python - 在烧瓶应用程序中将 jwt 令牌存储在哪里,以便它自动获取 jwt_required(optional=True)?
问题描述
我试图创建一个带有用户登录 API 调用的烧瓶应用程序,该调用生成访问和刷新令牌,并在成功创建后重定向回具有 jwt_required(optional=True) 装饰器的主页视图,但无论我如何尝试保存令牌我'我无法通过 get_jwt() 获取它
这是用于生成访问和刷新令牌的 API。
class UserLogin(MethodResource, Resource):
@doc(description='This is User Login Endpoint', tags=['User Endpoint'])
@use_kwargs(User_RequestSchema(exclude=("name", "email","admin")))
@marshal_with(Login_ResponseToken, code=200, description="Success | Returns: \nUser Registered Succesfully")
@marshal_with(Msg_ResponseSchema, code=401, description="Unauthorized | Returns: \n-Invalid User Credentials!")
@marshal_with(Msg_ResponseSchema, code=400, description="Bad Request | Returns: \n-Error loading Json body on request")
def post(self,**kwargs):
"""
If user roll_num and password correct create a new access and refresh token
else return invalid credentials 401 error
"""
try:
schema = User_RequestSchema(exclude=("name", "email","admin"))
data = schema.load(kwargs,unknown=EXCLUDE)
except:
output = {"message":"Error loading Json body in request"}
return output, 400 #Status-Bad Request
user = UserModel.find_by_rollnum(data['roll_num'])
# User Present and password correct
if user is not None and user.check_password(data['password']) and user.roll_num==data['roll_num']:
additional_claims = {"admin_access":user.admin}
access_token = create_access_token(identity=user.roll_num, additional_claims=additional_claims,fresh=True)
refresh_token = create_refresh_token(user.roll_num)
resp = jsonify(login=True)
set_access_cookies(resp, access_token.encode('utf-8'))
set_refresh_cookies(resp, refresh_token.encode('utf-8'))
resp.set_cookie('X-CSRF-TOKEN-ACCESS', access_token.encode('utf-8'))
resp.set_cookie('X-CSRF-TOKEN-REFRESH', refresh_token.encode('utf-8'))
output={"access_token":access_token,
"refresh_token":refresh_token,
"message": "Successful Login"}
return output, 200 # Status-OK
output = {"message": "Invalid User Credentials!"}
return output, 401 # Status-Unauthorized
这是调用登录 API 并从登录表单提供登录信息的代码
@auth.route("/user_login", methods=["GET", "POST"])
def user_login():
form = LoginForm()
if form.validate_on_submit():
data = {"roll_num": form.roll_num.data,
"password": form.password.data}
# send request to login API
headers = CaseInsensitiveDict()
headers["Accept"] = "application/json"
headers["Content-Type"] = "application/json"
headers["Authorization"] = "Bearer {token}"
r = requests.post('http://localhost:5000/login', json=data, headers=headers)
if r.status_code==401:
flash("Wrong Roll Number or Password")
elif r.status_code==200:
print("Login correct")
flash("Log In successful")
access_token = r.json()['access_token']
resp = redirect(url_for('home.index'),access_token)
resp.headers = {'Authorization': 'Bearer {}'.format(access_token)}
return resp
print('Login_response',r)
print('Status Code',r.status_code)
print('data',r.text)
return render_template("login.html", form=form)
这是成功生成令牌后登录应重定向的位置
@home.route('/')
@home.route('/index')
@jwt_required(optional=True, locations=['headers', 'cookies'])
def index():
logged_in = 0
admin = 0
head = get_jwt_header()
print(head)
identity = get_jwt_identity()
print(identity)
claims = get_jwt()
print('claims:', claims)
if len(claims)!=0:
logged_in = 1
# If user is admin give ability to register
if claims['admin_access']==1:
admin = 1
print("Logged In: ", logged_in)
print("Admin: ", admin)
return render_template('index.html', admin=admin, logged_in=logged_in)
据我所知,应该能够从存储的令牌中获取 jwt 声明和身份,但无论我做什么,我都无法让它工作。它通过环境变量中的赋值在邮递员中工作。我无法弄清楚我做错了什么?
解决方案
推荐阅读
- unity3d - 为什么统一跳过我的开始屏幕场景?
- c# - 如何在 Linux 上的 UriBuilder 中使用文件路径
- visual-studio-2013 - “无法找到包源 vsupdate_KB2829760”Visual Studio 2013 终极更新 5
- python - Django 管理员,在自定义视图中找不到页面
- c# - Azure 异常检测器与 C# 第 2 部分
- html - 将容器宽度扩展到适合内容之外
- javascript - vue-grid-layout 根据图片允许大小拖拽
- sql - (SQL Server 触发器)无法绑定多部分标识符
- asp.net - 在所有视图页面 [ASP.NET 核心] 中实现显示用户名(来自用户表)和头像(来自配置文件表)的最佳方式是什么?
- python-3.x - anaconda 没有激活虚拟环境