Flask user authentication
I have an application that will use flask and mongodb; I will probably host it on rackspace.
I need to understand how flask authenticating works. I have not found mu
-
Flask-Login doesn't, technically, do authentication - it does session management, leaving the (tricky to securely implement) authentication details to you. Something like Flask-Security actually implements both session management and authentication (also nice-to-haves like password recovery/reset and the like), at the cost of having to have explicit support for your database.
讨论(0) -
there is a flask extension called flask_login but i recommend to make authentication from scratch btw im working on a flask project too using mongodb as my db and i made user authentication from scratch here's the register and login view for me view it and take an idea don't worry about how i hashed passwords i care about security alot but using one hashing algorithm like sha1 may be enough for your task and i made an OTP system u can simply ignore it if u dont want to add alot of authentication
# register view @registration.route('/register/', methods=['POST', 'GET']) def register(): if 'username' in flask.session: return flask.redirect(flask.url_for('home')) if flask.request.method == 'POST': username = flask.request.form['username'] password = flask.request.form['password'] raw_hashed_password = hashlib.md5(password.encode()).hexdigest() str_hashed_password = hashlib.sha1(hashlib.sha256(raw_hashed_password.encode()).hexdigest().encode()).hexdigest() info_check = collection.find_one({'_id':f'{username}'}) if info_check == None: flask.session['username'] = username first_name = flask.request.form['first_name'] last_name = flask.request.form['last_name'] profile_pic = flask.request.files['profile_pic'] app.flask_mongo.save_file(f'{username}{profile_pic.filename}', profile_pic) collection.insert_one({'_id':f'{username}', 'password':f'{str_hashed_password}', 'first_name':first_name, 'last_name':last_name, 'profile_pic':f'{username}{profile_pic.filename}', 'mode':'signup'}) return flask.redirect(flask.url_for('home')) elif info_check != None: flask.flash('username already exists!') return flask.render_template('register.html') # login view @registration.route('/login/', methods=['POST', 'GET']) def login(): if 'username' in flask.session: return flask.redirect(flask.url_for('home')) else: if flask.request.method == 'POST': username = flask.request.form['username'] password = flask.request.form['password'] raw_hashed_password = hashlib.md5(password.encode()).hexdigest() str_hashed_password = hashlib.sha1(hashlib.sha256(raw_hashed_password.encode()).hexdigest().encode()).hexdigest() info_check = collection.find_one({'_id':f'{username}'}) if info_check != None: if info_check['password'] == str_hashed_password: # flask.session['username'] = username collection.update_one({'_id':username}, {'$set':{'mode':'vercode'}}) return flask.redirect(flask.url_for('register.confirm_login', username=username)) else: flask.flash('incorrect password!') elif info_check == None: flask.flash('incorrect username!') return flask.render_template('login.html')讨论(0) -
I don't think that flask has any authentication built-in, only support for tracking sessions.
Here are some snippets for basic HTTP authentication and authentication with some third-party providers. Otherwise you will need to roll your own or use a framework that has this baked in (like Django)
Here is a discussion thread on this topic with a useful link
讨论(0) -
I would suggest using the flask-login extension, it makes session management really easy to add to your
flaskapplication, and provides a nice documentation which covers in details every aspect of the extension.讨论(0)
加载中...
- 热议问题