Flask-login should log in and redirect to /home, but instead logging in goes to the unauthorized handler and back to the login page.
Here's my app.py:
#!/usr/bin/python3
from flask import Flask, request, render_template, url_for, redirect
from ft_libraries import *
from flask_login import LoginManager, login_user, login_required
with open(os.path.join(sys.path[0], "settings.json"), "r") as f:
config=json.load(f)
app = Flask(__name__)
app.config['SECRET_KEY'] = "SuperSecretKey!"
app.config['TESTING'] = False
login_manager=LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'
@login_manager.user_loader
def load_user(user):
user = User(username, password)
if user.is_authenticated():
return user
else:
return None
@login_manager.unauthorized_handler
def unauthorized():
return redirect('/login?next=' request.path)
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username=request.form['username']
password=request.form['password']
global user_login
user_login=User(username, password)
if user_login.is_authenticated():
login_user(user_login, remember=True)
return redirect(url_for('home'))
else:
return render_template('login.html', error='<div class="error">Er is een probleem opgetreden.</div>')
return render_template('login.html')
@app.route('/home')
@login_required
def home():
return render_template('base.html', uid=user_login.get_id())
@app.route("/home/postcodecheck", methods=['GET', 'POST'])
@login_required
def postcodecheck():
if request.method=='GET':
return render_template('tools/postcodecheck/_input.html', uid="Testgebruiker")
if request.method=='POST':
ref=request.form['reference']
pofo=request.form["portfolio"]
zip=request.form['zipcode']
housenr=request.form['housenr']
housenrext=request.form.get('housenrextension')
output = fieldtoolslib.PostcodeCheck( ref, pofo,
zip, housenr,
housenrext).get_tables()
return render_template('tools/postcodecheck/_output.html', output=output)
if __name__ == '__main__':
app.run(debug=True)
aswell as my User object, which works using LDAP and some static returns(which aren't gonna be used):
class User:
def __init__(self, username, password):
self.username = username
self.password = password
def is_authenticated(self):
if LdapConn(ldap_server, self.username, self.password).confirm_login():
return True
else:
return False
def is_active(self):
return True
def is_anonymous(self):
return False
def get_id(self):
domain,id = self.username.split("\\")
return id
What it should be doing is redirect the user to the place it came from, or to /home, but instead it redirects to /login?next=/home.
CodePudding user response:
In your unauthorized_handler you explicitly redirect to /login?next=
@login_manager.unauthorized_handler
def unauthorized():
return redirect('/login?next=' request.path)
You should get the next
element and then redirect to it without prefixing /login
next = flask.request.args.get('next')
# is_safe_url should check if the url is safe for redirects.
# See http://flask.pocoo.org/snippets/62/ for an example.
if not is_safe_url(next):
return flask.abort(400)
return flask.redirect(next or flask.url_for('index'))
CodePudding user response:
I fixed it. On Line 22, I changed:
if user.is_authenticated()
to
if user.is_authenticated:
This fixed my issue.
I thought it had to be a method, however, is_authenticated
is a property of user, not a method that is applicable. Therefore, changing it fixed the issue.