问题
I have a authenticated_resource decorator that prevents access to some routes if the user is not logged in. I'd like to redirect to the login page if the user is not logged in, but right now it shows a "Forbidden" message instead. How do I redirect?
Forbidden
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
@app.route('/metering')
@authenticated_resource
def getstats():
token = session.get('auth_token')
print 'token in metering =', token
return render_template('metering.html', title='Resource Usage')
@app.route('/logout')
def logout():
session.pop('auth_token', None)
session.pop('authenticated', None)
return redirect(url_for('login'))
def authenticated_resource(function):
@wraps(function)
def decorated(*args, **kwargs):
if session.get('authenticated'):
return function(*args, **kwargs)
return abort(403) # unauthenticated
return decorated
@app.route('/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
if request.form['username'] != 'admin' or request.form['password'] != '1234':
error = 'Invalid Credentials. Please try again.'
else:
username = request.form['username']
password = request.form['password']
token = auth.get_token(username, password)
session['authenticated'] = True
session['auth_token'] = token
return redirect(url_for('getstats'))
return render_template('login.html', error=error)
回答1:
Rather than aborting with a 403 error, change your authenticated_resource to return a redirect to the login page.
def authenticated_resource(f):
@wraps(f)
def decorated(*args, **kwargs):
if 'auth_token' in session:
return f(*args, **kwargs)
return redirect(url_for('login'))
return decorated
You should strongly consider using Flask-Login to manage the user sessions, redirection, etc. for you.
来源:https://stackoverflow.com/questions/32233632/redirect-to-login-page-rather-than-showing-a-forbidden-message-when-not-logged-i