When I try access a route with the @auth.login_required decorator, I am prompted with a window to enter my username and password. After entering this info, the parameters username_or_token and password for the verify_password function are ''. Why is the data empty?
@auth.verify_password
def verify_password(username_or_token, password):
# first try to authenticate by token
user = USER.verify_auth_token(username_or_token)
logger.debug("user = %r", user)
logger.debug("Entered USEREMAIL = %r" , username_or_token)
logger.debug("entered password = %r" , password)
if not user:
# try to authenticate with username/password
user = session.query(USER).filter_by(USEREMAIL=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
UPDATE
I've simplified the code to this:
@auth.verify_password
def verify_password(username, password):
logger.debug("username = %s" % username)
logger.debug("password = %s" % password)
return true
@app.route('/api/token')
@auth.login_required
def get_auth_token():
return "Hello, %s!" % auth.username()
I'm testing this function by using Advanced Rest Client.
http://localhost:8081/myapp/api/token
I also attached an Authorization header.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Authorization: Basic YXNkOmFzZA==
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh-TW;q=0.4
This results in the output:
Hello, !
Log File:
username =
password =
I am also never prompted to enter my security credentials anymore.
Another strange thing is that even if I change return to false in verify_password, I still get the same output: Hello, !
I experienced similar to OP. If you're running with mod_wsgi, make sure to set WSGIPassAuthorization On as documented here.