Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/maxcountryman/flask-login

Flask user session management.
https://github.com/maxcountryman/flask-login

authentication login-system session-management

Last synced: 11 days ago
JSON representation

Flask user session management.

Awesome Lists containing this project

README 

        
# Flask-Login



Flask-Login provides user session management for [Flask][]. It handles the common

tasks of logging in, logging out, and remembering your users' sessions over

extended periods of time.



Flask-Login is not bound to any particular database system or permissions

model. The only requirement is that your user objects implement a few methods,

and that you provide a callback to the extension capable of loading users from

their ID.



Read the documentation at .



[Flask]: https://flask.palletsprojects.com



## A Basic Example



Let's walk through setting up a basic application. Note that this is a very basic guide:

we will be taking shortcuts here that you should never take in a real application.



To begin we'll set up a Flask app and a `LoginManager` from Flask-Login.



```python

import flask

import flask_login



app = flask.Flask(__name__)

app.secret_key = "super secret string"  # Change this!



login_manager = flask_login.LoginManager()

login_manager.init_app(app)

```



To keep things simple we're going to use a basic `User` class and a dictionary to

represent a database of users. In a real application, this would be an actual

persistence layer. However, it's important to point out this is a feature of

Flask-Login: it doesn't care how your data is stored so long as you tell it how to

retrieve it!



```python

class User(flask_login.UserMixin):

    def __init__(self, email, password):

        self.id = email

        self.password = password



users = {"leafstorm": User("leafstorm", "secret")}

```



We also need to tell the login manager how to load a user from a request by defining its

`user_loader` callback. If no user is found it returns `None`.



```python

@login_manager.user_loader

def user_loader(id):

    return users.get(id)

```



Now we're ready to define our views. The login view will populate the session with

authentication info. The protected view will only be avialble to authenticated users;

visiting it otherwise will show an error. The logout view clearing the session.



```python

@app.get("/login")

def login():

    return """

      Email: 


      Password: 


      Log In

    """



@app.post("/login")

def login():

    user = users.get(flask.request.form["email"])



    if user is None or user.password != flask.request.form["password"]:

        return flask.redirect(flask.url_for("login"))



    flask_login.login_user(user)

    return flask.redirect(flask.url_for("protected"))



@app.route("/protected")

@flask_login.login_required

def protected():

    return flask.render_template_string(

        "Logged in as: {{ user.id }}",

        user=flask_login.current_user

    )



@app.route("/logout")

def logout():

    flask_login.logout_user()

    return "Logged out"

```