flask验证登录学习过程（1）---实践flask_jwt

flask_jwt应用代码：

from flask import Flask
from flask_jwt import JWT,jwt_required,current_identity
from werkzeug.security import safe_str_cmp
import json

class User(object):
    def __init__(self,id,username,password):
        self.id = id
    self.username = username
    self.password = password
    
    def __str__(self):
    return "User(id='%s')"% self.id

users = [
    User(1,'user1','abcxyz'),
    User(2,'user2','abcxyz'),
]
username_table = {u.username: u for u in users}
userid_table = {u.id: u for u in users}

def authenticate(username,password):
    user = username_table.get(username, None)
    if user and safe_str_cmp(user.password.encode('utf-8'),password.encode('utf-8')):
    return user

def identity(payload):
    user_id = payload['identity']
    return userid_table.get(user_id, None)

app = Flask(__name__)
app.debug = True
app.config['SECRET_KEY'] = 'super-secret'

jwt = JWT(app, authenticate, identity)

@app.route('/protected')
@jwt_required()
def protected():
    print "this protected is successed!!!"
    return '%s' % current_identity

if __name__ == '__main__':
    app.run(host='0.0.0.0',port=5000)

应用代码主要是根据官方文档来的

发送post请求（也可以用浏览器插件如postman来，但是我自己的用了插件总是报401错误，所以自己写请求试）

import requests
headers={
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
    "Accept-Encoding": "gzip,deflate, lzma, sdch",
    "Accept-Language": "zh-CN,zh;q=0.8",
    "Content-Type": "application/json",
    "Connection": "keep-alive",
    "Host": "localhost:5000",
    "pgrade-Insecure-Requests": "1",
    "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36 OPR/33.0.1990.43"
}
data = {
    "username":"user1",
    "password":"abcxyz"
}
url = 'http://127.0.0.1:5000/auth'
r = requests.post(url,data=data)

print r.json()

这个是发送请求，打印出返回的access-token

应该请求：

import requests
headers={
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
    "Accept-Encoding": "gzip,deflate, lzma, sdch",
    "Accept-Language": "zh-CN,zh;q=0.8",
    "Content-Type": "application/json",
    "Connection": "keep-alive",
    "Host": "localhost:5000",
    "pgrade-Insecure-Requests": "1",
    "Authorization": u"JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZGVudGl0eSI6MSwiaWF0IjoxNTE1NjYzNzY2LCJuYmYiOjE1MTU2NjM3NjYsImV4cCI6MTUxNTY2NDA2Nn0.2Ij36x46dfPLnAWGcdJDc-mC0GO6Q6EcMGul7YE3my4", #应用请求到的token信息
    "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36 OPR/33.0.1990.43"
}
data = {
    "username":"user1",
    "password":"abcxyz"
}
url = 'http://127.0.0.1:5000/protected'
r = requests.get(url,headers=headers,data=data) #请求时，需要加headers，请求方法可以自己定义，但是官方文档上protected路径的请求方法好像默认为get,在定义时改为post方法，并在此处发post请求时，依然报405错误

print r.json()

会在服务端看到200的状态码，请求成功

 

总结：当然这个学习过程也不是一帆风顺的，例如

发送请求之后，一直报“”nonetype“”错误，说对象没有get属性，
经过排查发现，是获取到请求数据为空，然后自己在源码上修改为data=request.form.to_dict()
直接将请求的数据获取到，然后才请求成功生成access-token。

当然这个过程是实现了，，，但是还有很多的疑问没有弄的非常清楚，在问光耀问题的时候，
听光耀说，这个是因为自己对HTTP的基本原理不熟悉，还需要加强这一块的基础知识。所以今天特意买了书
希望能补上自己这块的不足之处。