flask-httpauth

Default login_required rather than adding decorator everywhere

☆樱花仙子☆ 提交于 2020-01-03 16:57:53
问题 I'm using Flask-HTTPAuth to handle authentication in my app. I have a lot of views, and I don't want to add login_required to every one of them. How can I make login required by default? from flask.ext.httpauth import HTTPBasicAuth auth = HTTPBasicAuth() @auth.verify_password def verify_password(username, password): return username == '111' and password == '222' @app.route('/') @app.route('/home/') @auth.login_required def index(): return 'Hello' @app.route('/route2/') def route2(): return

Default login_required rather than adding decorator everywhere

女生的网名这么多〃 提交于 2020-01-03 16:56:52
问题 I'm using Flask-HTTPAuth to handle authentication in my app. I have a lot of views, and I don't want to add login_required to every one of them. How can I make login required by default? from flask.ext.httpauth import HTTPBasicAuth auth = HTTPBasicAuth() @auth.verify_password def verify_password(username, password): return username == '111' and password == '222' @app.route('/') @app.route('/home/') @auth.login_required def index(): return 'Hello' @app.route('/route2/') def route2(): return

Basic Auth Header appears to be lost

半城伤御伤魂 提交于 2019-12-13 00:57:29
问题 I am writing a Flask RESTful server and an AngularJS client, and am running into an issue where it appears the username and password information are being lost in transmission, so to speak. In the Javascript console, I can tell that the client is sending the the Authorization header as expected: Authorization: Basic username:password . However, within the @auth.verify_password callback, they are both both empty. I have a fair bit of unit tests around the server portion of the code, and the

Multiple verify_password callbacks on flask-httpauth

痞子三分冷 提交于 2019-12-11 13:43:12
问题 Working on a Flask application which will have separate classes of routes to be authenticated against: user routes and host routes(think Airbnb'esque where users and hosts differ substantially). Creating a single verify_password callback and login_required combo is extremely straightforward, however that isn't sufficient, since some routes will need host authentication and others routes will necessitate user authentication. Essentially I will need to have one verify_password/login_required

Python / Flask - Using flask_restless with flask_httpauth

二次信任 提交于 2019-12-11 07:54:25
问题 my objective in this question is to secure my API. in my application, I'm using Flask and flask_restless 's APIManager to provide CRUD API to my Person object. code sample: manager = APIManager(app, flask_sqlalchemy_db=db) manager.create_api(Person, methods=['GET', 'POST', 'PATCH', 'DELETE']) and also using flask_httpauth to protect my other routes like this: @app.route('/auth/get-token') @auth.login_required def get_auth_token(): token = g.user.generate_auth_token() return jsonify({'token':

flask-httpauth: How is get_password decorator meant to work for basic-auth?

会有一股神秘感。 提交于 2019-12-06 08:22:30
问题 I wonder if anyone has used this flask extension to simplify the http-basic-auth. Basically I don't understand this example: users = { "john": "hello", "susan": "bye" } @auth.get_password def get_pw(username): if username in users: return users[username] return None The get_password decorator seems like to return the clear password of the given user and if it matches to the one the user has provided, then the authorization will be granted. But no one should have access to the clear passwords

flask-httpauth: How is get_password decorator meant to work for basic-auth?

微笑、不失礼 提交于 2019-12-04 14:44:06
I wonder if anyone has used this flask extension to simplify the http-basic-auth. Basically I don't understand this example : users = { "john": "hello", "susan": "bye" } @auth.get_password def get_pw(username): if username in users: return users[username] return None The get_password decorator seems like to return the clear password of the given user and if it matches to the one the user has provided, then the authorization will be granted. But no one should have access to the clear passwords of the users in first place. I usually send the clear password and username to the backend, hash the