pythonflaskflask-login

Flask login @login_required not working


I'm using flask-login to make sure users are logged in before they can access certain pages. I'm using @login_required on the view I want to protect, but even though I'm setting login_user(user) where I'm wanting to set the user, it does not let me go into my protected route (index). I'm printing out the value of my user_login(user) and it returns True. What am I doing wrong?

@app.route('/')
@app.route('/index')
@login_required
def index():
    print("was in here", file=sys.stderr)
    return render_template('index.html')

This is the route where I set the user_login(user)

@app.route('/authenticate')
def authenticate():
    code = request.args.get('code')
    state = request.args.get('state')
    quiz_auth_response = quizlet_auth(code, state)

    g.token = quiz_auth_response['token']

    response = json.loads(make_request(quiz_auth_response['user_name']))

    try:
        user = models.User.get(models.User.username == response['username'])
        login_user(user)
    except models.DoesNotExist:
        print("does not exist", file=sys.stderr)
        user = models.User.create_user(response['username'], response['id'])
        return redirect('/index')
    else:
        login_user(user)
        print("log in user " + str(login_user(user)), file=sys.stderr)
        login_user(user)
        return redirect('/index')

Here is my user_loader

@login_manager.user_loader
def load_user(userid):
    try:
        return models.User.get(models.User.id == userid)
    except models.DoesNotExist:
        return None

Here is my User model

sqlite_db = SqliteDatabase('sqlite.db')

class BaseModel(Model):
    class Meta:
        database = sqlite_db

class User(UserMixin, BaseModel):
    username = CharField(unique=True)
    quizlet_id = CharField(unique=True)
    joined_at = DateTimeField(default=datetime.datetime.now)

    @classmethod
    def create_user(cls, username, quiz_id, **kwards):

        try:
            cls.select().where(
                (cls.username == username) | (cls.quizlet_id == quiz_id)
            ).get()
        except cls.DoesNotExist:
                print("putting user in thing", file=sys.stderr)
                user = cls(username = username, quizlet_id = quiz_id)

                print(user.username)
                user.save()
                return user
        else:
            raise Exception("User with that email exists already")

    @staticmethod
    def set_password(password):

        return generate_password_hash(password.encode('utf-8'))

Solution

  • Just spent the last 2 hours trying to fix this and realized that it was because off the configuration that the login_required was not working

    On my local development environment, I had set

    app.config['TESTING'] = True

    From the flask-login documentation

    If the application configuration variable LOGIN_DISABLED or TESTING is set to True, the login_required decorator will be ignored

    set it back to this and got it working

    app.config['TESTING'] = False