烧瓶登录不会拒绝不活跃的用户

Question

我正在构建一个python应用程序，我希望用户最初被注册为非活动状态，这样我就可以通过切换存储我的mongodb中的“活动”属性单独批准它们用户。我遇到的问题是，将活动更改为false似乎对用户登录的能力没有任何影响。

这里是我的用户名和注册路线：

@auth_flask_login.route("/login", methods=["GET", "POST"]) 
def login(): 
    if request.method == "POST" and "email" in request.form: 
     email = request.form["email"] 
     userObj = User() 
     user = userObj.get_by_email_w_password(email) 
     if user and flask_bcrypt.check_password_hash(user.password,request.form["password"]) and user.is_active(): 
      remember = request.form.get("remember", "no") == "yes" 

      if login_user(user, remember=remember): 
       print user.is_active 
       flash("Logged in!") 
       return redirect('/notes/create') 
      else: 
       error = "invalid user" 

    return render_template("/auth/login.html") 


@auth_flask_login.route("/register", methods=["GET","POST"]) 
def register(): 

    registerForm = forms.SignupForm(request.form) 
    current_app.logger.info(request.form) 

    if request.method == 'POST' and registerForm.validate() == False: 
     current_app.logger.info(registerForm.errors) 
     return "uhoh registration error" 

    elif request.method == 'POST' and registerForm.validate(): 
     email = request.form['email'] 

     # generate password hash 
     password_hash = flask_bcrypt.generate_password_hash(request.form['password']) 

     is_active = False 

     # prepare User 
     user = User(email,password_hash,is_active) 
     print user 

     try: 
      user.save() 

      flash("Please log in") 
      return redirect('/login') #redirect to the login page when 


     except: 
      flash("unable to register with that email address") 
      current_app.logger.error("Error on registration - possible duplicate emails") 

    # prepare registration form   
    templateData = { 

     'form' : registerForm 
    } 

    return render_template("/auth/register.html", **templateData)`enter code here` 

我的用户模型：

class User(db.Document): 
    email = db.EmailField(unique=True) 
    password = db.StringField(default=True) 
    active = db.BooleanField(default=True) 
    isAdmin = db.BooleanField(default=False) 
    timestamp = db.DateTimeField(default=datetime.datetime.now()) 

    def is_authenticated(self): 
     return True 

    def is_active(self): 
     return self.active 

    def is_anonymous(self): 
     return False 

    def get_id(self): 
     return unicode(self.id) 

我感谢所有帮助。我一直坚持这几个小时。

编辑：@auth_flask_login是我正在使用的蓝图。

Answer 1

据我所知，没有装饰者@auth_flask_login Flask登录为您提供。

你应该有像这样对于不要求登录的意见，并在下面特别的例子将是一个登录页面的情况：

@app.route('/login', ...) 
def login(...): 
    ... 
    some logic that goes for authentication 
    ... 
    login_user(user) # user is a User object and this should login the user. 
    ... 
    more stuff 
    ... 

阅读有关login_user功能here。

和需要登录的页面：

@app.route('/some_page', ...) 
@login_required 
def someview(...): 
    ... 

你应该阅读有关login_required

你可以阅读更多关于这个here

编辑：

from flask.ext.login import current_user 

... 

@app.route('/some_page', ...) 
@login_required 
def someview(...): 
    ... 
    if not current_user.active: 
     ... # 403 or some redirect, what ever you intend 
    ... # Stuff that should happen if the user was indeed active