燒瓶登錄不會拒絕不活躍的用戶

Question

我正在構建一個python應用程序，我希望用戶最初被註冊爲非活動狀態，這樣我就可以通過切換存儲我的mongodb中的「活動」屬性單獨批准它們用戶。我遇到的問題是，將活動更改爲false似乎對用戶登錄的能力沒有任何影響。

這裏是我的用戶名和註冊路線：

@auth_flask_login.route("/login", methods=["GET", "POST"]) 
def login(): 
    if request.method == "POST" and "email" in request.form: 
     email = request.form["email"] 
     userObj = User() 
     user = userObj.get_by_email_w_password(email) 
     if user and flask_bcrypt.check_password_hash(user.password,request.form["password"]) and user.is_active(): 
      remember = request.form.get("remember", "no") == "yes" 

      if login_user(user, remember=remember): 
       print user.is_active 
       flash("Logged in!") 
       return redirect('/notes/create') 
      else: 
       error = "invalid user" 

    return render_template("/auth/login.html") 


@auth_flask_login.route("/register", methods=["GET","POST"]) 
def register(): 

    registerForm = forms.SignupForm(request.form) 
    current_app.logger.info(request.form) 

    if request.method == 'POST' and registerForm.validate() == False: 
     current_app.logger.info(registerForm.errors) 
     return "uhoh registration error" 

    elif request.method == 'POST' and registerForm.validate(): 
     email = request.form['email'] 

     # generate password hash 
     password_hash = flask_bcrypt.generate_password_hash(request.form['password']) 

     is_active = False 

     # prepare User 
     user = User(email,password_hash,is_active) 
     print user 

     try: 
      user.save() 

      flash("Please log in") 
      return redirect('/login') #redirect to the login page when 


     except: 
      flash("unable to register with that email address") 
      current_app.logger.error("Error on registration - possible duplicate emails") 

    # prepare registration form   
    templateData = { 

     'form' : registerForm 
    } 

    return render_template("/auth/register.html", **templateData)`enter code here` 

我的用戶模型：

class User(db.Document): 
    email = db.EmailField(unique=True) 
    password = db.StringField(default=True) 
    active = db.BooleanField(default=True) 
    isAdmin = db.BooleanField(default=False) 
    timestamp = db.DateTimeField(default=datetime.datetime.now()) 

    def is_authenticated(self): 
     return True 

    def is_active(self): 
     return self.active 

    def is_anonymous(self): 
     return False 

    def get_id(self): 
     return unicode(self.id) 

我感謝所有幫助。我一直堅持這幾個小時。

編輯：@auth_flask_login是我正在使用的藍圖。

Answer 1

據我所知，沒有裝飾者@auth_flask_login Flask登錄爲您提供。

你應該有像這樣對於不要求登錄的意見，並在下面特別的例子將是一個登錄頁面的情況：

@app.route('/login', ...) 
def login(...): 
    ... 
    some logic that goes for authentication 
    ... 
    login_user(user) # user is a User object and this should login the user. 
    ... 
    more stuff 
    ... 

閱讀有關login_user功能here。

和需要登錄的頁面：

@app.route('/some_page', ...) 
@login_required 
def someview(...): 
    ... 

你應該閱讀有關login_required

你可以閱讀更多關於這個here

編輯：

from flask.ext.login import current_user 

... 

@app.route('/some_page', ...) 
@login_required 
def someview(...): 
    ... 
    if not current_user.active: 
     ... # 403 or some redirect, what ever you intend 
    ... # Stuff that should happen if the user was indeed active