Home Sign Up Sign In
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member  Sign In
lbfeng
V2EX  ›  Flask

如何跳过 httpauth

  •   
  •   lbfeng · Aug 18, 2015 · 3504 views
    This topic created in 3919 days ago, the information mentioned may be changed or developed.

    调用 restful api 需要通过 httpauth ,而站点使用 flask-login 管理用户登录。如何让已经登录的用户跳过 httpauth 呢? current_user.is_authenticated ()能实现吗?

    @api.before_request
    @auth.login_required
    def before_request ():
    if not g.current_user.is_anonymous and \
    not g.current_user.confirmed:
    return forbidden ('Unconfirmed account')

    Supplement 1  ·  Aug 19, 2015

    补全代码

    @auth.verify_password
def verify_password(email_or_token, password):
    if email_or_token == '':
        g.current_user = AnonymousUser()
        return True
    if password == '':
        g.current_user = User.verify_auth_token(email_or_token)
        g.token_used = True
        return g.current_user is not None
    user = User.query.filter_by(email=email_or_token).first()
    if not user:
        return False
    g.current_user = user
    g.token_used = False
    return user.verify_password(password)
  • not
  • Forbidden
  • Anonymous
  • RESTful
    1 replies    2015-08-18 13:04:11 +08:00
    jakes
        1
    jakes  
       Aug 18, 2015   ❤️ 1
    我的做法是在 flask-login 登录成功后产生一个用于 httpauth 授权的 token ,保存在 cookie 中。当请求是 RESTful API 时附带上 token 做验证,退出登录时删除该 token 。
    目前没想到什么好方法完美解决,期待楼下提供更为恰当的方法。也许需要写一个包含了 httpauth 授权和 flask-login 功能的 flask 插件吧?
    About   ·   Help   ·   Advertise   ·   Blog   ·   API   ·   FAQ   ·   Solana   ·   5700 Online   Highest 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 36ms · UTC 09:08 · PVG 17:08 · LAX 02:08 · JFK 05:08
    ♥ Do have faith in what you're doing.