User authentication and authorization in Flask
Jun 17, 2023 pm 06:02 PM
With the widespread use of Web applications, security and data protection have become an important issue in Web application development. To ensure the security of web applications, user authentication and authorization are required. As a popular web development framework, Flask provides many mechanisms for implementing user authentication and authorization.
- User Authentication
User authentication refers to using a certain authentication method to determine whether the user's identity is legitimate when the user accesses the Web application. Flask provides many built-in methods to implement user authentication.
1.1. HTTP Basic Authentication
HTTP Basic Authentication is an authentication mechanism based on the HTTP protocol, which requires users to provide user names and passwords for verification when requesting resources. Flask has built-in HTTP basic authentication function, which can be easily implemented through the Flask-BasicAuth extension.
To use the Flask-BasicAuth extension, you need to install and create a BasicAuth object in your Flask application, and then decorate it on the routing function that requires basic authentication. The sample code is as follows:
from flask import Flask
from flask_basicauth import BasicAuth
app = Flask(__name__)
app.config['BASIC_AUTH_USERNAME'] = 'username'
app.config['BASIC_AUTH_PASSWORD'] = 'password'
basic_auth = BasicAuth(app)
@app.route('/')
@basic_auth.required
def index():
return 'Hello, World!'In the above code, the two configuration items of BasicAuth are used to set the user name and password. The @basic_auth.required decorator on the routing function implements the basic authentication function.
1.2. Form Authentication
Form authentication is one of the most common authentication methods in web applications. Implementing form authentication in Flask generally requires the use of the Flask-Login extension.
The Flask-Login extension provides a UserMixin class that can be used to represent the user data model. The sample code is as follows:
from flask_login import UserMixin
class User(UserMixin):
def __init__(self, id, username, password):
self.id = id
self.username = username
self.password = password
def get_id(self):
return str(self.id)In the sample code, the User class inherits from the flask_login.UserMixin class, which contains commonly used user authentication methods. In the Flask-Login extension, you also need to provide a user loading function for loading user data. The sample code is as follows:
from flask_login import login_user, LoginManager
from flask import Flask, render_template, redirect, url_for
from werkzeug.security import generate_password_hash, check_password_hash
app = Flask(__name__)
app.secret_key = 'your secret key'
login_manager = LoginManager(app)
# 用戶數(shù)據(jù)
users = {
1: {'username': 'user1', 'password': 'password1'},
2: {'username': 'user2', 'password': 'password2'},
3: {'username': 'user3', 'password': 'password3'},
}
# 實(shí)現(xiàn)用戶加載函數(shù)
@login_manager.user_loader
def load_user(user_id):
user = users.get(int(user_id))
if user:
return User(user_id, user['username'], user['password'])
return None
# 實(shí)現(xiàn)登錄視圖
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
for user_id, user_data in users.items():
if user_data['username'] == username and check_password_hash(user_data['password'], password):
user = User(user_id, username, password)
login_user(user)
return redirect(url_for('index'))
return 'Invalid username/password combination'
return render_template('login.html')
# 實(shí)現(xiàn)需要登錄才能訪問的視圖
@app.route('/')
@login_required
def index():
return 'Hello, World!'In the sample code, using the Flask-Login extension requires initializing the Flask application and setting secret_key, and then implementing the user loading function through the login_manager.user_loader decorator. Finally, login control can be achieved by using the @login_required decorator on view functions that require login to access.
- User authorization
User authorization refers to determining which users can access which resources. Implementing user authorization in Flask requires the use of the Flask-Principal extension.
The Flask-Principal extension provides three classes: Permission, Role, and Identity, which can be used to define user permissions to access resources. Permission represents the permission to request access to a resource, Role represents the user identity or group, and Identity represents the identity information of a user.
The sample code is as follows:
from flask_principal import Principal, Identity, AnonymousIdentity, Permission, RoleNeed
app = Flask(__name__)
principal = Principal(app)
# 定義角色,這里假設(shè)有管理員和普通用戶兩種角色
admin_role = RoleNeed('admin')
user_role = RoleNeed('user')
# 定義權(quán)限
admin_permission = Permission(admin_role)
user_permission = Permission(user_role)
# 定義 Identity,需要通過 Identity 的認(rèn)證才能訪問需要權(quán)限管理的路由
@app.before_request
def before_request():
identity = Identity(anonymous=True)
if current_user.is_authenticated:
identity = Identity(current_user.id)
if current_user.is_admin:
identity.provides.add(admin_role)
else:
identity.provides.add(user_role)
principal.identity = identity
# 在需要受權(quán)限控制的路由上使用 requires(permission) 裝飾器
@app.route('/admin')
@admin_permission.require(http_exception=403)
def admin_index():
return 'Hello, Admin!'
@app.route('/user')
@user_permission.require(http_exception=403)
def user_index():
return 'Hello, User!'In the sample code, two Roles are defined, namely admin_role and user_role. Each Role can define a Permission, which is used to control the permissions required for related operation access. In the before_request function, Identity authentication is implemented, and different Roles are added according to specific circumstances. Permission control can be achieved by using the requires(permission) decorator on routes that require permission management.
Flask provides many methods for implementing user authentication and authorization. Mastering these methods can help developers improve the security of web applications. At the same time, developers also need to carefully consider which method to use to implement user authentication and authorization to ensure application security and user data protection.
The above is the detailed content of User authentication and authorization in Flask. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to build simple and easy-to-use web applications with React and Flask
Sep 27, 2023 am 11:09 AM
How to use React and Flask to build simple and easy-to-use web applications Introduction: With the development of the Internet, the needs of web applications are becoming more and more diverse and complex. In order to meet user requirements for ease of use and performance, it is becoming increasingly important to use modern technology stacks to build network applications. React and Flask are two very popular frameworks for front-end and back-end development, and they work well together to build simple and easy-to-use web applications. This article will detail how to leverage React and Flask
How to upgrade win10 enterprise version 2016 long-term service version to professional version
Jan 03, 2024 pm 11:26 PM
When we no longer want to continue using the current Win10 Enterprise Edition 2016 Long-Term Service Edition, we can choose to switch to the Professional Edition. The method is also very simple. We only need to change some contents and install the system image. How to change win10 enterprise version 2016 long-term service version to professional version 1. Press win+R, and then enter "regedit" 2. Paste the following path directly in the address bar above: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion3 , then find the EditionID and replace the content with "professional" to confirm
Guide to installing the Flask framework: Detailed steps to help you install Flask correctly
Feb 18, 2024 pm 10:51 PM
Flask framework installation tutorial: Teach you step by step how to correctly install the Flask framework. Specific code examples are required. Introduction: Flask is a simple and flexible Python Web development framework. It's easy to learn, easy to use, and packed with powerful features. This article will lead you step by step to correctly install the Flask framework and provide detailed code examples for reference. Step 1: Install Python Before installing the Flask framework, you first need to make sure that Python is installed on your computer. You can start from P
Django vs. Flask: A comparative analysis of Python web frameworks
Jan 19, 2024 am 08:36 AM
Django and Flask are both leaders in Python Web frameworks, and they both have their own advantages and applicable scenarios. This article will conduct a comparative analysis of these two frameworks and provide specific code examples. Development Introduction Django is a full-featured Web framework, its main purpose is to quickly develop complex Web applications. Django provides many built-in functions, such as ORM (Object Relational Mapping), forms, authentication, management backend, etc. These features allow Django to handle large
Comparing the performance of Gunicorn and uWSGI for Flask application deployment
Jan 17, 2024 am 08:52 AM
Flask application deployment: Comparison of Gunicorn vs suWSGI Introduction: Flask, as a lightweight Python Web framework, is loved by many developers. When deploying a Flask application to a production environment, choosing the appropriate Server Gateway Interface (SGI) is a crucial decision. Gunicorn and uWSGI are two common SGI servers. This article will describe them in detail.
Start from scratch and guide you step by step to install Flask and quickly establish a personal blog
Feb 19, 2024 pm 04:01 PM
Starting from scratch, I will teach you step by step how to install Flask and quickly build a personal blog. As a person who likes writing, it is very important to have a personal blog. As a lightweight Python Web framework, Flask can help us quickly build a simple and fully functional personal blog. In this article, I will start from scratch and teach you step by step how to install Flask and quickly build a personal blog. Step 1: Install Python and pip Before starting, we need to install Python and pi first
Flask vs FastAPI: The best choice for efficient Web API development
Sep 27, 2023 pm 09:01 PM
FlaskvsFastAPI: The best choice for efficient development of WebAPI Introduction: In modern software development, WebAPI has become an indispensable part. They provide data and services that enable communication and interoperability between different applications. When choosing a framework for developing WebAPI, Flask and FastAPI are two choices that have attracted much attention. Both frameworks are very popular and each has its own advantages. In this article, we will look at Fl
Gunicorn Deployment Guide for Flask Applications
Jan 17, 2024 am 08:13 AM
How to deploy Flask application using Gunicorn? Flask is a lightweight Python Web framework that is widely used to develop various types of Web applications. Gunicorn (GreenUnicorn) is a Python-based HTTP server used to run WSGI (WebServerGatewayInterface) applications. This article will introduce how to use Gunicorn to deploy Flask applications, with
