login_required decorator doesnt work, flask-Login permits anonymous users
Question
I decorated a method with login_required , but I am surprised that its not executing at all, allowing in anonymous users. Printing the current_user within the method returns this:
<flask_login.AnonymousUserMixin object at 0xb67dbd4c>
Is it not supposed to reject users which return false in user.is_autheticated() ? What did I do wrong?
I have setup FL this way:
lm = LoginManager(app)
lm.login_view = 'root'
in views.py:
@lm.user_loader
def load_user(id):
return User.query.get(int(id))
the actual view:
@login_required
@app.route("/messages")
def messages():
print "current user", current_user
return "hello world"
2 answers
solution1
7 ACCPTED 2014-08-14 11:53:22
Serendipity gave me this :
When applying further decorators, always remember that the route() decorator is the outermost:
I wrote it the wrong way (route not the outermost).
PDB can execute your suspect method in debug mode, to inspect the local state.
Flask-Login is present in GitHub anyway and the source of login_required is simple enough to understand.
solution2
6 2014-08-13 14:33:03
Everything looks OK, which probably means the problem is somewhere else.
What is the configuration you are using? If LOGIN_DISABLED or TESTING is set to true, authentication is disabled.
If your configuration is fine, set a breakpoint inside login_required decorator and check why it lets anonymous user in.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.