[英]I am restructuring my Flask-restful app, but having trouble placing the HTTP-auth in order to get app running
Essentially, I have a directory as such: 本质上,我有这样的目录:
/app
runserver.py
/myapp
__init__.py
api.py
auth.py
/resources
__init.py
users.py
login.py
/models
__init.py
models.py
/common
/assets
In my auth.py I have a standard HTTP-basic username/password authentication. 在我的auth.py中,我有一个标准的HTTP基本用户名/密码验证。 I will use these for areas where login is a must, and I want to verify each user.
我将这些用于必须登录的区域,并且我想验证每个用户。 Login.py is where I need to add my decorator, but the whole app does not run due to this error: AttributeError: 'module' object has no attribute 'login_required'
Login.py是我需要添加装饰器的位置,但是由于此错误,整个应用程序无法运行:AttributeError:'module'对象没有属性'login_required'
from flask.ext.httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
user = User.query.filter_by(username = username).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
@auth.error_handler
def unauthorized():
return make_response(jsonify({'message': 'Unauthorized'}), 403)
My code for the login.py, which calls the decorator and then asks for the auth. 我的login.py代码,它调用装饰器,然后要求身份验证。
from flask_restful import Resource, reqparse
from myapp.models.users import User
from myapp import auth
class login(Resource):
decorators = [auth.login_required]
def __init__(self):
self.reqparse = reqparse.RequestParser()
self.reqparse.add_argument('userid', type = str , default="")
self.reqparse.add_argument('username', type = str, default="")
self.reqparse.add_argument('password', type = str, default="")
super(login, self).__init__()
def post(self):
args = self.reqparse.parse_args()
username = args['username']
password = args['password']
message = {'status': 'Authorized'}
return message
So to wrap it up, my question is: How and where do I add the flask-httpauth class so I can use the decorators. 总结一下,我的问题是:如何以及在哪里添加flask-httpauth类,以便可以使用装饰器。 My option right now may be to paste that auth code in every resource class that needs it, but there seems there must be a better way to organize that.
我现在的选择可能是将身份验证代码粘贴到需要它的每个资源类中,但是似乎必须有一种更好的方法来组织它。 Help?
救命?
You are importing your auth
module when really you want to be importing the HTTPBasicAuth
object in that module. 当您确实要在该模块中导入
HTTPBasicAuth
对象时,就是在导入auth
模块。 It is also possible you're running in to problems due to the fact that your module has the same name as the HTTPBasicAuth
object. 由于模块的名称与
HTTPBasicAuth
对象的名称相同,您还可能遇到问题。
I recommend renaming your auth.py
to something else, such as authentication.py
, and change your import to: 我建议将您的
auth.py
重命名为其他名称,例如authentication.py
,然后将导入更改为:
from ..authentication import auth
This gets a bit confusing because you have an auth.py
module that defines an auth
variable inside. 这有点令人困惑,因为您具有在内部定义
auth
变量的auth.py
模块。
The line: 该行:
from myapp import auth
is importing the module, not the variable defined in it. 正在导入模块,而不是其中定义的变量。 Change it to:
更改为:
from myapp.auth import auth
And I think that will work. 我认为这会起作用。
Sorry this is a bit old, but for the sake of others with this question, I would suggest not using flask.ext.httpauth. 抱歉,这有点老了,但是出于其他问题的考虑,我建议不要使用flask.ext.httpauth。 I found it isn't very useful.
我发现它不是很有用。 Here is how I do my HTTP basic auth with flask-restful.
这是我使用flask-restful进行HTTP基本身份验证的方法。
This is in the myapp/ init .py: 这是在myapp / init .py中:
from flask import Flask, request
from flask.ext.restful import abort
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
auth = request.authorization
if not auth:
abort(401)
user = User.query.filter(User.username == auth.username).first()
auth_ok = False
if user != None:
auth_ok = verify_password(auth.password) == user.password
if not auth_ok:
return abort(401)
return f(*args, **kwargs)
return decorated
Resource script that has a resource that requires authorization to access the resource. 资源脚本具有需要授权才能访问该资源的资源。
from myapp import requires_auth
@requires_auth
def get(self):
# do something
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.