Home > Software design >  Password protected site Flask/Dash
Password protected site Flask/Dash

Time:10-22

I built a website following https://dev.to/hackersandslackers/integrate-plotly-dash-into-your-flask-app-5gbo which basically embeds dashboards into flask so you have access to all the flask goodies.

Problem is that now, when I try to pwd protect the website, I can still go to the other pages (i.e the first one is not a stop).

My example website structure is

    /plotlydash-flask-tutorial
├── /application
│   ├── __init__.py
│   ├── routes.py
│   ├── /static
│   ├── /templates
        └── index.html
│   └── /plotlydash
│       └── page1.py
        └── page2.py
        └── home.py
├── /data
├── README.md
├── config.py
└── wsgi.py

While my routes.py looks like this

from flask import Flask, render_template, redirect, request, url_for
import flask_login as flask_login
from flask_login import LoginManager, UserMixin
from flask import current_app as app

login_manager = LoginManager()
login_manager.init_app(app)

users = {'rev':{'pw':'rev12345'}}

class User(UserMixin):
    pass


@login_manager.user_loader
def user_loader(username):
    if username not in users:
        return
    user = User()
    user.id = username
    return user


@login_manager.request_loader
def request_loader(request):
    username = request.form.get('username')
    if username not in users:
        return

    user = User()
    user.id = username

    user.is_authenticated = request.form['pw'] == users[username]['pw']
    return user

@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':
        username = request.form.get('username')
        if request.form.get('pw') == users[username]['pw']:
            user = User()
            user.id = username
            flask_login.login_user(user)
            return redirect("/home")
    return render_template('index.html')

While this work to prevent access to '/' when I go to '/page1' or '/home' it does allow access without authentication. What am I missing? Is it because the Dash apps are started in parallel to the main Flask instance?

CodePudding user response:

Solved using a function from here. Great resource! https://github.com/jimmybow/Flask_template_auth_with_Dash/blob/master/Dashboard/Dash_App1.py

CodePudding user response:

Each app.route function needs its own @flask_login.login_required decorator to prevent a non-authorized user from accessing it.

It also looks like your /home route redirects to itself in a loop, without ever returning a rendered template.

  • Related