Flask简单登录-Flask的登录扩展
flask_simplelogin的Python项目详细描述
Flask的登录扩展名
有其他好的和推荐的选项来处理web 在烧瓶中进行身份验证和授权。
我建议您使用:
这些扩展非常完整,production ready!
那么为什么要flask简单登录?
然而,有时您需要一些simple来完成这个小项目 或者用于原型制作
Flask简单登录
它提供的功能:
- 登录和注销表单和页面
- 用于检查用户是否已登录的功能
- 视图装饰器
- 易于定制login_checker
- API端点的基本身份验证
它没有提供的内容:
[删除:数据库集成]
[删除:密码管理]
[删除:带令牌或jwt的api身份验证]
[删除:基于角色或用户的访问控制]
of course you can easily implement all above by your own. Take a look at example.
热启动
首先从安装 PyPI
^{tt2}$
fromflaskimportFlaskfromflask_simpleloginimportSimpleLoginapp=Flask(__name__)SimpleLogin(app)
就这样!
现在您的应用程序中有了/login和/logout路由。
用户名默认为admin,密码默认为 secret(是的,这不聪明,让我们看看如何改变它)
登录屏幕
配置
简单方法
fromflaskimportFlaskfromflask_simpleloginimportSimpleLoginapp=Flask(__name__)app.config['SECRET_KEY']='something-secret'app.config['SIMPLELOGIN_USERNAME']='chuck'app.config['SIMPLELOGIN_PASSWORD']='norris'SimpleLogin(app)
这是可行的,但不是那么聪明,让我们使用env vars。
$ exportSIMPLELOGIN_USERNAME=chuck $ exportSIMPLELOGIN_PASSWORD=norris
然后SimpleLogin将自动读取这些环境变量
fromflaskimportFlaskfromflask_simpleloginimportSimpleLoginapp=Flask(__name__)app.config['SECRET_KEY']='something-secret'SimpleLogin(app)
但是如果有更多的用户和更复杂的身份验证逻辑呢?写入 自定义登录检查器
使用自定义登录检查器
fromflaskimportFlaskfromflask_simpleloginimportSimpleLoginapp=Flask(__name__)app.config['SECRET_KEY']='something-secret'defonly_chuck_norris_can_login(user):""":param user: dict {'username': 'foo', 'password': 'bar'}"""ifuser.get('username')=='chuck'anduser.get('password')=='norris':returnTrue# <--- AllowedreturnFalse# <--- DeniedSimpleLogin(app,login_checker=only_chuck_norris_can_login)
加密密码
你可以使用 from werkzeug.security import check_password_hash, generate_password_hash 加密密码的实用程序。
检查用户是否登录
fromflask_simpleloginimportis_logged_inifis_logged_in():# do things if anyone is logged inifis_logged_in('admin'):# do things only if admin is logged in
保护您的观点
fromflask_simpleloginimportlogin_required@app.route('/it_is_protected')@login_required# < --- simple decoratordeffoo():return'secret'@app.route('/only_mary_can_access')@login_required(username='mary')# < --- accepts a list of namesdefbar():return"Mary's secret"@app.route('/api',methods=['POST'])@login_required(basic=True)# < --- Basic HTTP Auth for APIdefapi():# curl -XPOST localhost:5000/api -H "Authorization: Basic Y2h1Y2s6bm9ycmlz" -H "Content-Type: application/json"# Basic-Auth takes base64 encripted username:passwordreturnjsonify(data='You are logged in with basic auth')classProtectedView(MethodView):# < --- Class Based Viewsdecorators=[login_required]defget(self):return"only loged in users can see this"
保护烧瓶管理视图
fromflask_admin.contrib.fooimportModelViewfromflask_simpleloginimportis_logged_inclassAdminView(ModelView)defis_accessible(self):returnis_logged_in('admin')
自定义模板
只有一个模板可自定义,名为login.html
例如:
{% extends 'base.html' %} {% block title %}Login{% endblock %} {% block messages %} {{super()}} {%if form.errors %} <ulclass="alert alert-danger"> {% for field, errors in form.errors.items() %} <li>{{field}} {% for error in errors %}{{ error }}{% endfor %}</li> {% endfor %} </ul> {% endif %} {% endblock %} {% block page_body %} <formaction="{{ url_for('simplelogin.login', next=request.args.get('next', '/')) }}"method="post"><divclass="form-group"> {{ form.csrf_token }} {{form.username.label}}<divclass="form-control">{{ form.username }}</div><br> {{form.password.label}}<divclass="form-control"> {{ form.password }}</div><br></form><inputtype="submit"value="Send"></form> {% endblock %} Take a look at the `example app <https://github.com/rochacbruno/flask_simplelogin/blob/master/example/>`__.
你可以在任何你想要和需要的地方定制它,它会收到一个 form在上下文中,并且是一个WTF form提交应该完成 到request.path,这是相同的/login视图。
如果需要,还可以在模板中使用{% if is_logged_in %}。
自定义或转换消息警报
默认消息警报为:
key | message |
---|---|
login_success | login success! |
login_failure | invalid credentials |
is_logged_in | already logged in |
logout | Logged out! |
login_required | You need to login first |
access_denied | Access Denied |
auth_error | Authentication Error: {0} |
NOTE: the ^{tt16}$ in ^{tt17}$ is a required placeholder to pass in the validator error message.
您可以通过传递字典进行自定义:
app=Flask(__name__)messages={'login_success':'Você está dentro!','login_failure':'ungültige Anmeldeinformationen','is_logged_in':'Iam initium','logout':'Déconnecté!','login_required':'Devi prima accedere','access_denied':'Acceso denegado','auth_error':'授權錯誤: {0}'}SimpleLogin(app,messages=messages)
自定义验证器
将must参数传递给login_requireddecorator,它可以是 function或functions的列表,如果函数返回None 表示no错误和验证程序通过。如果函数返回 "Error message"表示验证器未通过
defbe_admin(username):"""Validator to check if user has admin role"""user_data=my_users.get(username)ifnotuser_dataor'admin'notinuser_data.get('roles',[]):return"User does not have admin role"defhave_approval(username):"""Validator: all users approved so return None"""return@app.route('/protected')@login_required(must=[be_admin,have_approval])defprotected():returnrender_template('secret.html')Takealookatthe`exampleapp<https://github.com/rochacbruno/flask_simplelogin/blob/master/example/>`__.
要求
- 烧瓶WTF和WTForms
- SECRET_KEY设置在app.config
集成
是否需要访问控制?您可以轻松地将flask_simplelogin与flask_allows
https://github.com/justanr/flask-allowspip install flask_allows
fromflaskimportFlask,gfromflask_simpleloginimportSimpleLoginfromflask_allowsimportAllowsapp=Flask(__name__)app.config['SECRET_KEY']='something-secret'defis_staff(ident,request):returnident.permlevel=='staff'defonly_chuck_norris_can_login(user):ifuser.get('username')=='chuck'anduser.get('password')=='norris':# Bind the logged in user data to the `g` global objectg.user.username=user['username']g.user.permlevel='staff'# set user permission levelreturnTrue# AllowedreturnFalse# Denied# init allowsallows=Allows(identity_loader=lambda:g.user)# init SimpleLoginSimpleLogin(app,login_checker=only_chuck_norris_can_login)# a view which requires a logged in user to be member of the staff group@app.route('/staff_only')@allows.requires(is_staff)@login_requireddefa_view():return"staff only can see this"
需要json web令牌(jwt)?
看一看 Flask-JWT-Simple和 当然,您可以混合使用simpleLogin+jwt simple