1. 首页
  2. 问答
  3. Flask Python中的无效登录逻辑

Flask Python中的无效登录逻辑

2013-05-02 106 views
1

我正在使用Flask与SQLAlchemy和Flask-Login。Flask Python中的无效登录逻辑

我可以成功登录并注销一个注册用户。

我发现令人困惑的是,当我在登录页面输入不正确的密码时,我回到登录页面,并显示“Welcome [email protected]”代码,如果我成功登录,只会出现

@app.route('/login', methods=['GET', 'POST']) 
def login(): 
    form = LoginForm() 
     user = User.query.filter_by(email=form.email.data).first() 
     if form.validate_on_submit(): 
      if user and check_password_hash(user.password, form.password.data): 
       session['user_id'] = user.id 
       flash('Welcome %s' % user.email) 
       return redirect(url_for('dashboard')) 
      else: 
       flash('Wrong email or password') 
       return render_template("login.html", form=form) 
     flash('The email or password is wrong.') 

    return render_template("login.html", form=form)

编辑:由于TIGRA,这是我结束了。

views.py

@app.route('/login', methods=['GET', 'POST']) 
def login(): 
    form = LoginForm() 
    user = User.query.filter_by(email=form.email.data).first() 
    if request.method == "POST": 
     if form.validate(): 
      # the session can't be modified as it's signed, 
      # so it's a safe place to store the user 
      session['user_id'] = user.id 
      flash('Welcome %s' % user.email) 
      return redirect(url_for('dashboard')) 
     else: 
      flash('Wrong email or password') 
      return render_template("login.html", form=form) 
    return render_template("login.html", form=form)

forms.py

from models import User 
from werkzeug import check_password_hash 

class LoginForm(Form): 
    email = TextField('email', validators = [Required(), Email()]) 
    password = PasswordField('password', validators = [Required()]) 
    remember_me = BooleanField('remember_me', default = False) 

    def __init__(self, *args, **kwargs): 
     Form.__init__(self, *args, **kwargs) 
     self.user = None 

    def validate(self): 
     rv = Form.validate(self) 
     if not rv: 
      return False 

     user = User.query.filter_by(email=self.email.data).first() 
     if user is None: 
      self.email.errors.append('Unknown username') 
      return False 

     if not check_password_hash(user.password,self.password.data): 
      self.password.errors.append('Invalid password') 
      return False 

     self.user = user 
     return True

来源

2013-05-02 kerno

回答

3

你有两个问题:

1)你不应该做这样的检查(登录/表单验证后的密码)。应该内部形式本身来定义,阅读有关wtforms

2)此外,还要确保自定义验证,格式化您介绍的是实际的一个,becouse你在呈现的格式至少错误:

form = LoginForm() 
    user = User.query.filter_by(email=form.email.data).first()

所以不能确定没有更多。
另外,你的passcheck函数来自werzkeug.security?

至于表单自定义验证有一个例子:
使用这种方法实际验证失败,没有额外的检查

class LoginForm(SafeForm): 
    email=TextField(__("E-Mail"),validators=[Required()]) 
    password=PasswordField(__("Password"),validators=[Required()]) 
    submit=SubmitField(__("Login")) 

    def __init__(self,*k,**kk): 
     self._user=None #for internal user storing 
     super(LoginForm,self).__init__(*k,**kk) 

    def validate(self): 
     self._user=User.query.filter(User.email==self.email.data).first() 
     return super(LoginForm,self).validate() 

    def validate_email(self,field): 
     if self._user is None: 
      raise ValidationError(_("E-Mail not recognized")) 


    def validate_password(self,field): 
     if self._user is None: 
      raise ValidationError() #just to be sure 
     if not self._user.validate_password(self.password.data): #passcheck embedded into user model 
      raise ValidationError(_("Password incorrect"))

来源

2013-05-02 11:33:45 Tigra

+0

感谢TIGRA!你让我想到这是如何工作的,而且我已经成功修改了它。 – kerno 2013-05-02 12:26:49

相关问题

 相关问题