使用静态用户进行Flask-login始终会产生401-未经授权
[英]Flask-login with static user always yielding 401- Unauthorized
问题描述
I am trying to build a super simple web app for my own use. 
我正在尝试构建一个超级简单的Web应用程序供我自己使用。 I'll be the only user, so I don't feel the need to involve a database for user management. 我将是唯一的用户,所以我觉得不需要涉及用户管理的数据库。 I'm trying to use flask-login, but even though my call to login_user succeeds, I'm still met with a 401-Unauthorized page after the redirect to a page with @login_required . 我正在尝试使用flask-login,但即使我对login_user调用成功,在使用@login_required重定向到页面后,我仍然遇到了401-Unauthorized页面。 Here is the entirety of my app: 这是我的整个应用程序:
from flask import Flask, render_template, request, flash, redirect, url_for
from flask.ext.login import LoginManager, login_user, logout_user, current_user, login_required, UserMixin
app = Flask(__name__, static_url_path="")
app.secret_key = "[redacted]"
login_manager = LoginManager()
login_manager.init_app(app)
#login_manager.login_view = "login"
class User(UserMixin):
def __init__(self, id):
self.id = id
nathan = User('nathan')
@login_manager.user_loader
def load_user(userid):
if userid == 'nathan':
return nathan
else:
return None
@app.route("/logout")
@login_required
def logout():
logout_user()
return redirect(url_for('login'))
@app.route('/')
@login_required
def index():
return render_template('index.html')
@app.route("/login", methods=["GET", "POST"])
def login():
if request.method == 'POST':
if request.form['username'] == 'nathan'\
and request.form['password'] == '[redacted]':
login_user(nathan, remember=True)
flash('logged in...', 'success')
return redirect(request.args.get("next") or url_for("index"))
else:
flash('Incorrect username or password. Try again.', 'error')
return render_template("login.html");
if __name__ == "__main__":
app.run(host="0.0.0.0", debug=True)
I've verified that the login actually succeeds ( login_user returns true) and that load_user is returning the nathan object. 我已经验证登录实际上是成功的( login_user返回true)并且load_user正在返回nathan对象。
[EDIT] Also, I'm currently using the Flask development server, in case that's relevant. [编辑]此外,我正在使用Flask开发服务器,以防相关。
Not sure where I'm going wrong. 不知道我哪里出错了。 Thanks in advance! 提前致谢!
1 个解决方案
解决方案1
4 已采纳 2013-05-19 11:02:55
Update: 更新:
Since a newer version(0.2.2) of Flask-Login this is no more an issue. 从Flask-Login的更新版本(0.2.2)开始,这不再是一个问题。 Check out the changes in this commit. 查看此提交中的更改。
If you are using an older version, read on. 如果您使用的是旧版本,请继续阅读。
The problem here is static_url_path="" . 这里的问题是static_url_path="" 。 For Flask-Login to work you can not have an empty string static_url_path . 要使Flask-Login工作,您不能有一个空字符串static_url_path 。
The following lines in the Flask-Login source(older version) reveal this: Flask-Login源代码(旧版本)中的以下行显示了这一点:
if (current_app.static_url_path is not None and
request.path.startswith(current_app.static_url_path)
):
# load up an anonymous user for static pages
_request_ctx_stack.top.user = self.anonymous_user()
return
Since your static_url_path is "" the if condition evaluates to True , because of which every page you visit acts like a static page, and hence Flask-Login always loads an anonymous user, instead of continuing to load the actual user(using the load_user callback). 由于你的static_url_path是"" ,if条件的计算结果为True ,因此你访问的每个页面都像静态页面一样,因此Flask-Login总是加载一个匿名用户,而不是继续加载实际用户(使用load_user回调) )。
Also do not forget to uncomment #login_manager.login_view = "login" 另外不要忘记取消注释#login_manager.login_view = "login"
If you still want to use the root folder of the app itself as the static folder, take a look at this solution, using SharedDataMiddleWare : 如果您仍想使用应用程序本身的根文件夹作为静态文件夹,请使用SharedDataMiddleWare查看此解决方案:
app.debug = True
if app.config['DEBUG']:
from werkzeug import SharedDataMiddleware
import os
app.wsgi_app = SharedDataMiddleware(app.wsgi_app, {
'/': os.path.dirname(__file__)
})
if __name__ == "__main__":
app.run(host="0.0.0.0")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.