我有一个 authenticated_resource 装饰器,如果用户没有登录,它会阻止访问某些路由。如果用户没有登录,我想重定向到登录页面,但现在它显示的是“禁止”消息。如何重定向?
Forbidden
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
@app.route('/metering')
@authenticated_resource
def getstats():
token = session.get('auth_token')
print 'token in metering =', token
return render_template('metering.html', title='Resource Usage')
@app.route('/logout')
def logout():
session.pop('auth_token', None)
session.pop('authenticated', None)
return redirect(url_for('login'))
def authenticated_resource(function):
@wraps(function)
def decorated(*args, **kwargs):
if session.get('authenticated'):
return function(*args, **kwargs)
return abort(403) # unauthenticated
return decorated
@app.route('/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
if request.form['username'] != 'admin' or request.form['password'] != '1234':
error = 'Invalid Credentials. Please try again.'
else:
username = request.form['username']
password = request.form['password']
token = auth.get_token(username, password)
session['authenticated'] = True
session['auth_token'] = token
return redirect(url_for('getstats'))
return render_template('login.html', error=error)
最佳答案
与其以 403 错误中止,不如更改您的 authenticated_resource 以返回到登录页面的重定向。
def authenticated_resource(f):
@wraps(f)
def decorated(*args, **kwargs):
if 'auth_token' in session:
return f(*args, **kwargs)
return redirect(url_for('login'))
return decorated
您应该强烈考虑使用 Flask-Login为您管理用户 session 、重定向等。
关于python - 重定向到登录页面而不是在未登录时显示禁止消息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32233632/