Menu
I'm building a RESTful API using Flask and currently have two pages (a login page and a index page).
The index page should only be accessible after a user has logged in.
Currently I have:
@app.route('/venue/login', methods=['GET', 'POST'])
def login():
error = None
if request.method == 'POST':
venue_owner_email = request.form['username']
venue_owner_password = request.form['password']
with contextlib.closing(DBSession()) as session:
try:
venue = session.query(Venue).filter_by(venue_owner_email=venue_owner_email).first()
if not venue or not pwd_context.verify(venue_owner_password, venue.venue_owner_password):
error = 'Invalid Credentials. Please try again.'
else:
return redirect(url_for('index'))
except exc.SQLAlchemyError, error:
session.rollback()
raise_database_error(error)
return render_template('login.html', error=error)
@app.route('/', methods = ['GET'])
def index():
return render_template('index.html')
Currently index.html is accessible through / but I only want it to be accessed via /venue/login and not directly from the browser.
If I use the decorator @auth.login_required, when the redirect occurs, the user has to re-enter their credentials. Is there a way to send the HTTP Authorisation Header when redirecting?
I also thought rather than use redirect, I might just use render_template but I don't know if this is the right way to do it.
Any help on how to properly go about this would be appreciated.
You can add a decorator to index.html that checks the referring url. If the referring url is /venue/login you should serve the page else return an error.
if request.referrer == <venue login url>:
# continue
else:
# return error message
186
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
