Home > Software engineering >  Restrict users to access routes in flask
Restrict users to access routes in flask

Time:05-18

I am trying to create a flask app that will allow users to login, thereafter, they will be redirected to a specific dashboard created and being served with Bokeh.

So, for example, we have an user1, at the beginning he will start in https:myurl/login, after successful login he will be redirected to https:myurl/user1 where his specific dashboard is.

So, my question is, how I can avoid user1 accessing dashboard from other users user2, user3, etc. It is actually possible to do that? I am relatively new to flask, so my apologies if the question sounds silly.

from multiprocessing import connection
from functools import wraps
from re import A
from flask import Flask, render_template, request, flash, redirect, url_for, session
import sqlite3


from sqlalchemy import DATE

# Setup
app = Flask(__name__)

app.secret_key = "my_key"

# Routes
@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        connection = sqlite3.connect("user_login.db")
        cursor = connection.cursor()

        # Get what the user has typed in the HTML form
        username = request.form["username"]
        password = request.form["password"]

        # SQL query
        cursor.execute(
            "SELECT * FROM users WHERE username=? AND password=?", (username, password)
        )
        data = cursor.fetchone()

        if data:
            session["username"] = data[1]
            session["password"] = data[2]
            return redirect(url_for("user({data[1]})"))
            # return redirect(f"https://myurl/{session['username']}", code=302)
        else:
            flash("Username and Password Mismatch", "DANGER! Please try again")

    # Render HTML template
    return render_template("login.html")


# Check if user is logged in
# def is_logged_in(f):
#     @wraps(f)
#     def secure_function(*args, **kwargs):
#         if "logged_in" in session:
#             return f(*args, **kwargs)
#         else:
#             flash("Unauthorized, please login", "danger")
#             return redirect(url_for("login"))
#     return secure_function


@app.route("/<username>")
def user(username):
    if username == session['username']:
        return redirect(
            f"https://myurl/{session['username']}", code=302
        )
    else:
        return flash("Unauthorized")


# @app.route('/')
# def logged():
#     return redirect(f"https://myurl/{session['username']}", code=302)


if __name__ == "__main__":
    app.run(debug=True)

CodePudding user response:

How about verifying if the

current_user.username == myurl/<username>

.username being the name of your user in your Models(if it is name then current_user.name, etc.)

Like

@app.route("/dashboard/<username>")
def dashboard(username):
    if username == current_user.username:
        #proceed
    else:
        return "Access Denied"

*** Edit ***

Your provided code for the return statement

redirect(url_for("user({data[1]})"))

Could be written as:


return redirect(url_for('user', username = data[1]))

Page link:https//www.codepudding.com/Softwareengineering/411024.html

Prev:How do I save an image in Upload Folder with a Custom name in flask?
Next:Can I get trusted CA certificate for a local virtual host e.g. https://myapp
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding