[英]Check if Flask-HTTPAuth is authenticated inside view
I'm using Flask-HTTPAuth for authentication.我正在使用 Flask-HTTPAuth 进行身份验证。 I want to display different data from a view depending on if the request was authenticated or not.我想根据请求是否经过身份验证从视图中显示不同的数据。 Decorating the view with auth.login_required
only shows it to authenticated users.使用auth.login_required
装饰视图只会向经过身份验证的用户显示它。 How can I test if the request was authenticated with Flask-HTTPAuth?如何测试请求是否已使用 Flask-HTTPAuth 进行身份验证?
auth = HTTPBasicAuth()
@app.route("/clothesInfo")
@auth.login_required
def show_info():
return jsonify(blah blah blah)
What you want is actually very easy to implement.你想要的其实很容易实现。 In your verify_password
callback, you will get username and password set to ''
when the user does not provide credentials.在您的verify_password
回调中,当用户不提供凭据时,您的用户名和密码将设置为''
。 You can still return True
from that function, and that will allow the anonymous user to access the endpoint.您仍然可以从该函数返回True
,这将允许匿名用户访问端点。
The following example demonstrates this technique:以下示例演示了此技术:
auth = HTTPBasicAuth()
@auth.verify_password
def verify_password(username, password):
if username == '' or password == '':
# anonymous user, we still let them in
g.current_user = None
return True
g.current_user = my_verify_function(username, password)
return g.current_user is not None
@app.route("/clothesInfo")
@auth.login_required
def show_info():
if g.current_user:
# prepare data for authenticated users here
pass
else:
# prepare data for anonymous users here
pass
return jsonify(data)
You can decorate a function that returns None
with login_required
.您可以使用login_required
装饰一个返回None
的函数。 Calling it while not authenticated will return an error response, calling it while authenticated will return None
.在未通过身份验证时调用它将返回错误响应,在身份验证时调用它将返回None
。
# a dummy callable to execute the login_required logic
login_required_dummy_view = auth.login_required(lambda: None)
def is_authenticated():
try:
# default implementation returns a string error
return login_required_dummy_view() is None
except HTTPException:
# in case auth_error_callback raises a real error
return False
@app.route('/info')
def info():
if is_authenticated():
# logged in view
else:
# basic view
See also Default login_required rather than adding decorator everywhere .另请参阅Default login_required 而不是在任何地方添加装饰器。
Things are simpler since April 2020.自 2020 年 4 月以来,事情变得简单了。
Flask-HTTPAuth 4.0.0 added optional
argument to login required
to do exactly this. Flask-HTTPAuth 4.0.0 添加了optional
参数到login required
做到这一点。
An optional optional argument can be set to True to allow the route to execute also when authentication is not included with the request, in which case auth.current_user() will be set to None.一个可选的可选参数可以设置为 True 以允许路由在请求中不包含身份验证时也执行,在这种情况下 auth.current_user() 将设置为 None。 Example:例子:
@app.route('/private') @auth.login_required(optional=True) def private_page(): user = auth.current_user() return "Hello {}!".format(user.name if user is not None else 'anonymous')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.