Flask 用户身份认证
项目代码见:GitHub - euansu123/FlaskMarket
前提条件
# flask-bcrypt 用户密码加密存储
pip install flask_bcrypt -i https://pypi.tuna.tsinghua.edu.cn/simple/
# flask提供的用户登录方法
pip install flask_login -i https://pypi.tuna.tsinghua.edu.cn/simple/
用户注册
后端方法:
@app.route("/register", methods=["GET", "POST"])
def register_page():form = RegisterForm()if form.validate_on_submit():# 创建用户user_to_create = User(username=form.username.data,email_address=form.email.data,password=form.password1.data)db.session.add(user_to_create)db.session.commit()print("用户{username}创建成功".format(username=form.username.data))return redirect(url_for('login_page'))if form.errors != {}:for err_msg in form.errors.values():print("{}".format(err_msg))flash(f"There was an error with creating account:{err_msg}", category="danger")return render_template("register.html", form=form)
模型方法:
# @property 获取用户密码属性
# @password.setter 设置用户密码
from market import bcrypt
class User(db.Model, UserMixin):id = db.Column(db.Integer(), primary_key=True)username = db.Column(db.String(length=30), nullable=False, unique=True)email_address = db.Column(db.String(length=50), nullable=False, unique=True)password_hash = db.Column(db.String(length=60), nullable=False)budget = db.Column(db.Integer(), nullable=False, default=1000)items = db.relationship('Item', backref='owned_user', lazy=True)
@propertydef password(self):return self.password
@password.setterdef password(self, plain_text_password):self.password_hash = bcrypt.generate_password_hash(plain_text_password).decode('utf-8')
前端页面:
{% extends "base.html" %}
{% block title%}
Register Page
{% endblock %}
{% block content%}
<body><div class="container"><form method="POST" class="form-register" style="color:white">{{ form.hidden_tag() }}<img class="mb-4" src="{{ url_for('static', filename='img/euansu.png') }}" style="width: 100px;height: 100px;margin-top: 30px;"/><h1 class="h3 mb-3 font-weight-normal">Please Create your Account</h1>
{{ form.username.label() }}{{ form.username(class="form-control", placeholder="User Name") }}
{{ form.email.label() }}{{ form.email(class="form-control", placeholder="Email Address") }}
{{ form.password1.label() }}{{ form.password1(class="form-control", placeholder="Password") }}
{{ form.password2.label() }}{{ form.password2(class="form-control", placeholder="Confirm Password") }}<br />{{form.submit(class="btn btn-lg btn-block btn-primary")}}</form></div>
</body>
{% endblock %}
页面实现:
用户注册,成功后跳转至登录页面
用户登录
后端方法:
from market.forms import LoginForm
from flask_login import login_user, login_required
# 需要登录后才能访问的页面,添加 login_required 装饰器
@app.route("/market")
@login_required
def market_page():items = Item.query.all()return render_template("market.html", items=items)
@app.route('/login', methods=['GET', 'POST'])
def login_page():form = LoginForm()if form.validate_on_submit():attempted_user = User.query.filter_by(username=form.username.data).first()if attempted_user and attempted_user.check_password_correction(attempted_password=form.password.data):login_user(attempted_user)flash(f'Success! You are logged in as: {attempted_user.username}', category='success')return redirect(url_for('market_page'))else:flash('Username and password are not match! Please try again', category='danger')return render_template('login.html', form=form)
# 这里用到了一个表单,需要实现在forms.py,也即你自己的表单文件中进行定义
from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, SubmitField
from wtforms.validators import Length, EqualTo, Email, DataRequired
class LoginForm(FlaskForm):username = StringField(label='User Name:', validators=[DataRequired()])password = PasswordField(label='Password:', validators=[DataRequired()])submit = SubmitField(label='Sign in')
模型文件也需要队用户对象做一些修改,否则直接使用 flask
自带的 login_user
会报如下的错误:
from market import db,login_manager
from market import bcrypt
from flask_login import UserMixin
# 添加如下内容
@login_manager.user_loader
def load_user(user_id):return User.query.get(int(user_id))
# User对象需要继承UserMixin类
class User(db.Model,UserMixin):id = db.Column(db.Integer(), primary_key=True)username = db.Column(db.String(length=30), nullable=False, unique=True)email_address = db.Column(db.String(length=50), nullable=False, unique=True)password_hash = db.Column(db.String(length=60), nullable=False)budget = db.Column(db.Integer(), nullable=False, default=1000)items = db.relationship('Item', backref='owned_user', lazy=True)
@propertydef password(self):return self.password
@password.setterdef password(self, plain_text_password):self.password_hash = bcrypt.generate_password_hash(plain_text_password).decode('utf-8')# 这里是用来判断用户输入的密码是否正确def check_password_correction(self, attempted_password):return bcrypt.check_password_hash(self.password_hash, attempted_password)
前端文件:
{% extends 'base.html' %}
{% block title %}Login Page
{% endblock %}
{% block content %}
<body><div class="container"><form method="POST" class="form-signin" style="color:white">{{ form.hidden_tag() }}<img class="mb-4" src="{{ url_for('static', filename='img/euansu.png') }}" style="width: 100px;height: 100px;margin-top: 30px;"/><h1 class="h3 mb-3 font-weight-normal">Please Login</h1><br>{{ form.username.label() }}{{ form.username(class="form-control", placeholder="User Name") }}
{{ form.password.label() }}{{ form.password(class="form-control", placeholder="Password") }}
<br><div class="checkbox mb-3"><h6>Do not have an account?</h6><a class="btn btn-sm btn-secondary" href="{{ url_for('register_page') }}">Register</a></div>
{{ form.submit(class="btn btn-lg btn-block btn-primary") }}
</form></div>
</body>
{% endblock %}
实现效果:
输入密码错误,页面报错。
输入密码正确,跳转进入 market
页面。
直接访问 market
页面报错,提示缺少所需要的用户信息。
注销登录
后端方法:
from flask_login import logout_user
@app.route('/logout')
def logout_page():logout_user()flash("You have been logged out!", category='info')return redirect(url_for("home_page"))
前端页面:
原来的 header
这里有 Login
和 Register
两个方法,这里修改一下,如果用户已经登录,这里修改为 Logout
,修改后的代码如下:
{% if current_user.is_authenticated %}
<ul class="navbar-nav"><li class="nav-item"><a class="nav-link" style="color: lawngreen; font-weight: bold"><i class="fas fa-coins"></i>{{ current_user.prettier_budget }}</a></li><li class="nav-item"><a class="nav-link">Welcome, {{ current_user.username }}</a></li><li class="nav-item"><a class="nav-link" href="{{ url_for('logout_page') }}">Logout</a></li>
</ul>
{% else %}
<ul class="navbar-nav"><li class="nav-item"><a class="nav-link" href="{{ url_for('login_page') }}">Login</a></li><li class="nav-item"><a class="nav-link" href="{{ url_for('register_page') }}">Register</a></li>
</ul>
{% endif %}
实现效果:
点击 Logout
调用 logout_page
方法,效果如下: