,但现在它显示一个禁止的消息。如何重定向?
禁止
您没有权限访问请求的资源。它是读保护或不可读的服务器。
@ app.route( '/ metering')
@authenticated_resource
def getstats():
token = session.get('auth_token')
在'metering ='中打印'token',令牌
返回render_template('metering.html',title ='资源使用情况')
@ app.route('/ logout')
def logout():
session。 pop('auth_token',None)
session.pop('authenticated',None)
return redirect(url_for('login'))
$ b $ def authenticated_resource(function):
@wraps(函数)
def装饰(* args,** kwargs):
如果session.get('authenticated'):
返回函数(* args,** kwargs)
return abort(403)#unauthenticated
return decorated
@ app.route('/ login',methods = ['GET ','POST'])
def login():
error = None
request.method =='POST':
if request.form ['username']!='admin'or request.form ['password']!='1234':
error ='无效的凭证。 '
else:
username = request.form ['username']
password = request.form ['password']
token = auth.get_token(username ,密码)
session ['authenticated'] = True
session ['auth_token'] =令牌
返回重定向(url_for('getstats'))
return render_template('login.html',error = error)
而不是中止403错误,改变你的 authenticated_resource
返回重定向到登录页面。
<$ p $如果在会话中使用了'auth_token',
:def $ authenticate_resource(f):
@wraps(f)
def deco(* args,** kwargs) b $ b返回f(* args,** kwargs)
返回重定向(url_for('login'))
返回装饰
您应该 stron gly 考虑使用 Flask-Login 为您管理用户会话,重定向等。
I have a authenticated_resource
decorator that prevents access to some routes if the user is not logged in. I'd like to redirect to the login page if the user is not logged in, but right now it shows a "Forbidden" message instead. How do I redirect?
Forbidden
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
@app.route('/metering')
@authenticated_resource
def getstats():
token = session.get('auth_token')
print 'token in metering =', token
return render_template('metering.html', title='Resource Usage')
@app.route('/logout')
def logout():
session.pop('auth_token', None)
session.pop('authenticated', None)
return redirect(url_for('login'))
def authenticated_resource(function):
@wraps(function)
def decorated(*args, **kwargs):
if session.get('authenticated'):
return function(*args, **kwargs)
return abort(403) # unauthenticated
return decorated
@app.route('/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
if request.form['username'] != 'admin' or request.form['password'] != '1234':
error = 'Invalid Credentials. Please try again.'
else:
username = request.form['username']
password = request.form['password']
token = auth.get_token(username, password)
session['authenticated'] = True
session['auth_token'] = token
return redirect(url_for('getstats'))
return render_template('login.html', error=error)
Rather than aborting with a 403 error, change your authenticated_resource
to return a redirect to the login page.
def authenticated_resource(f):
@wraps(f)
def decorated(*args, **kwargs):
if 'auth_token' in session:
return f(*args, **kwargs)
return redirect(url_for('login'))
return decorated
You should strongly consider using Flask-Login to manage the user sessions, redirection, etc. for you.
这篇关于重定向到登录页面,而不登录时显示禁止消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!