python – Flask-HTTPAuth verify_password函数未接收用户名或密码
作者:互联网
当我尝试使用@ auth.login_required装饰器访问路由时,系统会提示我输入我的用户名和密码.输入此信息后,verify_password函数的参数username_or_token和密码为”.为什么数据是空的?
@auth.verify_password
def verify_password(username_or_token, password):
# first try to authenticate by token
user = USER.verify_auth_token(username_or_token)
logger.debug("user = %r", user)
logger.debug("Entered USEREMAIL = %r" , username_or_token)
logger.debug("entered password = %r" , password)
if not user:
# try to authenticate with username/password
user = session.query(USER).filter_by(USEREMAIL=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
UPDATE
我已将代码简化为:
@auth.verify_password
def verify_password(username, password):
logger.debug("username = %s" % username)
logger.debug("password = %s" % password)
return true
@app.route('/api/token')
@auth.login_required
def get_auth_token():
return "Hello, %s!" % auth.username()
我正在使用Advanced Rest Client测试此功能.
HTTP://本地主机:8081 / MyApp的/ API /令牌
我还附上了一个Authorization标头.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Authorization: Basic YXNkOmFzZA==
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh-TW;q=0.4
这导致输出:
你好, !
日志文件:
username =
password =
我也从未被提示输入我的安全凭证.
另一个奇怪的事情是,即使我在verify_password中将return更改为false,我仍然得到相同的输出:Hello ,!
解决方法:
我经历过与OP相似的经历.如果您使用mod_wsgi运行,请确保将WSGIPassAuthorization On设置为documented here.
标签:python,flask,http-authentication,flask-httpauth 来源: https://codeday.me/bug/20190612/1223212.html