flask_security study notes [Flask Security] when authentication fails to develop when the jump

Others 2019-11-04 06:34:36 views: null

[Flask Security] when authentication fails to develop Jump

 

Flask Security This plugin can be very good control of user rights.
Three model achieved through:
the User, to store user data
Role, role data stored
User_Role store user roles.

user_datastore = SQLAlchemyUserDatastore (db, User, Role)
can find a user by user_datastore, role, and giving or delete user roles and so on. Details, see: http: //pythonhosted.org/Flask-Security/api.html

For example, we create a new view:

@app.route('/')
@login_required
def home():
    return render_template('index.html')

This requirement landing, security will automatically generate a landing page, of course, you can also override the built-in template
is filled out correctly, you can see the content.
So how to use the authority to control it.

@app.route('/dashboard')
@roles_required('admin', 'editor')
def dashboard(): return "dashboard"

This uses @roles_required () decorator to achieve this, you need to log in users to have admin and editor of two roles. A corresponding additional decoration is @roles_accepted (), as long as there is one character that can pass.
So if the condition is not satisfied, it will jump to other places.
We take a look at its source code:

def wrapper(fn):
 @wraps(fn) def decorated_view(*args, **kwargs): perms = [Permission(RoleNeed(role)) for role in roles] for perm in perms: if not perm.can(): if _security._unauthorized_callback: return _security._unauthorized_callback() else: return _get_unauthorized_view() return fn(*args, **kwargs) return decorated_view return wrapper

If you do not see, you will see by the certification authority if there _unauthorized_callback this method. If you have to call
if not, it will call _get_unauthorized_view () method.
Then continue to look at its code:

def _get_unauthorized_view():
    cv = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW')) utils.do_flash(*utils.get_message('UNAUTHORIZED')) return redirect(cv or request.referrer or '/')

We can see the look of the 'UNAUTHORIZED_VIEW' this configuration.
Enter config_value, we found that it calls the following method to find the configuration:

def get_config(app):
    """Conveniently get the security configuration for the specified application without the annoying 'SECURITY_' prefix. :param app: The application to inspect """ items = app.config.items() prefix = 'SECURITY_' def strip_prefix(tup): return (tup[0].replace('SECURITY_', ''), tup[1]) return dict([strip_prefix(i) for i in items if i[0].startswith(prefix)])

Note that we in the configuration app when you want to add a 'SECURITY_' prefix for the job!
So long as we are disposed app:
the app.config [ 'SECURITY_UNAUTHORIZED_VIEW'] = '/ UNAUTH'
and add a view:

@app.route('/unauth')
def unauth(): return "unauth"

When the authentication fails, this will jump to the page.

Of course, there is a more flexible configuration method is to write a decorator to accept a url

def set_unauth_view(url):
    def wrapper(fn): def decorator(*args, **kwargs): current_app.config['SECURITY_UNAUTHORIZED_VIEW'] = url return fn(*args, **kwargs) return decorator return wrapper

then:

@app.route('/dashboard')
@set_unauth_view('/unauth')
@roles_required('admin', 'editor')
def dashboard(): return "dashboard"

So that you can specify the jump page for a particular view.

 
 

Flask Security This plugin can be very good control of user rights.
Three model achieved through:
the User, to store user data
Role, role data stored
User_Role store user roles.

user_datastore = SQLAlchemyUserDatastore (db, User, Role)
can find a user by user_datastore, role, and giving or delete user roles and so on. Details, see: http: //pythonhosted.org/Flask-Security/api.html

For example, we create a new view:

@app.route('/')
@login_required
def home():
    return render_template('index.html')

This requirement landing, security will automatically generate a landing page, of course, you can also override the built-in template
is filled out correctly, you can see the content.
So how to use the authority to control it.

@app.route('/dashboard')
@roles_required('admin', 'editor')
def dashboard(): return "dashboard"

This uses @roles_required () decorator to achieve this, you need to log in users to have admin and editor of two roles. A corresponding additional decoration is @roles_accepted (), as long as there is one character that can pass.
So if the condition is not satisfied, it will jump to other places.
We take a look at its source code:

def wrapper(fn):
 @wraps(fn) def decorated_view(*args, **kwargs): perms = [Permission(RoleNeed(role)) for role in roles] for perm in perms: if not perm.can(): if _security._unauthorized_callback: return _security._unauthorized_callback() else: return _get_unauthorized_view() return fn(*args, **kwargs) return decorated_view return wrapper

If you do not see, you will see by the certification authority if there _unauthorized_callback this method. If you have to call
if not, it will call _get_unauthorized_view () method.
Then continue to look at its code:

def _get_unauthorized_view():
    cv = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW')) utils.do_flash(*utils.get_message('UNAUTHORIZED')) return redirect(cv or request.referrer or '/')

We can see the look of the 'UNAUTHORIZED_VIEW' this configuration.
Enter config_value, we found that it calls the following method to find the configuration:

def get_config(app):
    """Conveniently get the security configuration for the specified application without the annoying 'SECURITY_' prefix. :param app: The application to inspect """ items = app.config.items() prefix = 'SECURITY_' def strip_prefix(tup): return (tup[0].replace('SECURITY_', ''), tup[1]) return dict([strip_prefix(i) for i in items if i[0].startswith(prefix)])

Note that we in the configuration app when you want to add a 'SECURITY_' prefix for the job!
So long as we are disposed app:
the app.config [ 'SECURITY_UNAUTHORIZED_VIEW'] = '/ UNAUTH'
and add a view:

@app.route('/unauth')
def unauth(): return "unauth"

When the authentication fails, this will jump to the page.

Of course, there is a more flexible configuration method is to write a decorator to accept a url

def set_unauth_view(url):
    def wrapper(fn): def decorator(*args, **kwargs): current_app.config['SECURITY_UNAUTHORIZED_VIEW'] = url return fn(*args, **kwargs) return decorator return wrapper

then:

@app.route('/dashboard')
@set_unauth_view('/unauth')
@roles_required('admin', 'editor')
def dashboard(): return "dashboard"

So that you can specify the jump page for a particular view.

Guess you like

Origin www.cnblogs.com/leijiangtao/p/11790068.html
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com