问题
I am writing a Flask RESTful server and an AngularJS client, and am running into an issue where it appears the username and password information are being lost in transmission, so to speak.
In the Javascript console, I can tell that the client is sending the the Authorization header as expected: Authorization: Basic username:password. However, within the @auth.verify_password callback, they are both both empty.
I have a fair bit of unit tests around the server portion of the code, and the auth information appears to be present in all of them, so it is reassuring that I can at least get the username and password from within the header in some instances.
Additionally, I have added the CORS extension to the server code, and allow it server wide. It appears that an OPTIONS(which always returns 200) to the below url is always called immediately before the GET(returns 401, due to username and password issue) to the same url.
Reference code:
Server auth callback:
@app.route('/api/users/token')
@auth.login_required
def get_auth_token():
token = g.user.generate_auth_token()
return jsonify({ 'token': token.decode('ascii') })
@auth.verify_password
def verify_password(email_or_token, password):
print 'email_or_token: ' + email_or_token
print 'password: ' + password
...
Server Unit test code behaving as expected:
def _get_user_token(self, email=TEST_EMAIL, password=TEST_PASSWORD):
headers = {
'Authorization': 'Basic ' + b64encode("{0}:{1}".format(email, password))
}
response = self.app.get('/api/users/token', headers=headers)
return response
AngularJS code which yields appropriate header when inspected in browser but empty username and password in auth callback:
$http.get(silkyAppConstants.BASE_URL + '/api/users/token', {
headers: { "Authorization": "Basic " + username + ":" + password }
})
回答1:
I suspect your problem is that you are sending an invalid Authorization header. The username + ":" + password portion of the header must be base64 encoded (see Section 2 of RFC 2617. When Flask receives the plain text credentials that you are sending it is trying pass it through a base64 decoder and that fails.
来源:https://stackoverflow.com/questions/32208051/basic-auth-header-appears-to-be-lost