flask的登陆验证

from flask import Blueprint, request, render_template,redirect, url_for
from flask_login import login_user, logout_user
from App.model.models import User

api = Blueprint("user", __name__, url_prefix='')

@api.route("/login", methods=['GET', "POST"])
def login():
    if request.method == "GET":
        return render_template("login.html")

    else:
        username = request.form.get("username")
        password = request.form.get("password")
        if username is None or username == "":
            return render_template("login.html", message="用户名不能为空")

        if password is None or password == "":
            return render_template("login.html", message="密码不能为空")
        print("username:{}".format(username))
        print("password:{}".format(password))

        print(User.query.all())
        user = User.query.filter(User.username == username).first()

        if user is None:
            return render_template("login.html", message="该用户不存在")
        if user.password != password:
            return render_template("login.html", password="密码不正确")
        login_user(user)
        next = request.args.get("next")
        if next is None or next == "":
            return redirect(url_for('shop.shoplist'))
        return redirect(next)


@api.route("/logout")
def logout():
    logout_user()
    return redirect("/login")


@api.route("/")
def index():
    return redirect("/shop/list")