Search code examples
pythonflaskflask-login

How to integrate login required decorator to flask routes with a static user ID and password?

I am new to flask and python, i am trying to add login required and all routes other than home page. I read about flask-login module, haven't had any success. Looking for suggestions !

I tried using flask-login and prevent access of "/data" route. It did not work. My login requirement is very simple, allow login if user pass is admin/admin. And make sure the user is logged in for all subsequent routes.

Here is my flask code

from flask import Flask, render_template, redirect, url_for, request
import subprocess
import os
import datetime
import time
app = Flask(__name__)


@app.route("/")
def home():
   now = datetime.datetime.now()
   timeString = now.strftime("%Y-%m-%d %H:%M")
   templateData = {
      'title' : 'HELLO!',
      'time': timeString
      }
   return render_template('main.html', **templateData)


@app.route('/login', methods=['GET', 'POST'])
def login():
    error = None
    if request.method == 'POST':
        if request.form['username'] != 'admin' or request.form['password'] != 'admin':
            error = 'Invalid Credentials. Please try again.'
        else:
            return redirect(url_for('data'))
    return render_template('login.html', error=error)

@app.route("/data")
def data():
   now = datetime.datetime.now()
   timeString = now.strftime("%Y-%m-%d %H:%M")
   templateData = {
      'title' : 'HELLO!',
      'time': timeString
      }
   return render_template('api.html', **templateData)

if __name__ == "__main__":
   app.run(host='0.0.0.0', debug=True)

I dont want /data route to be accessed without login as admin/admin

Solution

  • flask_login should do the trick.

    use the @login_required decorator on any route that you want to make unavailable to users who aren't currently logged in.

    from flask_login import login_required

@app.route("/data")
@login_required
def data():
    ...
    ...

    the go-to session management extension for flask is session. for this example, you'll need a secret key...

    import secrets

app = Flask(__name__)
app.config['SECRET_KEY'] = secrets.token_hex(16)

    and an example usage of flask session management...

    from flask import session

@app.route('/login', methods=['GET', 'POST'])
def login():
    error = None
    if request.method == 'POST':
        if request.form['username'] != 'admin' or request.form['password'] != 'admin':
            error = 'Invalid Credentials. Please try again.'
        else:
            session['logged_in'] = True
            return redirect(url_for('data'))
    return render_template('login.html', error=error)