Flask-Login 未授权端点重定向到错误页面
[英]Flask-Login unauthorized endpoint redirects to wrong page
问题描述
I'm using Flask-Login to manage access to routes using the @roles_required decorator.
我正在使用 Flask-Login 来管理对使用@roles_required装饰器的路由的访问。 When I try to access a route to which I don't have access, I'm redirected to the application's home page at example.com and no appropriate message is flashed.当我尝试访问我无权访问的路由时,我被重定向到example.com上的应用程序主页,并且没有显示适当的消息。 If I log out, however, the login page to which I'm redirected shows all of the flashed messages that tell me that I don't have access to the route I was trying to access.但是,如果我注销,我重定向到的登录页面会显示所有闪烁的消息,这些消息告诉我我无权访问我试图访问的路由。 If I tried to access 6 pages, 6 messages will be waiting for me.如果我尝试访问 6 个页面,则会有 6 条消息等着我。
I've updated my configuration file to include:我已经更新了我的配置文件以包括:
USER_AFTER_REGISTER_ENDPOINT = 'confirm_email'
USER_UNCONFIRMED_EMAIL_ENDPOINT = 'confirm_email'
USER_UNAUTHENTICATED_ENDPOINT = 'user.login'
USER_UNAUTHORIZED_ENDPOINT = 'user.login'
USER_AFTER_CONFIRM_ENDPOINT = 'onboarding'
All of these endpoints behave as expected EXCEPT my USER_UNAUTHORIZED_ENDPOINT .所有这些端点都按预期运行,除了我的USER_UNAUTHORIZED_ENDPOINT 。
My intention is that @role_required failures are treated the same as @login_required failures, and I believe that just fixing this redirection issue should resolve my message flashing issue.我的本意是, @role_required故障的处理方式相同@login_required失败,而我认为,这正好解决这个问题的重定向应该可以解决我的消息,闪烁的问题。
I'm currently using Flask v1.0.2, Flask-User v0.7, Flask-Login v0.4.1.我目前使用 Flask v1.0.2、Flask-User v0.7、Flask-Login v0.4.1。
1 个解决方案
解决方案1
0 已采纳 2019-01-29 19:43:46
The problem, it turned out, was that I was already logged in. When a user tried to access a route for which they lacked permissions, they WERE sent first to the login handler, but, being already logged in, they were redirected to the application home without hitting the login page and triggering the flashed messages.事实证明,问题是我已经登录了。当用户尝试访问他们缺乏权限的路由时,他们首先被发送到登录处理程序,但是,由于已经登录,他们被重定向到应用程序主页,而无需点击登录页面并触发闪烁的消息。
To solve, I restructured the application to send logins to the application dashboard as well as unauthorized access attempts and flash both the sign in success and the role_required failures on that page.为了解决这个问题,我重构了应用程序,将登录信息发送到应用程序仪表板以及未经授权的访问尝试,并在该页面上同时显示登录成功和 role_required 失败。
Prior to this proper solution, I had resigned myself and simply added:在这个适当的解决方案之前,我已经辞职并简单地补充说:
{% block home_flash %}
{%- with messages = get_flashed_messages(with_categories=true) -%}
{% if messages %}
{% for category, message in messages %}
{% if category=='error' %}
{% set category='danger' %}
{% endif %}
<div class="alert alert-{{category}}">{{ message|safe }}</div>
{% endfor %}
{% endif %}
{%- endwith %}
{% endblock %}
to my home page so at least the flashed messages were getting displayed and were not backing up.到我的主页,所以至少闪烁的消息正在显示并且没有备份。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.