[Flask] Unable to set current_user.authenticated to True
Gergely Polonkai
gergely at polonkai.eu
Thu Jul 4 00:25:40 EDT 2019
No, modifying current_user directly is not possible (at least it wonʼt
propagate outside the function). current_user is a proxy object that points
to the logged in user in the current request. If you assign a different
value to it, its proxy nature goes away which is definitely not what you
want: in extreme cases it might introduce security issues where users can
access each the data of other.
On Wed, 3 Jul 2019, 18:19 sidwoodstock ., <sidwoodstock at gmail.com> wrote:
> Also, if Gergely's suggestion doesn't work, you could try removing your
> variable assignment of current_user = user. I see no practical reason to do
> this, and since current_user is a built-in (and very handy) variable, maybe
> that is somehow related to your issue?
>
> > > current_user = user
>
> and then just call login_user directly with your user you already have at
> hand:
>
> > > login_user(user, form.remember_me.data)
>
> -Scott
>
> On Wed, Jul 3, 2019 at 9:03 AM <flask-request at python.org> wrote:
>
>> Send Flask mailing list submissions to
>> flask at python.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://mail.python.org/mailman/listinfo/flask
>> or, via email, send a message with subject or body 'help' to
>> flask-request at python.org
>>
>> You can reach the person managing the list at
>> flask-owner at python.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Flask digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Unable to set current_user.authenticated to True
>> (Gergely Polonkai)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 2 Jul 2019 19:01:20 +0200
>> From: Gergely Polonkai <gergely at polonkai.eu>
>> To: Leni Kadali Mutungi <lenikmutungi at gmail.com>
>> Cc: flask <Flask at python.org>
>> Subject: Re: [Flask] Unable to set current_user.authenticated to True
>> Message-ID:
>> <CACczBUJWEAoLjnsQSh5Z+3mVuzjZ1=Ly-=
>> zxtk3bMO+n-+-y3Q at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello,
>>
>> I assume you are using Flask-Login (either directly or via another
>> extension like Flask-Security). If this is the case, you can import
>> login_user and call it like login_user(user).
>>
>> If that does not work, you may want to check if the user is active (ie.
>> not
>> disabled), as it is the most common culprit when a user can?t be logged
>> in.
>>
>> Best,
>> Gergely
>>
>> On Mon, 1 Jul 2019, 19:03 Leni Kadali Mutungi, <lenikmutungi at gmail.com>
>> wrote:
>>
>> > I think you mean to set it as `current_user.is_authenticated = True`.
>> >
>> > On 7/1/19 6:14 PM, Abdul Mohammed wrote:
>> > > Hello everyone,
>> > > I am trying to toggle between "Sign in" and "Sign
>> > > out" links using the current_user.is_authenticated variable such that
>> > > when it returns False, the "Sign in" is displayed and when True the
>> > > "Sign out" link is displayed. At some point in the login code I set
>> > > current_user.authenticated = True. The thing is that by the I am
>> > > successfully logged in and presented with the next view, it is the
>> > > "Sign in" link that is still displayed. When I check
>> > > current_user.is_authenticated, it returns False, even though I had
>> > > explicitly set it to True. Please can anyone point out what I am might
>> > > be doing wrong? Here is my code:
>> > >
>> > > I have a base.html file that contains the "Sign in" and "Sign out"
>> > > links that is extended by the other templates:
>> > >
>> > > <ul class="nav navbar-nav navbar-right">
>> > > {% if (current_user.is_authenticated) %}
>> > > <li><a href="{{ url_for('logout') }}">Sign Out</a></li>
>> > > {% else %}
>> > > <li><a href="{{ url_for('index') }}">Sign In</a></li>
>> > > {% endif %}
>> > > </ul>
>> > >
>> > > <body>
>> > > {% block page_content %}{% endblock %}
>> > > </body>
>> > >
>> > >
>> > > When the app first loads in the browser it displays a login form,
>> > > login.html:
>> > >
>> > > {% extends "base.html" %}
>> > >
>> > > {% block content %}
>> > > {% import "bootstrap/wtf.html" as wtf %}
>> > > {% block title %}Flasky - Login{% endblock %}
>> > > {% block page_content %}
>> > > <div class="page-header">
>> > > <h1>Login</h1>
>> > > </div>
>> > > <div class="col-md-4">
>> > > {{ wtf.quick_form(form) }}
>> > > </div>
>> > > {% endblock %}
>> > > {% endblock %}
>> > >
>> > > When a user logs in, it loads a template dashboard.html that displays
>> > > a map. The top part looks like this:
>> > >
>> > > {% extends "base.html" %}
>> > >
>> > > {% block page_content %}
>> > > <html>
>> > > <head>
>> > > <title>Lagos Map</title>
>> > > <link rel="stylesheet"
>> > > href="https://unpkg.com/leaflet@1.1.0/dist/leaflet.css"
>> > >
>> >
>> integrity="sha512-wcw6ts8Anuw10Mzh9Ytw4pylW8+NAD4ch3lqm9lzAsTxg0GFeJgoAtxuCLREZSC5lUXdVyo/7yfsqFjQ4S+aKw=="
>> > > crossorigin=""/>
>> > > <script src="https://unpkg.com/leaflet@1.1.0/dist/leaflet.js"
>> > >
>> >
>> integrity="sha512-mNqn2Wg7tSToJhvHcqfzLMU6J4mkOImSPTxVZAdo+lcPlk+GhZmYgACEe0x35K7YzW1zJ7XyJV/TT1MrdXvMcA=="
>> > > crossorigin=""></script>
>> > > <script
>> > > src="
>> >
>> https://rawgit.com/k4r573n/leaflet-control-osm-geocoder/master/Control.OSMGeocoder.js
>> > "></script>
>> > > <link rel="stylesheet"
>> > > href="
>> >
>> https://rawgit.com/k4r573n/leaflet-control-osm-geocoder/master/Control.OSMGeocoder.css
>> "
>> >
>> > > />
>> > > <link rel="stylesheet"
>> > > href="
>> >
>> https://cdnjs.cloudflare.com/ajax/libs/leaflet-routing-machine/3.2.5/leaflet-routing-machine.css
>> "
>> >
>> > > />
>> > > <script
>> > > src="
>> >
>> https://cdnjs.cloudflare.com/ajax/libs/leaflet-routing-machine/3.2.5/leaflet-routing-machine.js
>> > "></script>
>> > > <script
>> > > src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js
>> > "></script>
>> > > ...
>> > > ...
>> > >
>> > > And these are the relevant routes:
>> > >
>> > > @app.route('/',methods=['GET','POST'])
>> > > def index():
>> > > form = LoginForm()
>> > > if form.validate_on_submit():
>> > > user = User.query.filter_by(email=form.email.data).first()
>> > > if user is not None and
>> > user.check_password(form.password.data):
>> > > user.authenticated = True
>> > > current_user = user
>> > > db.session.add(current_user)
>> > > db.session.commit()
>> > > login_user(current_user, form.remember_me.data)
>> > > return redirect(request.args.get('next') or
>> > > url_for('dashboard'))
>> > > flash('Invalid username or password.')
>> > > return render_template('auth/login.html', form=form)
>> > >
>> > > @app.route('/dashboard')
>> > > def dashboard():
>> > > return render_template("dashboard.html")
>> > >
>> > > Thank you for your time.
>> > >
>> > > _______________________________________________
>> > > Flask mailing list
>> > > Flask at python.org
>> > > https://mail.python.org/mailman/listinfo/flask
>> >
>> > --
>> > -- Kind regards,
>> > Leni Kadali Mutungi
>> >
>> > _______________________________________________
>> > Flask mailing list
>> > Flask at python.org
>> > https://mail.python.org/mailman/listinfo/flask
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.python.org/pipermail/flask/attachments/20190702/424f55cc/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>
>> ------------------------------
>>
>> End of Flask Digest, Vol 49, Issue 5
>> ************************************
>>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
On Wed, 3 Jul 2019, 18:19 sidwoodstock ., <sidwoodstock at gmail.com> wrote:
> Also, if Gergely's suggestion doesn't work, you could try removing your
> variable assignment of current_user = user. I see no practical reason to do
> this, and since current_user is a built-in (and very handy) variable, maybe
> that is somehow related to your issue?
>
> > > current_user = user
>
> and then just call login_user directly with your user you already have at
> hand:
>
> > > login_user(user, form.remember_me.data)
>
> -Scott
>
> On Wed, Jul 3, 2019 at 9:03 AM <flask-request at python.org> wrote:
>
>> Send Flask mailing list submissions to
>> flask at python.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> https://mail.python.org/mailman/listinfo/flask
>> or, via email, send a message with subject or body 'help' to
>> flask-request at python.org
>>
>> You can reach the person managing the list at
>> flask-owner at python.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Flask digest..."
>>
>>
>> Today's Topics:
>>
>> 1. Re: Unable to set current_user.authenticated to True
>> (Gergely Polonkai)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Tue, 2 Jul 2019 19:01:20 +0200
>> From: Gergely Polonkai <gergely at polonkai.eu>
>> To: Leni Kadali Mutungi <lenikmutungi at gmail.com>
>> Cc: flask <Flask at python.org>
>> Subject: Re: [Flask] Unable to set current_user.authenticated to True
>> Message-ID:
>> <CACczBUJWEAoLjnsQSh5Z+3mVuzjZ1=Ly-=
>> zxtk3bMO+n-+-y3Q at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hello,
>>
>> I assume you are using Flask-Login (either directly or via another
>> extension like Flask-Security). If this is the case, you can import
>> login_user and call it like login_user(user).
>>
>> If that does not work, you may want to check if the user is active (ie.
>> not
>> disabled), as it is the most common culprit when a user can?t be logged
>> in.
>>
>> Best,
>> Gergely
>>
>> On Mon, 1 Jul 2019, 19:03 Leni Kadali Mutungi, <lenikmutungi at gmail.com>
>> wrote:
>>
>> > I think you mean to set it as `current_user.is_authenticated = True`.
>> >
>> > On 7/1/19 6:14 PM, Abdul Mohammed wrote:
>> > > Hello everyone,
>> > > I am trying to toggle between "Sign in" and "Sign
>> > > out" links using the current_user.is_authenticated variable such that
>> > > when it returns False, the "Sign in" is displayed and when True the
>> > > "Sign out" link is displayed. At some point in the login code I set
>> > > current_user.authenticated = True. The thing is that by the I am
>> > > successfully logged in and presented with the next view, it is the
>> > > "Sign in" link that is still displayed. When I check
>> > > current_user.is_authenticated, it returns False, even though I had
>> > > explicitly set it to True. Please can anyone point out what I am might
>> > > be doing wrong? Here is my code:
>> > >
>> > > I have a base.html file that contains the "Sign in" and "Sign out"
>> > > links that is extended by the other templates:
>> > >
>> > > <ul class="nav navbar-nav navbar-right">
>> > > {% if (current_user.is_authenticated) %}
>> > > <li><a href="{{ url_for('logout') }}">Sign Out</a></li>
>> > > {% else %}
>> > > <li><a href="{{ url_for('index') }}">Sign In</a></li>
>> > > {% endif %}
>> > > </ul>
>> > >
>> > > <body>
>> > > {% block page_content %}{% endblock %}
>> > > </body>
>> > >
>> > >
>> > > When the app first loads in the browser it displays a login form,
>> > > login.html:
>> > >
>> > > {% extends "base.html" %}
>> > >
>> > > {% block content %}
>> > > {% import "bootstrap/wtf.html" as wtf %}
>> > > {% block title %}Flasky - Login{% endblock %}
>> > > {% block page_content %}
>> > > <div class="page-header">
>> > > <h1>Login</h1>
>> > > </div>
>> > > <div class="col-md-4">
>> > > {{ wtf.quick_form(form) }}
>> > > </div>
>> > > {% endblock %}
>> > > {% endblock %}
>> > >
>> > > When a user logs in, it loads a template dashboard.html that displays
>> > > a map. The top part looks like this:
>> > >
>> > > {% extends "base.html" %}
>> > >
>> > > {% block page_content %}
>> > > <html>
>> > > <head>
>> > > <title>Lagos Map</title>
>> > > <link rel="stylesheet"
>> > > href="https://unpkg.com/leaflet@1.1.0/dist/leaflet.css"
>> > >
>> >
>> integrity="sha512-wcw6ts8Anuw10Mzh9Ytw4pylW8+NAD4ch3lqm9lzAsTxg0GFeJgoAtxuCLREZSC5lUXdVyo/7yfsqFjQ4S+aKw=="
>> > > crossorigin=""/>
>> > > <script src="https://unpkg.com/leaflet@1.1.0/dist/leaflet.js"
>> > >
>> >
>> integrity="sha512-mNqn2Wg7tSToJhvHcqfzLMU6J4mkOImSPTxVZAdo+lcPlk+GhZmYgACEe0x35K7YzW1zJ7XyJV/TT1MrdXvMcA=="
>> > > crossorigin=""></script>
>> > > <script
>> > > src="
>> >
>> https://rawgit.com/k4r573n/leaflet-control-osm-geocoder/master/Control.OSMGeocoder.js
>> > "></script>
>> > > <link rel="stylesheet"
>> > > href="
>> >
>> https://rawgit.com/k4r573n/leaflet-control-osm-geocoder/master/Control.OSMGeocoder.css
>> "
>> >
>> > > />
>> > > <link rel="stylesheet"
>> > > href="
>> >
>> https://cdnjs.cloudflare.com/ajax/libs/leaflet-routing-machine/3.2.5/leaflet-routing-machine.css
>> "
>> >
>> > > />
>> > > <script
>> > > src="
>> >
>> https://cdnjs.cloudflare.com/ajax/libs/leaflet-routing-machine/3.2.5/leaflet-routing-machine.js
>> > "></script>
>> > > <script
>> > > src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.js
>> > "></script>
>> > > ...
>> > > ...
>> > >
>> > > And these are the relevant routes:
>> > >
>> > > @app.route('/',methods=['GET','POST'])
>> > > def index():
>> > > form = LoginForm()
>> > > if form.validate_on_submit():
>> > > user = User.query.filter_by(email=form.email.data).first()
>> > > if user is not None and
>> > user.check_password(form.password.data):
>> > > user.authenticated = True
>> > > current_user = user
>> > > db.session.add(current_user)
>> > > db.session.commit()
>> > > login_user(current_user, form.remember_me.data)
>> > > return redirect(request.args.get('next') or
>> > > url_for('dashboard'))
>> > > flash('Invalid username or password.')
>> > > return render_template('auth/login.html', form=form)
>> > >
>> > > @app.route('/dashboard')
>> > > def dashboard():
>> > > return render_template("dashboard.html")
>> > >
>> > > Thank you for your time.
>> > >
>> > > _______________________________________________
>> > > Flask mailing list
>> > > Flask at python.org
>> > > https://mail.python.org/mailman/listinfo/flask
>> >
>> > --
>> > -- Kind regards,
>> > Leni Kadali Mutungi
>> >
>> > _______________________________________________
>> > Flask mailing list
>> > Flask at python.org
>> > https://mail.python.org/mailman/listinfo/flask
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.python.org/pipermail/flask/attachments/20190702/424f55cc/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>
>> ------------------------------
>>
>> End of Flask Digest, Vol 49, Issue 5
>> ************************************
>>
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20190704/055df8bc/attachment-0001.html>
More information about the Flask
mailing list