flask-httpauth | 易学教程

Default login_required rather than adding decorator everywhere

阅读更多关于 Default login_required rather than adding decorator everywhere

问题 I'm using Flask-HTTPAuth to handle authentication in my app. I have a lot of views, and I don't want to add login_required to every one of them. How can I make login required by default? from flask.ext.httpauth import HTTPBasicAuth auth = HTTPBasicAuth() @auth.verify_password def verify_password(username, password): return username == '111' and password == '222' @app.route('/') @app.route('/home/') @auth.login_required def index(): return 'Hello' @app.route('/route2/') def route2(): return

Default login_required rather than adding decorator everywhere

阅读更多关于 Default login_required rather than adding decorator everywhere

Basic Auth Header appears to be lost

阅读更多关于 Basic Auth Header appears to be lost

问题 I am writing a Flask RESTful server and an AngularJS client, and am running into an issue where it appears the username and password information are being lost in transmission, so to speak. In the Javascript console, I can tell that the client is sending the the Authorization header as expected: Authorization: Basic username:password . However, within the @auth.verify_password callback, they are both both empty. I have a fair bit of unit tests around the server portion of the code, and the

Multiple verify_password callbacks on flask-httpauth

阅读更多关于 Multiple verify_password callbacks on flask-httpauth

问题 Working on a Flask application which will have separate classes of routes to be authenticated against: user routes and host routes(think Airbnb'esque where users and hosts differ substantially). Creating a single verify_password callback and login_required combo is extremely straightforward, however that isn't sufficient, since some routes will need host authentication and others routes will necessitate user authentication. Essentially I will need to have one verify_password/login_required

Python / Flask - Using flask_restless with flask_httpauth

阅读更多关于 Python / Flask - Using flask_restless with flask_httpauth

问题 my objective in this question is to secure my API. in my application, I'm using Flask and flask_restless 's APIManager to provide CRUD API to my Person object. code sample: manager = APIManager(app, flask_sqlalchemy_db=db) manager.create_api(Person, methods=['GET', 'POST', 'PATCH', 'DELETE']) and also using flask_httpauth to protect my other routes like this: @app.route('/auth/get-token') @auth.login_required def get_auth_token(): token = g.user.generate_auth_token() return jsonify({'token':

flask-httpauth: How is get_password decorator meant to work for basic-auth?

阅读更多关于 flask-httpauth: How is get_password decorator meant to work for basic-auth?

问题 I wonder if anyone has used this flask extension to simplify the http-basic-auth. Basically I don't understand this example: users = { "john": "hello", "susan": "bye" } @auth.get_password def get_pw(username): if username in users: return users[username] return None The get_password decorator seems like to return the clear password of the given user and if it matches to the one the user has provided, then the authorization will be granted. But no one should have access to the clear passwords

flask-httpauth: How is get_password decorator meant to work for basic-auth?

阅读更多关于 flask-httpauth: How is get_password decorator meant to work for basic-auth?

I wonder if anyone has used this flask extension to simplify the http-basic-auth. Basically I don't understand this example : users = { "john": "hello", "susan": "bye" } @auth.get_password def get_pw(username): if username in users: return users[username] return None The get_password decorator seems like to return the clear password of the given user and if it matches to the one the user has provided, then the authorization will be granted. But no one should have access to the clear passwords of the users in first place. I usually send the clear password and username to the backend, hash the