Menu
I have to implement a very simple user authentication for a Flask project where users can access to the protected pages without usernames. I already checked the Flask-BasicAuth extension, but it's too "much", you need usernames to use it. I just want to declare a list in my flask file that contains passwords as a string that can be used for accessing to a particular page and it's sub pages.
So my goal is to achieve something like this:
xy.com/protected-page and uses a password from passwords = ['pass1', 'pass2', 'pass3'] (that are static and not stored in a database)xy.com/protected-page, xy.com/protected-page/sub-page1, xy.com/protected-page/sub-page2 etc...It would be a really great bonus if I could set a session time.
Is it possible? I'm quite new to Flask, so I would appreciate if somebody could help me out.
956
To protect a page when using Flask-Login, add the @login_requried decorator between the route and the function. This will prevent a user that is not logged in from seeing the route. If the user is not logged in, the user will get redirected to the login page, per the Flask-Login configuration.
UserMixin class provides the implementation of this properties. Its the reason you can call for example is_authenticated to check if login credentials provide is correct or not instead of having to write a method to do that yourself.
Here is a possible solution using Flask-Login with the caveat of generic usernames. That said there is an AnonymousUserMixin class available, which might be exactly what you are looking for.
from flask import Flask, render_template, redirect, request, url_for
import flask.ext.login as flask_login
from flask.ext.login import LoginManager, UserMixin
login_manager = LoginManager()
app = Flask(__name__)
app.secret_key = 'key'
login_manager.init_app(app)
users = {'user1':{'pw':'pass1'},
'user2':{'pw':'pass2'},
'user3':{'pw':'pass3'}}
class User(UserMixin):
pass
@login_manager.user_loader
def user_loader(username):
if username not in users:
return
user = User()
user.id = username
return user
@login_manager.request_loader
def request_loader(request):
username = request.form.get('username')
if username not in users:
return
user = User()
user.id = username
user.is_authenticated = request.form['pw'] == users[username]['pw']
return user
@app.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'POST':
username = request.form.get('username')
if request.form.get('pw') == users[username]['pw']:
user = User()
user.id = username
flask_login.login_user(user)
return redirect(url_for('protect'))
return render_template('index.html')
@app.route('/protect')
@flask_login.login_required
def protect():
return render_template('protected.html')
@app.route('/logout')
def logout():
flask_login.logout_user()
return 'Logged out'
if __name__ == '__main__':
app.run(debug=True)
templates/index.html:
<html>
<title>Test</title>
<h1>Welcome</h1>
<form method='POST'>
<input type='text' name='username'>Username</input>
<input type='password' name='pw'>Password</input>
<input type='submit' name='submit'>Submit</input>
</form>
</html>
templates/protected.html
<html>
<title>Test</title>
<h1>Protected</h1>
</html>
project structure
.
├── app.py
└── templates
├── index.html
└── protected.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
