Getting 'str' object has no attribute 'is_authenticated' in Flask using Flask-Login

Question

I am trying to set up login for Flask using Flask-Login. I have a CouchDB for users; the customer documents have an object called "user".

class User(UserMixin):
    def __init__ (self, user) :
        self.name = user['name']
        self.password = user['password']
        self.id= user['id']

    def is_active(self):
        return True

    def is_authenticated(self):
        return True

    def is_anonymous(self):
        return False

    def get_id(self):
        return str(self.id)


def check_user(id):
    for row in db.query(map_auth):
        if row.value['id'] == id:
            authUser = User(row.value)
            return authUser
        else:
            return "User not found in database"

@login_manager.user_loader
def load_user(id):
    return check_user(id)


@app.route('/login/', methods=['GET','POST'])
def login():  
    if request.method == 'POST':
        for row in db.query(map_auth):
            if row.value['name'] == request.form['name'] and row.value['password'] == request.form['password']:
                authUser = User(row.value)
        flask_login.login_user(authUser)
        app.logger.debug(authUser.name)
        app.logger.debug(authUser.is_authenticated())
        app.logger.debug(authUser.is_active())
        return redirect(url_for('protected'))
    return render_template('login.html')

map_auth is a view function that from python-couchdb. The view returns a list of JSONs with the following information for users: {"name": "xxxx", "id":1, "password": "password"}.

I verified that the User class works independently by simulating this in a Python shell. When I use it in Flask, I get the following error.

  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 2000, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1991, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1567, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1988, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1641, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1544, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1639, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1625, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python2.7/dist-packages/flask_login.py", line 790, in decorated_view
    elif not current_user.is_authenticated:
  File "/usr/local/lib/python2.7/dist-packages/werkzeug/local.py", line 343, in __getattr__
    return getattr(self._get_current_object(), name)
AttributeError: 'str' object has no attribute 'is_authenticated'

I have already verified that the authUser object that I have used has is_authenticated() true.

Answer 1

The user_loader function (in your case the logic is in check_user) should return None if a userid is not valid. In your case a string "User not found in database" is returned, which creates the exception you are encountering.

Return None if the userid is not valid.

Documenation:

It should return None (not raise an exception) if the ID is not valid. (In that case, the ID will manually be removed from the session and processing will continue.)