通过用户名而不是emai登录flasksecurity

2024-09-26 21:47:12 发布

您现在位置:Python中文网/ 问答频道 /正文
5507 3

我希望在User模型中有一个字段,通过它用户以username而不是{}登录

我定义:
app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = 'username'

但我仍然得到:

user_datastore.add_role_to_user(name, 'mgmt')
      File "/Users/boazin/sentinal/sentinel-cloud/.env/lib/python2.7/site-packages/flask_security/datastore.py", line 105, in add_role_to_user
        user, role = self._prepare_role_modify_args(user, role)
      File "/Users/boazin/sentinal/sentinel-cloud/.env/lib/python2.7/site-packages/flask_security/datastore.py", line 72, in _prepare_role_modify_args
        user = self.find_user(email=user)
      File "/Users/boazin/sentinal/sentinel-cloud/.env/lib/python2.7/site-packages/flask_security/datastore.py", line 203, in find_user
        return self.user_model.query.filter_by(**kwargs).first()
      File "/Users/boazin/sentinal/sentinel-cloud/.env/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 1333, in filter_by
        for key, value in kwargs.items()]
      File "/Users/boazin/sentinal/sentinel-cloud/.env/lib/python2.7/site-packages/sqlalchemy/orm/base.py", line 383, in _entity_descriptor
        (description, key)
    InvalidRequestError: Entity '<class 'flask_app.models.User'>' has no property 'email'

看来电子邮件是硬编码到烧瓶安全。。。在

我能换一下吗?在

编辑: 用户模型(如评论中所要求的):

^{pr2}$

Tags: inpyenvcloudlibpackageslinesite
2条回答
网友
1楼 · 编辑于 2024-09-26 21:47:12

来自https://pythonhosted.org/Flask-Security/models.html

字段id, email, password, active是基本的。所以添加

email = db.Column(db.String(255), unique=True)

只需添加您的自定义username字段。在

网友
2楼 · 编辑于 2024-09-26 21:47:12

要使用用户名而不是电子邮件地址登录(使用Flask Security 1.7.0或更高版本),可以在User模型中将email字段替换为username字段

class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(255), unique=True, index=True)
    password = db.Column(db.String(255))
    active = db.Column(db.Boolean())
    confirmed_at = db.Column(db.DateTime())
    roles = db.relationship('Role', secondary=roles_users,
                            backref=db.backref('users', lazy='dynamic'))

{cd4>更新配置。在

^{pr2}$

接下来,为了允许用户使用用户名而不是电子邮件登录,我们将使用LoginForm validation method假定用户标识属性在email表单字段中。在

from flask_security.forms import LoginForm
from wtforms import StringField
from wtforms.validators import InputRequired

class ExtendedLoginForm(LoginForm):
    email = StringField('Username', [InputRequired()])

# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore,
                    login_form=ExtendedLoginForm)

这样,我们就可以使用用户名登录,而不必重写验证方法或登录模板。当然,这是一种黑客攻击,更正确的方法是向ExtendedLoginForm类添加一个自定义的validate方法,该方法检查username表单字段,并相应地更新登录模板。在

然而,使用上述地址登录的方法更容易。为此,请定义一个同时包含用户名和电子邮件字段的用户模型。在

class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(255), unique=True)
    username = db.Column(db.String(255), unique=True, index=True)
    password = db.Column(db.String(255))
    active = db.Column(db.Boolean())
    confirmed_at = db.Column(db.DateTime())
    roles = db.relationship('Role', secondary=roles_users,
                            backref=db.backref('users', lazy='dynamic'))

并更新app配置。在

app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = ('username','email')

最后,创建自定义登录表单。在

from flask_security.forms import LoginForm
from wtforms import StringField
from wtforms.validators import InputRequired

class ExtendedLoginForm(LoginForm):
    email = StringField('Username or Email Address', [InputRequired()])

# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore,
                    login_form=ExtendedLoginForm)

现在,当登录时,Flask Security将接受电子邮件表单字段中的电子邮件或用户名。在

相关问题 更多 >

    编程相关推荐

    热门问题