Menu
I decorated a method with login_required, but I am surprised that its not executing at all, allowing in anonymous users. Printing the current_user within the method returns this:
<flask_login.AnonymousUserMixin object at 0xb67dbd4c>
Is it not supposed to reject users which return false in user.is_autheticated()? What did I do wrong?
I have setup FL this way:
lm = LoginManager(app)
lm.login_view = 'root'
in views.py:
@lm.user_loader
def load_user(id):
return User.query.get(int(id))
the actual view:
@login_required
@app.route("/messages")
def messages():
print "current user", current_user
return "hello world"
474
Flask-Security is now deprecated, so I wouldn't recommend using it in production.
At the same time, you can use Flask-login API to do some configurations in case that you want to use its functionality. When you want to check whether the user has logged in manually rather than use the Flask-login API, then check the value of session['logged_in'] .
By default, when a user is not actually logged in, current_user is set to an AnonymousUserMixin object. It has the following properties and methods: is_active is False. is_authenticated is False. is_anonymous is True.
Serendipity gave me this:
When applying further decorators, always remember that the route() decorator is the outermost:
I wrote it the wrong way (route not the outermost).
PDB can execute your suspect method in debug mode, to inspect the local state.
Flask-Login is present in GitHub anyway and the source of login_required is simple enough to understand.
101
Everything looks OK, which probably means the problem is somewhere else.
What is the configuration you are using? If LOGIN_DISABLED or TESTING is set to true, authentication is disabled.
If your configuration is fine, set a breakpoint inside login_required decorator and check why it lets anonymous user in.
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
