Flask-Login模块提供用户状态的管理功能。使用flask-login首先要获取一个loadmanager的实例。
1) 当用户登录以后,如果需要记录用户的状态则则可以调用 login_user函数记录当前登录的用户。
def login_user(user, remember=False, force=False, fresh=True): if not force and not user.is_active: return False user_id = getattr(user, current_app.login_manager.id_attribute)() session['user_id'] = user_id session['_fresh'] = fresh session['_id'] = _create_identifier() if remember: session['remember'] = 'set' _request_ctx_stack.top.user = user user_logged_in.send(current_app._get_current_object(), user=_get_user()) return True
login_user主要的作用就是将user的id加入到session中。getattr(user, current_app.login_manager.id_attribute)其实调用的就是user.get_id()方法所以在定义User类中需要定义get_id()方法。其实Flask-Login提供了一个UserMixin类,这个提供了
所有必要的方法和属性。可以使自定义的类继承这个类来满足需求。UserMixin的定义如下:
class UserMixin(object): if not PY2: # pragma: no cover # Python 3 implicitly set __hash__ to None if we override __eq__ # We set it back to its default implementation __hash__ = object.__hash__ @property def is_active(self): return True @property def is_authenticated(self): return True @property def is_anonymous(self): return False def get_id(self): try: return text_type(self.id) except AttributeError: raise NotImplementedError('No `id` attribute - override `get_id`') def __eq__(self, other): ''' Checks the equality of two `UserMixin` objects using `get_id`. ''' if isinstance(other, UserMixin): return self.get_id() == other.get_id() return NotImplemented def __ne__(self, other): ''' Checks the inequality of two `UserMixin` objects using `get_id`. ''' equal = self.__eq__(other) if equal is NotImplemented: return NotImplemented return not equal
2)当中某些操作需要用户登录的时候,就需要用到装饰器login_required。
@app.route('/post') @login_required def post(): pass
函数login_required:
def login_required(func): @wraps(func) def decorated_view(*args, **kwargs): if request.method in EXEMPT_METHODS: return func(*args, **kwargs) elif current_app.login_manager._login_disabled: return func(*args, **kwargs) elif not current_user.is_authenticated: return current_app.login_manager.unauthorized() return func(*args, **kwargs) return decorated_view
current_user是个函数对象最后调用的Login_Manager的_load_user函数,_load_user中调用了reload_user。
def reload_user(self, user=None): ctx = _request_ctx_stack.top if user is None: user_id = session.get('user_id') if user_id is None: ctx.user = self.anonymous_user() else: if self.user_callback is None: raise Exception( "No user_loader has been installed for this " "LoginManager. Add one with the " "'LoginManager.user_loader' decorator.") user = self.user_callback(user_id) if user is None: ctx.user = self.anonymous_user() else: ctx.user = user else: ctx.user = user
reload_user在Session中获取user的id,然后传入通过user_loader装饰器注册的回调函数,从这个回调中返回用户的实例。注册用户的回调方法如下:
@loginManager.user_loader def load_user(user_id): return User.query.get(int(user_id))
如果没有找到则返回一个AnonymousUserMixin的实例。
class AnonymousUserMixin(object): ''' This is the default object for representing an anonymous user. ''' @property def is_authenticated(self): return False @property def is_active(self): return False @property def is_anonymous(self): return True def get_id(self): return
如果user类继承自UserMixin则current_user.is_authenticated的值为Ture表示用户已经登录认证了。
flak-login管理登录认证的流程大致就如上所述