When does Flask store the user's authentication?

I created this form:

<html>
<body>
<div>
    <form action="{{ url_for('login') }}" method="POST">
          <div class="row">
            <div>
              <input id="email" name="email" type="email" class="validate">
              <label for="email">Email</label>
            </div>
          </div>

          <div class="row">
            <div>
              <input id="password" type="password" name="password" class="validate">
              <label for="password">Password</label>
            </div>
          </div>

          <button type="submit" id="login" >Login</button>
        <br>
    </form>
<div>
</body>
</html>

and I have this Flask app that uses HTTPBasicAuth to do authentication.

#!flask/bin/python
from flask import Flask, jsonify, abort, request, make_response, url_for
from flask import render_template
from flask_httpauth import HTTPBasicAuth

#Needs: pip install flask-httpauth

app = Flask(__name__)
auth = HTTPBasicAuth()

@app.route('/', methods=['GET','POST'])
@auth.login_required
def login():
    print('in login')
    print(request.values.get('email'), request.values.get('password'))
    templateToReturn = 'login.html'
    if request.method == 'POST':
        print('in post')
        username = request.values.get('email')
        password = request.values.get('password')
        if verify_password(username, password):
            print('password verified')
            templateToReturn = 'index.html'
    print('Curr user', auth.current_user())
    print('request: ', request.method)
    if request.method == 'GET' and auth.current_user():
        templateToReturn = 'index.html'
    return render_template(templateToReturn)

@app.route('/logout')
def logout():
    return render_template('logout.html')

@auth.verify_password
def verify_password(email, password):
    print('in verify pwd')
    return verifyAuthentication(email, password)
    
def verifyAuthentication(email, password):
    knownUsers = {'p1@gmail.com': 'pass', 
                  'p2@yahoo.com': 'pass'}
    authenticated = False
    if email in knownUsers:
        if knownUsers[email] == password:
            authenticated = True
    return authenticated

When I click the submit button of the form, I'm taken to the login() function. But isn't there supposed to be some way that it should go to the verify_password() function because it's decorated with @auth.verify_password?

How exactly and in which part of the code does the user authentication get registered with Flask? By which I mean: When does the @auth.login_required decorator actually allow their corresponding decorated functions to get executed?

Even the official page of HTTPBasicAuth() didn't explain this with an HTML example. Could someone please explain by adding to my code.

1 answer

  • answered 2021-09-11 18:32 Dev AKS

    You forgot to add name attribute in your HTML input tag, so ideally it should be -

     <input id="email" name="email" type="email" class="validate" />
     <input id="password" name="password" type="password" class="validate" />
    

How many English words
do you know?
Test your English vocabulary size, and measure
how many words do you know
Online Test
Powered by Examplum