python - Flask Python 登录验证失败
问题描述
我是 Python Flask 的新手。当我尝试创建一个简单的登录和注销页面时,我遇到了身份验证失败的问题(正确的用户名和错误的密码能够登录)。我不太确定哪里出了问题,因为它最初工作正常。任何人都可以启发我吗?
视图.py
from flask import Blueprint, request, redirect, render_template, url_for
from flask_login import current_user, login_required, login_user
from . import db, login_manager
from .forms import LoginForm, RegistrationForm
from .models import WebUser
view = Blueprint("view", __name__)
@login_manager.user_loader
def load_user(username):
user = WebUser.query.filter_by(username=username).first()
return user or current_user
@view.route("/", methods=["GET", "POST"])
def render_login_page():
form = LoginForm()
if form.is_submitted():
print("username entered:", form.username.data)
print("password entered:", form.password.data)
if form.validate_on_submit():
user = WebUser.query.filter_by(username=form.username.data).first()
if user:
# TODO: You may want to verify if password is correct
login_user(user)
print(login_user(user))
return redirect("/homepage")
return render_template("index.html", form=form)
@view.route("/registration", methods=["GET", "POST"])
def render_registration_page():
form = RegistrationForm()
if form.validate_on_submit():
username = form.username.data
preferred_name = form.preferred_name.data
password = form.password.data
query = "SELECT * FROM web_user WHERE username = '{}'".format(username)
exists_user = db.session.execute(query).fetchone()
if exists_user:
form.username.errors.append("{} is already in use.".format(username))
else:
query = "INSERT INTO web_user(username, preferred_name, password) VALUES ('{}', '{}', '{}')"\
.format(username, preferred_name, password)
db.session.execute(query)
db.session.commit()
return "You have successfully signed up!"
return render_template("registration-simple.html", form=form)
#form is passed in as a model
@view.route("/homepage", methods=["GET"])
@login_required
def render_homepage():
return "<h1>Hello, {}!</h1>".format(current_user.preferred_name or current_user.username)
@view.route("/logout")
@login_required
def render_logout():
logout_user()
return render_template("index.html")
表格.py
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField
from wtforms.validators import InputRequired, ValidationError
def is_valid_name(form, field):
if not all(map(lambda char: char.isalpha(), field.data)):
raise ValidationError('This field should only contain alphabets')
def agrees_terms_and_conditions(form, field):
if not field.data:
raise ValidationError('You must agree to the terms and conditions to sign up')
class RegistrationForm(FlaskForm):
username = StringField(
label='Name',
validators=[InputRequired(), is_valid_name],
render_kw={'placeholder': 'Username', 'class': 'input100'}
)
preferred_name = StringField(
label='Preferred name',
validators=[is_valid_name],
render_kw={'placeholder': 'Preferred name', 'class': 'input100'}
)
password = PasswordField(
label='Password',
validators=[InputRequired()],
render_kw={'placeholder': 'Password', 'class': 'input100'}
)
class LoginForm(FlaskForm):
username = StringField(
label='Name',
validators=[InputRequired()],
render_kw={'placeholder': 'Username', 'class': 'input100'}
)
password = PasswordField(
label='Password',
validators=[InputRequired()],
render_kw={'placeholder': 'Password', 'class': 'input100'}
)
模型.py
from . import db
class WebUser(db.Model):
username = db.Column(db.String, primary_key=True)
preferred_name = db.Column(db.String, nullable=True)
password = db.Column(db.String, nullable=False)
def is_authenticated(self):
return True
def is_active(self):
return True
def is_anonymous(self):
return False
def get_id(self):
return self.username
登录页面.html
<body>
<div class="limiter">
<div class="container-login100" style="background-image: url('static/images/bg-01.jpg');">
<div class="wrap-login100 p-t-30 p-b-50">
<span class="login100-form-title p-b-41">
Food Delivery System
</span>
<form class="login100-form validate-form p-b-33 p-t-5">
{{ form.hidden_tag() }}
<div class="wrap-input100 validate-input" data-validate = "Enter username">
{{ form.username() }}
<span class="focus-input100" data-placeholder=""></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Enter password">
<!-- <input class="input100" type="password" name="pass" placeholder="Password"> -->
{{ form.password() }}
<span class="focus-input100" data-placeholder=""></span>
</div>
<div class="container-login100-form-btn m-t-32">
<button class="login100-form-btn" formmethod="post">
Login
</button>
</div>
<br>
<p style="text-align: center;">New user? <a href="{{url_for('view.render_registration_page')}}" style="color: tomato;">Register</a></p>
</form>
</div>
</div>
</div>
解决方案
以下是如何实现登录机制的示例:
视图.py
from flask_login import current_user, login_required, login_user
@view.route("/", methods=["GET", "POST"])
def render_login_page():
if current_user.is_authenticated:
return redirect("/homepage")
form = LoginForm()
if form.validate_on_submit():
user = WebUser.query.filter_by(username=form.username.data).first()
if user is None or user.password != form.password.data:
# password or user are incorrect then we redirect to the login page.
return redirect('/')
login_user(user)
print(login_user(user))
return redirect("/homepage")
return render_template("index.html", form=form)
模型.py
from . import db
from flask_login import UserMixin
class WebUser(UserMixin, db.Model):
username = db.Column(db.String, primary_key=True)
preferred_name = db.Column(db.String, nullable=True)
password = db.Column(db.String, nullable=False)
请注意,我导入UserMixin
了模块的类flask_login
。
该flask-login
扩展与应用程序的用户模型一起工作,并期望在其中实现某些属性和方法,例如:is_authenticated
、和.is_active
is_anonymous
get_id
为此,该模块提供了一个名为mixin的类 UserMixin
,其中包含这些方法的通用实现,适用于大多数场景。
所以你不必自己定义它们。您可以在模型中包含 mixin 类。
推荐阅读
- swift - “StorageMetadata”类型的值没有成员“downloadURL”
- python - 将新数据的插入位置查找到已排序日期列表中的最快方法
- c# - 更改我的 Windows 服务的描述
- javascript - 如何在 React 中不使用 JQuery 滚动到 id?
- java - Netbeans 无法识别 Java 文件夹
- ruby-on-rails - 开发环境未显示完整错误
- javascript - React.cloneElement() 对 React 对虚拟 DOM 的协调有什么影响?
- sql-server - TVP 不返回记录集
- typescript - 打字稿:将某些属性标记为可选
- python - 光子在太阳中的随机行走