From gergely at polonkai.eu  Mon Feb  7 13:53:09 2022
From: gergely at polonkai.eu (Gergely Polonkai)
Date: Mon, 7 Feb 2022 19:53:09 +0100
Subject: [Flask] Confused by an unexpected route-to-function mapping
In-Reply-To: <CANc-5UyT11mUDj45trbWhBzZPMa4kpBWt=SMrd0tUCxGkMoYuw@mail.gmail.com>
References: <CANc-5UyT11mUDj45trbWhBzZPMa4kpBWt=SMrd0tUCxGkMoYuw@mail.gmail.com>
Message-ID: <CACczBUJQ5OZhDCtyeyAv7+Rjwjhd-Y8UBph3jOQR3_BZE4MLeg@mail.gmail.com>

Hello,

i think the problem is that the URL part you intend to be used as the
filename contains a slash. Unless explicitly told to @route, it doesn?t
match anything after a slash is found

To avoid this, you should use the path: modifier in the rule:

@app.route('/<int:month>/<int:year>/<path:filename>')

Best,
Gergely

On Mon, 27 Dec 2021, 12:33 Skip Montanaro, <skip.montanaro at gmail.com> wrote:

> I'm returning to Flask after several years away (and never having done
> much of any significance with it before). I'm having trouble with the
> mapping between routes and the functions which handle them.
>
> I have two functions, each of which is meant to handle a number of related
> routes. The first is just supposed to normalize things and do a permanent
> redirect to the second
>
> @app.route('/<int:year>-<int:month>/html/<filename>')
> @app.route('/CR/<int:year>-<int:month>/html/<filename>')
> @app.route('/<int:year>-<int:month>')
> @app.route('/<int:year>-<int:month>/<filename>')
> def old_cr_month(year, month, filename="index.html"):
>     print(">> old_cr_month:", year, month, filename)
>
>     raise Exception
>
>     return redirect(url_for("cr", year=year, month=month,
>                             filename=filename),
>                     code=301)
>
>
> @app.route("/CR")
> @app.route("/CR/")
> @app.route('/CR/<int:year>/<int:month>')
> @app.route('/CR/<int:year>/<int:month>/<filename>')
> def cr(year=None, month=None, filename="index.html"):
>     print(">> cr:", year, month, filename)
>     ...
>
>
> When I visit this URL:
>
> http://super.secret.website/CR/2000-09/html/maillist.html
>
>
> old_cr_month is called, as I expect. Its print function is called and the
> embedded exception is raised.
>
> When I visit this URL:
>
> http://super.secret.website/CR/2000-09/html/threads.html
>
>
> the old_cr_month handler isn't called. Instead, the cr function is
> enlisted to handle the request and its print function is called.
> Strangely, it does seem to get year, month and filename correct. This
> despite none of the defined routes for cr having URL templates with either
> the year-month form or an embedded html directory in the middle.
>
> When I dump the app object in the debugger the displayed url_map looks to
> me like old_cr_month should have handled the URL (my candidate route
> mapping highlighted in red).
>
> Map([<Rule '/hello' (HEAD, OPTIONS, GET) -> hello>,
>  <Rule '/CR/' (HEAD, OPTIONS, GET) -> cr>,
>  <Rule '/CR' (HEAD, OPTIONS, GET) -> cr>,
>  <Rule '/' (HEAD, OPTIONS, GET) -> index>,
>  <Rule '/CR/<year>-<month>/html/<filename>' (HEAD, OPTIONS, GET) ->
> old_cr_month>,
>  <Rule '/<year>-<month>/html/<filename>' (HEAD, OPTIONS, GET) ->
> old_cr_month>,
>  <Rule '/static/<filename>' (HEAD, OPTIONS, GET) -> static>,
>  <Rule '/CR/<year>/<month>/<msg>' (HEAD, OPTIONS, GET) -> cr_message>,
>  <Rule '/CR/<year>/<month>/<filename>' (HEAD, OPTIONS, GET) -> cr>,
>  <Rule '/CR/<year>/<month>' (HEAD, OPTIONS, GET) -> cr>,
>  <Rule '/<year>-<month>/<filename>' (HEAD, OPTIONS, GET) -> old_cr_month>,
>  <Rule '/<year>-<month>' (HEAD, OPTIONS, GET) -> old_cr_month>])
>
>
> Here's my setup:
>
> $ flask --version
> Python 3.10.1
> Flask 2.0.2
> Werkzeug 2.0.2
>
>
> I'm running in an Ubuntu 20.04 VM.
>
> What am I missing about routes here? How can two so similarly structured
> URLs be mapped to different handler functions? Is there something I can do
> to dig into the URL-to-handler mapping process?
>
> Thx,
>
> Skip Montanaro
>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/flask/attachments/20220207/5ec81f66/attachment.html>

From knecht.stefan at gmail.com  Thu Feb 24 03:49:29 2022
From: knecht.stefan at gmail.com (Stefan Knecht)
Date: Thu, 24 Feb 2022 15:49:29 +0700
Subject: [Flask] Stuck with @login_required which breaks our app
Message-ID: <CAP50yQ9pXT7axYk8J+5-VimwhL16W4giFiuuYGRzKPw=v7P29A@mail.gmail.com>

Hello all

I'm hoping to end a week-long struggle by reaching out here.

We've been evaluating and testing building flask apps to give our vast
python command line tool arsenal a face lift.

I've got the basics working with coreUI for templates and flask doing the
core functionality. Or well, so it should.

I've been following tutorials and the documentation, and as far as I can
tell, we're doing everything correctly - yet it doesn't work anymore, as
soon as I make use of @login_required.

This is our routes.py:

from app.home import blueprint
from app.base.forms import LoginForm, CreateAccountForm

from flask import Flask, current_app, render_template, redirect, url_for,
request, jsonify, session
from flask_login import LoginManager, login_required, current_user,
login_user, logout_user

from app import login_manager
from app.base.models import User

app = Flask(__name__)

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'home_blueprint.login'


@login_manager.user_loader
def load_user(user_id):
  print(f"User loader {user_id}")
  return User.get(user_id)

@blueprint.route('/index')
def index():
  print("Index")
  return render_template('index.html')

@blueprint.route('/contents')
@login_required
def contents():
  print("Contents")
  return ('hello', 200)


@blueprint.route('/login', methods=['GET', 'POST'])
def login():

  print(f"HEADER {request.headers}")

  login_form = LoginForm(request.form)
  if 'login' in request.form:

    # read form data
    username = request.form['username']
    password = request.form['password']


  if not current_user.is_authenticated:
    return render_template( 'accounts/login.html', form=login_form)
  return redirect(url_for('home_blueprint.index'))

If I remove @login_required from the /contents route, everything works
fine. As soon as I add it there (or anywhere else for that matter) we get
nothing but 401 Unauthorized.

This is what we use:

$ pip3 list | grep -i flask
Flask                  1.1.1
Flask-Bootstrap        3.3.7.1
Flask-Ext              0.1
flask-ldap-login       0.3.0
flask-ldap3-login      0.9.16
Flask-Login            0.5.0
Flask-Migrate          2.5.3
flask-nav              0.6
Flask-Session          0.3.2
Flask-SimpleLDAP       1.4.0
Flask-SQLAlchemy       2.4.4
Flask-WTF              0.14.3

Any hint would be greatly appreciated. The head hurts, the wall's already
got a big hole in it.


Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/flask/attachments/20220224/4a0a6903/attachment.html>

From knecht.stefan at gmail.com  Thu Feb 24 04:07:20 2022
From: knecht.stefan at gmail.com (Stefan Knecht)
Date: Thu, 24 Feb 2022 16:07:20 +0700
Subject: [Flask] Stuck with @login_required which breaks our app
In-Reply-To: <CANvLQy3NL5yhg-EC9S4n+KXqA_9RA0bu3=PQ5uQ=eR8b1W_kyw@mail.gmail.com>
References: <CAP50yQ9pXT7axYk8J+5-VimwhL16W4giFiuuYGRzKPw=v7P29A@mail.gmail.com>
 <CANvLQy3NL5yhg-EC9S4n+KXqA_9RA0bu3=PQ5uQ=eR8b1W_kyw@mail.gmail.com>
Message-ID: <CAP50yQ_pxY-oSJHOnsG-KJ2iiP=ZMKTRagAHHi9gRSwrBOuCPg@mail.gmail.com>

Thanks for the feedback Yahir

We're not even getting that far - the redirect to /login never happens. We
just get 401 Unauthorized when we try to access anything that's protected
behind @login_required (e.g. /contents)



On Thu, Feb 24, 2022 at 3:57 PM Yahir Amat <yahir.amat at gmail.com> wrote:

> Hey Stefan,
>
> You need to login in the user to flask login manager. That will create a
> cookie and session.
>
> Login Example
> <https://flask-login.readthedocs.io/en/latest/#login-example>
>
> Once a user has authenticated, you log them in with the login_user
> <https://flask-login.readthedocs.io/en/latest/#flask_login.login_user>
>  function.
>
> For example:
>
> @app.route('/login', methods=['GET', 'POST'])def login():
>     # Here we use a class of some kind to represent and validate our
>     # client-side form data. For example, WTForms is a library that will
>     # handle this for us, and we use a custom LoginForm to validate.
>     form = LoginForm()
>     if form.validate_on_submit():
>         # Login and validate the user.
>         # user should be an instance of your `User` class
>         login_user(user)
>
>         flask.flash('Logged in successfully.')
>
>         next = flask.request.args.get('next')
>         # is_safe_url should check if the url is safe for redirects.
>         # See http://flask.pocoo.org/snippets/62/ for an example.
>         if not is_safe_url(next):
>             return flask.abort(400)
>
>         return flask.redirect(next or flask.url_for('index'))
>     return flask.render_template('login.html', form
>
>
> On Thu, Feb 24, 2022 at 3:49 AM Stefan Knecht <knecht.stefan at gmail.com>
> wrote:
>
>> Hello all
>>
>> I'm hoping to end a week-long struggle by reaching out here.
>>
>> We've been evaluating and testing building flask apps to give our vast
>> python command line tool arsenal a face lift.
>>
>> I've got the basics working with coreUI for templates and flask doing the
>> core functionality. Or well, so it should.
>>
>> I've been following tutorials and the documentation, and as far as I can
>> tell, we're doing everything correctly - yet it doesn't work anymore, as
>> soon as I make use of @login_required.
>>
>> This is our routes.py:
>>
>> from app.home import blueprint
>> from app.base.forms import LoginForm, CreateAccountForm
>>
>> from flask import Flask, current_app, render_template, redirect, url_for,
>> request, jsonify, session
>> from flask_login import LoginManager, login_required, current_user,
>> login_user, logout_user
>>
>> from app import login_manager
>> from app.base.models import User
>>
>> app = Flask(__name__)
>>
>> login_manager = LoginManager()
>> login_manager.init_app(app)
>> login_manager.login_view = 'home_blueprint.login'
>>
>>
>> @login_manager.user_loader
>> def load_user(user_id):
>>   print(f"User loader {user_id}")
>>   return User.get(user_id)
>>
>> @blueprint.route('/index')
>> def index():
>>   print("Index")
>>   return render_template('index.html')
>>
>> @blueprint.route('/contents')
>> @login_required
>> def contents():
>>   print("Contents")
>>   return ('hello', 200)
>>
>>
>> @blueprint.route('/login', methods=['GET', 'POST'])
>> def login():
>>
>>   print(f"HEADER {request.headers}")
>>
>>   login_form = LoginForm(request.form)
>>   if 'login' in request.form:
>>
>>     # read form data
>>     username = request.form['username']
>>     password = request.form['password']
>>
>>
>>   if not current_user.is_authenticated:
>>     return render_template( 'accounts/login.html', form=login_form)
>>   return redirect(url_for('home_blueprint.index'))
>>
>> If I remove @login_required from the /contents route, everything works
>> fine. As soon as I add it there (or anywhere else for that matter) we get
>> nothing but 401 Unauthorized.
>>
>> This is what we use:
>>
>> $ pip3 list | grep -i flask
>> Flask                  1.1.1
>> Flask-Bootstrap        3.3.7.1
>> Flask-Ext              0.1
>> flask-ldap-login       0.3.0
>> flask-ldap3-login      0.9.16
>> Flask-Login            0.5.0
>> Flask-Migrate          2.5.3
>> flask-nav              0.6
>> Flask-Session          0.3.2
>> Flask-SimpleLDAP       1.4.0
>> Flask-SQLAlchemy       2.4.4
>> Flask-WTF              0.14.3
>>
>> Any hint would be greatly appreciated. The head hurts, the wall's already
>> got a big hole in it.
>>
>>
>> Stefan
>>
>>
>>
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>

-- 
//
zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!
Visit us at zztat.net | @zztat_oracle | fb.me/zztat | zztat.net/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/flask/attachments/20220224/a0f4f1af/attachment-0001.html>

From davidnieder at gmx.de  Fri Feb 25 04:51:07 2022
From: davidnieder at gmx.de (David Nieder)
Date: Fri, 25 Feb 2022 10:51:07 +0100
Subject: [Flask] Stuck with @login_required which breaks our app
In-Reply-To: <CAP50yQ9pXT7axYk8J+5-VimwhL16W4giFiuuYGRzKPw=v7P29A@mail.gmail.com>
References: <CAP50yQ9pXT7axYk8J+5-VimwhL16W4giFiuuYGRzKPw=v7P29A@mail.gmail.com>
Message-ID: <45d5d396-247b-4fb2-9ad2-6e25c5bcf670@gmx.de>

Hello Stefan,

I took your code and put together a minimal example but I could not
reproduce your error: the redirect always happens for me.
Looking at the code of Flask-Login, it seems to me that the only time
401 is returned is if login_view is not set. Maybe look at that
again? But with your other dependencies there could be more going on.

So the only tip I can give is: check if Flask-Login works with a
stripped-down version of your code and add components back in.
Here is what I used:

from flask import Flask, request
from flask_login import LoginManager, login_required, current_user,
UserMixin

app = Flask(__name__)
app.secret_key = '123456'

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'


@login_manager.user_loader
def load_user(user_id):
   return UserMixin

@app.route('/index')
def index():
   return 'the index page'

@app.route('/contents')
@login_required
def contents():
   return 'the content page'

@app.route('/login', methods=['GET', 'POST'])
def login():
   if not current_user.is_authenticated:
     return 'current_user not authenticated'
   return 'current_user authenticated'



Good luck
David

P.S. there is flask community on discord which is a lot more active than
this list. Maybe you can find more help there.
https://discord.gg/pallets



On 24.02.22 09:49, Stefan Knecht wrote:
 > Hello all
 >
 > I'm hoping to end a week-long struggle by reaching out here.
 >
 > We've been evaluating and testing building flask apps to give our vast
 > python command line tool arsenal a face lift.
 >
 > I've got the basics working with coreUI for templates and flask doing the
 > core functionality. Or well, so it should.
 >
 > I've been following tutorials and the documentation, and as far as I can
 > tell, we're doing everything correctly - yet it doesn't work anymore, as
 > soon as I make use of @login_required.
 >
 > This is our routes.py:
 >
 > from app.home import blueprint
 > from app.base.forms import LoginForm, CreateAccountForm
 >
 > from flask import Flask, current_app, render_template, redirect, url_for,
 > request, jsonify, session
 > from flask_login import LoginManager, login_required, current_user,
 > login_user, logout_user
 >
 > from app import login_manager
 > from app.base.models import User
 >
 > app = Flask(__name__)
 >
 > login_manager = LoginManager()
 > login_manager.init_app(app)
 > login_manager.login_view = 'home_blueprint.login'
 >
 >
 > @login_manager.user_loader
 > def load_user(user_id):
 >    print(f"User loader {user_id}")
 >    return User.get(user_id)
 >
 > @blueprint.route('/index')
 > def index():
 >    print("Index")
 >    return render_template('index.html')
 >
 > @blueprint.route('/contents')
 > @login_required
 > def contents():
 >    print("Contents")
 >    return ('hello', 200)
 >
 >
 > @blueprint.route('/login', methods=['GET', 'POST'])
 > def login():
 >
 >    print(f"HEADER {request.headers}")
 >
 >    login_form = LoginForm(request.form)
 >    if 'login' in request.form:
 >
 >      # read form data
 >      username = request.form['username']
 >      password = request.form['password']
 >
 >
 >    if not current_user.is_authenticated:
 >      return render_template( 'accounts/login.html', form=login_form)
 >    return redirect(url_for('home_blueprint.index'))
 >
 > If I remove @login_required from the /contents route, everything works
 > fine. As soon as I add it there (or anywhere else for that matter) we get
 > nothing but 401 Unauthorized.
 >
 > This is what we use:
 >
 > $ pip3 list | grep -i flask
 > Flask                  1.1.1
 > Flask-Bootstrap        3.3.7.1
 > Flask-Ext              0.1
 > flask-ldap-login       0.3.0
 > flask-ldap3-login      0.9.16
 > Flask-Login            0.5.0
 > Flask-Migrate          2.5.3
 > flask-nav              0.6
 > Flask-Session          0.3.2
 > Flask-SimpleLDAP       1.4.0
 > Flask-SQLAlchemy       2.4.4
 > Flask-WTF              0.14.3
 >
 > Any hint would be greatly appreciated. The head hurts, the wall's already
 > got a big hole in it.
 >
 >
 > Stefan
 >
 >
 > _______________________________________________
 > Flask mailing list
 > Flask at python.org
 > https://mail.python.org/mailman/listinfo/flask