The Flask Mega-Tutorial Part V: User Logins

Password Hashing

Werkzeug:实现密码哈希的包

from werkzeug.security import generate_password_hash
hash = generate_password_hash('foobar')
由hash是无法能到'foobard ,且相同字符串多次hash也是不同的。

验证密码hash

from werkzeug.security import check_passwork_hash
check_password_hash(hash,'foobar')

现在在models.py的User类里添加两方法,分别实现hash密码和验证密码是否hash

from werkzeug.security import generate_password_hash,check_password_hash

class User(db.Model):
    def set_password(self,password):
        self.password_hash = generate_password_hash(password)
        
    def check_password(self,password):
        return  check_password_hash(self.password_hash,password)

测试代码

u = User(username='susan',email='susan@example.com')
u.set_password('mypassword')
u.check_password('anotherpassword')
u.check_password('mypassword')

Flask_Login

FLask_Login用于管理使用者登录状态,使得使用者可以登录,使用应用。

#__init__.py添加
from flask_login import login_manager
login = login_manager(app)

Preparing The User Model for Flask-Login

Flask-Login extension用于应用的User model,该扩展包有一些非常棒的内置方法,不过需要一些items添加道model,
The four required items ard listed below:
1.is_authenticated:#user has valid credentials
2.is_active #user's accout is active or not
3.is_anonymous:a property that is False for regular users,and True for a special ,anonymous user(匿名)
4.get_id():返回一个独一的identifier
Flask-login 提供了一个mixin类,UserMixin,实现了上述方法,下面把mixin class 加到model里

User Loader Function

Flask-Login仅知道数据库信息,因此,在读取user时需要应用的帮助。所以,我们需要配置一个user loader function,该函数可以通过ID读取相应的user,该函数加在models.py模块

from app import login
# ...
@login.user_loader
def loader_user(id):#此处id是string
    return User.query.get(int(id))#use numberic IDs need to  convert the string to integer

Logging Users In

现在应用已经有入口去取得user database 里的信息了,下面完善视图函数
current_user可以在任意时候使用去获得当前用户

#routes.py Login vier function logic
from flask_login import current_user,login_user
from app.models import User

#...


@app.route('/login', methods=['GET', 'POST'])
def login():
#设想一下有个User已经登录了,该User打开login页面,该if将为true,并返回到主页'/index'
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    form = LoginForm()#创建登录表格对象
    if form.validate_on_submit():#提交登录
        user =User.query.filter_by(username=form.username.data).first()#查询数据库是否有user(form.username.data)
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password')
            return redirect(url_for('login'))
        login_user(user, remember=form.remember_me.data)#Flask-Login的一个函数,This function will register the user as logged in .(user变成登录状态,那么当前user就有权限跳转到任意页面)
        return redirect(url_for('index'))
    return render_template('login.html', title='Sign In', form=form)

Logging Users Out

#routes.py 
from flask_login import logout_user

@app.route('/logout')
def logout():
    logout_user()
    return redirect(url_for('index'))

修改base.html,使得当user登录后,有个链接跳转到退出登录

<div>
    Mircroblog:
    <a href="{{(url_for('index'))}}">Home</a>
    {% if current_user.is_anonymous%}#it will be true only when the user is not logged in 
    <a href="{{(url_for('login'))}}">Login</a>
    {% else %}
    <a href="{{(url_for('logout'))}}">Logout</a>
    {% endif %}
</div>

Requiring Users To Login

Flask-Login提供了一个非常有用的特征:
如果user没有登录而尝试去登录受保护的网页,Flask-login会自动重定向到login form。为了实现该特征,Flask_Login需要知道哪个视图函数处理logins.这可以在__init__.py添加:

login = LoginManager(app)
login.login_view = 'login'  #'login'是login视图函数名称。即若没登录的话会自动跳转到'/login'

被装饰器@login_required装饰的视图函数(URL)必须登录才能使用

#routes.py
from flask_login import login_required

@app.route('/')
@app.route('/index')
@login_required
def index():
    #...

登录成功后跳转到next页面

from flask import request
from werkzeug.urls import url_parse

@app.route('/login', methods=['GET', 'POST'])
def login():
    # ...
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password')
            return redirect(url_for('login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('index')
        return redirect(next_page)
    # ...
#url_parse 解析该URL是相对还是绝对路径。

Showing The Logged In User in Templates

#index.html
{% block content %}
    <h1>Hi, {{ current_user.username }}! </h1>
    {% for post in posts %}
    <div><p>{{ post.author.username }} says: <b>{{ post.body }}</b></p<>/div>
    {% endfor %}
{% endblock%}

此时可以把user模块里的一些内容替换掉,实现真正的user

@app.route('/')
@app.route('/index')
def index():
    #...
    return render_template("index.html",title='Home Page',posts=posts )

#在venv环境,python环境下注册一user:
u = User(username = 'susan',email = 'susan@example.com')
u.set_password('cat')
db.session.add(u)
db.session.commit()

User Registration

from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, BooleanField, SubmitField
from wtforms.validators import ValidationError, DataRequired, Email, EqualTo
from app.models import User

# ...

class RegistrationForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired()])
    email = StringField('Email', validators=[DataRequired(), Email()])
    #Email(),必须Emial结构
    password = PasswordField('Password', validators=[DataRequired()])
    password2 = PasswordField(
        'Repeat Password', validators=[DataRequired(), EqualTo('password')])
    submit = SubmitField('Register')

    def validate_username(self, username):
        user = User.query.filter_by(username=username.data).first()
        if user is not None:
            raise ValidationError('Please use a different username.')

    def validate_email(self, email):
        user = User.query.filter_by(email=email.data).first()
        if user is not None:
            raise ValidationError('Please use a different email address.')

#当你添加了任意方法(这些方法匹配该模式:validate_<field_nane>),WTForms会自动把它们添加为校验代码。
在本程序中,这两个方法分别验证输入的用户名和邮箱是否已存在数据库,是的话将会提示验证错误

添加模板

#register.html
{% extends "base.html" %}

{% block content %}
    <h1>Register</h1>
    <form action="" method="post">
        {{ form.hidden_tag() }}
        <p>
            {{ form.username.label }}<br>
            {{ form.username(size=32) }}<br>
            {% for error in form.username.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>
            {{ form.email.label }}<br>
            {{ form.email(size=64) }}<br>
            {% for error in form.email.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>
            {{ form.password.label }}<br>
            {{ form.password(size=32) }}<br>
            {% for error in form.password.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>
            {{ form.password2.label }}<br>
            {{ form.password2(size=32) }}<br>
            {% for error in form.password2.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>{{ form.submit() }}</p>
    </form>
{% endblock %}

添加视图函数

#routes.py
from app import db
from app.forms import RegistrationForm

#...

@app.route('/register',methods=['GET','POST'])
def register():
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    form = RegistrationForm()
    if form.validate_on_submit():
        user = User(username = form.username.data,email = form.email.data)
        user.set_password(form.password.data)
        db.session.add(user)
        db.session.commit()
        flash('COngratulation,you are now a registered user')
        return redirect(url_for('login'))
    return render_template('register.html',title='Register',form = form)
posted @ 2018-02-10 22:56  blog_hfg  阅读(183)  评论(0)    收藏  举报