flask身份验证_使用Flask登录进行身份验证和授权

flask身份验证

Allowing users to login to your app is one of the most common features you'll add to a web app you build. This article will cover how to add simple authentication to your Flask app. The main package we will use to accomplish this is Flask Login.

允许用户登录到您的应用程序是您将添加到所构建的Web应用程序中的最常见功能之一。 本文将介绍如何向Flask应用添加简单身份验证。 我们将使用的主要软件包是Flask Login 。

我们将要建设的 ( What We'll Be Building )

We're going to build some sign up and login pages that allows our app to allow users to login and access protected pages that non-logged in users can see. We'll grab information from the user model and display it on our protected pages when the user logs in to simulate what a profile would look like.

We will cover the following in this article:

我们将在本文中介绍以下内容：

Use the Flask-Login library for session management使用Flask-Login库进行会话管理 Use the built-in Flask utility for hashing passwords使用内置的Flask实用程序对密码进行哈希处理 Add protected pages to our app for logged in users only将受保护的页面添加到我们的应用中，仅适用于登录用户 Use Flask-SQLAlchemy to create a user model使用Flask-SQLAlchemy创建用户模型 Create sign up and login forms for our users to create accounts and login为我们的用户创建注册和登录表单，以创建帐户和登录 Flash error messages back to users when something goes wrong发生错误时将Flash错误消息返回给用户 Use information from the user's account to display on the profile page使用来自用户帐户的信息显示在配置文件页面上

设置应用 ( Setting Up The Application )

Our app will use the Flask app factory pattern with blueprints. We'll have one blueprint that handles everything auth related, and we'll have another blueprint for our regular routes, which include the index and the protected profile page. In a real app, of course, you can break down the functionality in any way you like, but what I've proposed will work well for this tutorial.

我们的应用程序将使用带有蓝图的Flask应用程序工厂模式。 我们将拥有一个处理所有与auth相关的蓝图，并且还将为我们的常规路由（包括索引和受保护的配置文件页面）提供另一蓝图。 当然，在真实的应用程序中，您可以按自己喜欢的任何方式分解功能，但是我建议的内容在本教程中会很好地起作用。

To start, we need to create the directories and files for our project.

首先，我们需要为项目创建目录和文件。

- project ---- templates-------- base.html<!-- contains common layout and links -->-------- index.html <!-- show the home page -->-------- login.html <!-- show the login form -->-------- profile.html <!-- show the profile page -->-------- signup.html <!-- show the signup form -->---- __init__.py <!-- setup our app -->---- auth.py <!-- the auth routes for our app -->---- main.py <!-- the non-auth routes for our app -->---- models.py <!-- our user model -->

You can create those files and we'll add them as we progress along.

您可以创建这些文件，并在进行过程中添加它们。

安装套件 ( Install Packages )

There are three main packages we need for our project:

我们的项目需要三个主要软件包：

Flask烧瓶 Flask-Login - to handle the user sessions after authenticationFlask-Login-处理身份验证后的用户会话 Flask-SQLAlchemy - to represent the user model and interface with our databaseFlask-SQLAlchemy-表示用户模型和与我们的数据库的接口

We'll only be using SQLite for the database to avoid having to install any extra dependencies for the database. Here's what you need to run after creating your virtual environment to install the packages.

我们将仅对数据库使用SQLite，以避免必须为数据库安装任何其他依赖项。 这是在创建虚拟环境以安装软件包之后需要运行的内容。

pipinstall flask flask-sqlalchemy flask-login

主应用程序文件 ( Main App File )

Let's start by creating the __init__.py file for our project. This will have the function to create our app which will initialize the database and register our blueprints. At the moment this won't do much, but it will be needed for the rest of our app. All we need to do is initialize SQLAlchemy, set some configuration values, and register our blueprints here.

让我们从为项目创建__init__.py文件开始。 这将具有创建我们的应用程序的功能，该应用程序将初始化数据库并注册我们的蓝图。 目前，这不会做太多，但其余的应用程序将需要它。 我们需要做的就是初始化SQLAlchemy，设置一些配置值，然后在此处注册我们的蓝图。

__init__.py (__init__.py)

# __init__.pyfrom flask import Flask__from flask_sqlalchemy import SQLAlchemy# init SQLAlchemy so we can use it later in our modelsdb = SQLAlchemy()def create_app():app = Flask(__name__)app.config['SECRET_KEY'] = '9OLWxND4o83j4K4iuopO'app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///db.sqlite'db.init_app(app)# blueprint for auth routes in our appfrom .auth import auth as auth_blueprintapp.register_blueprint(auth_blueprint)# blueprint for non-auth parts of appfrom .main import main as main_blueprintapp.register_blueprint(main_blueprint)return app

路线脚手架 ( Route Scaffolding )

Now that we have the main app file, we can start adding in our routes.

现在我们有了主应用程序文件，我们可以开始添加路线了。

For our routes, we'll use two blueprints. For our main blueprint, we'll have a home page (/) and profile page (/profile) for after we log in. If the user tries to access the profile page without being logged in, they'll be sent to our login route.

对于我们的路线，我们将使用两个蓝图。 对于我们的主要蓝图，我们将在登录后有一个主页（/）和个人资料页面（/ profile）。如果用户试图在未登录的情况下访问个人资料页面，则会将其发送到我们的登录名路线。

For our auth blueprint, we'll have routes to retrieve both the login page (/login) and signup page (/signup). We'll also have routes for handling the POST request from both of those two routes. Finally, we'll have a logout route (/logout) to logout an active user.

对于我们的身份验证蓝图，我们将具有检索登录页面（/ login）和注册页面（/ signup）的路由。 我们还将提供用于处理来自这两个路由的POST请求的路由。 最后，我们将有一个注销路由（/ logout）来注销活动用户。

Let's go ahead and add them even though they won't do much. Later we will update them so we can use them.

让我们继续添加它们，即使它们不会做太多。 稍后我们将对其进行更新，以便我们可以使用它们。

main.py (main.py)

# main.pyfrom flask import Blueprintfrom . import dbmain = Blueprint('main', __name__)@main.route('/')def index():return 'Index'@main.route('/profile')def profile():return 'Profile'

身份验证 (auth.py)

# auth.pyfrom flask import Blueprintfrom . import dbauth = Blueprint('auth', __name__)@auth.route('/login')def login():return 'Login'@auth.route('/signup')def signup():return 'Signup'@auth.route('/logout')def logout():return 'Logout'

You can now set the FLASK_APP and FLASK_DEBUG values and run the project. You should be able to view navigate to the five possible URLs and see the text returned.

现在，您可以设置FLASK_APP和FLASK_DEBUG值并运行项目。 您应该能够查看导航到五个可能的URL并看到返回的文本。

export FLASK_APP=projectexport FLASK_DEBUG=1flask run

范本 ( Templates )

Let's go ahead and create the templates that are used in our app. This is the first step before we can implement the actual login functionality. Our app will use four templates:

让我们继续创建在我们的应用程序中使用的模板。 这是实现实际登录功能之前的第一步。 我们的应用将使用四个模板：

index.htmlindex.html profile.htmlprofile.html login.htmllogin.html signup.htmlsignup.html

We'll also have a base template that will have code common to each of the pages. In this case, the base template will have navigation links and the general layout of the page. Let's create them now.

我们还将有一个基本模板，该模板将具有每个页面共有的代码。 在这种情况下，基本模板将具有导航链接和页面的总体布局。 现在创建它们。

templates / base.html (templates/base.html)

<!-- templates/base.html --><!DOCTYPE html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Flask Auth Example</title><link rel="stylesheet" href="/ajax/libs/bulma/0.7.2/css/bulma.min.css" /></head><body><section class="hero is-primary is-fullheight"><div class="hero-head"><nav class="navbar"><div class="container"><div id="navbarMenuHeroA" class="navbar-menu"><div class="navbar-end"><a href="{{ url_for('main.index') }}" class="navbar-item">Home</a><a href="{{ url_for('main.profile') }}" class="navbar-item">Profile</a><a href="{{ url_for('auth.login') }}" class="navbar-item">Login</a><a href="{{ url_for('auth.signup') }}" class="navbar-item">Sign Up</a><a href="{{ url_for('auth.logout') }}" class="navbar-item">Logout</a></div></div></div></nav></div><div class="hero-body"><div class="container has-text-centered">{% block content %}{% endblock %}</div></div></section></body></html>

templates / index.html (templates/index.html)

<!-- templates/index.html -->{% extends "base.html" %}{% block content %}<h1 class="title">Flask Login Example</h1><h2 class="subtitle">Easy authentication and authorization in Flask.</h2>{% endblock %}

templates / login.html (templates/login.html)

<!-- templates/login.html -->{% extends "base.html" %}{% block content %}<div class="column is-4 is-offset-4"><h3 class="title">Login</h3><div class="box"><form method="POST" action="/login"><div class="field"><div class="control"><input class="input is-large" type="email" name="email" placeholder="Your Email" autofocus=""></div></div><div class="field"><div class="control"><input class="input is-large" type="password" name="password" placeholder="Your Password"></div></div><div class="field"><label class="checkbox"><input type="checkbox">Remember me</label></div><button class="button is-block is-info is-large is-fullwidth">Login</button></form></div></div>{% endblock %}

templates / signup.html (templates/signup.html)

<!-- templates/signup.html -->{% extends "base.html" %}{% block content %}<div class="column is-4 is-offset-4"><h3 class="title">Sign Up</h3><div class="box"><form method="POST" action="/signup"><div class="field"><div class="control"><input class="input is-large" type="email" name="email" placeholder="Email" autofocus=""></div></div><div class="field"><div class="control"><input class="input is-large" type="text" name="name" placeholder="Name" autofocus=""></div></div><div class="field"><div class="control"><input class="input is-large" type="password" name="password" placeholder="Password"></div></div><button class="button is-block is-info is-large is-fullwidth">Sign Up</button></form></div></div>{% endblock %}

templates / profile.html (templates/profile.html)

<!-- templates/profile.html -->{% extends "base.html" %}{% block content %}<h1 class="title">Welcome, Anthony!</h1>{% endblock %}

Once you've added the templates, we can update the return statements in each of the routes we have to return the templates instead of the text.

一旦添加了模板，我们就可以在必须返回模板而不是文本的每条路线中更新return语句。

main.py (main.py)

# main.pyfrom flask import Blueprint, render_template...@main.route('/')def index():return render_template('index.html')@main.route('/profile')def profile():return render_template('profile.html')

main.py (main.py)

# auth.pyfrom flask import Blueprint, render_template...@auth.route('/login')def login():return render_template('login.html')@auth.route('/signup')def signup():return render_template('signup.html')

For example, here is what the signup page looks like if you navigate to /signup. You should be able see the pages for /, /login, and /profile as well. We'll leave /logout alone for now because it won't display a template when it's done.

例如，如果您导航到/ signup，则注册页面如下所示。 您还应该能够看到/，/ login和/ profile的页面。 我们暂时将/ logout保留下来，因为完成后它不会显示模板。

用户模型 ( User Model )

Our user model represents what it means for our app to have a user. To keep it simple, we'll have fields for an email address, password, and name. Of course in your application, you may decide you want much more information to be stored per user. You can add things like birthday, profile picture, location, or any user preferences.

我们的用户模型代表了我们的应用拥有用户的意义。 为简单起见，我们将提供电子邮件地址，密码和名称字段。 当然，在您的应用程序中，您可能决定要为每个用户存储更多信息。 您可以添加生日，个人资料图片，位置或任何用户首选项之类的内容。

Models created in Flask-SQLAlchemy are represented by classes which then translate to tables in a database. The attributes of those classes then turn into columns for those tables.

在Flask-SQLAlchemy中创建的模型由类表示，然后将类转换为数据库中的表。 这些类的属性然后变成这些表的列。

Let's go ahead and create that user model.

让我们继续创建该用户模型。

models.py (models.py)

# models.pyfrom . import dbclass User(db.Model):id = db.Column(db.Integer, primary_key=True) # primary keys are required by SQLAlchemyemail = db.Column(db.String(100), unique=True)password = db.Column(db.String(100))name = db.Column(db.String(1000))

数据库配置 ( Database Config )

Like I said before, we'll be using a SQLite database. We could create a SQLite database on our own, but let's have Flask-SQLAlchemy do it for us.

就像我之前说的，我们将使用一个SQLite数据库。 我们可以自己创建一个SQLite数据库，但让我们让Flask-SQLAlchemy来完成它。

We already have the path of the database specified in the __init__.py file, so we just need to tell Flask-SQLAlchemy to create the database for us in the Python REPL.

我们已经在__init__.py文件中指定了数据库的路径，因此我们只需要告诉Flask-SQLAlchemy在Python REPL中为我们创建数据库即可。

If you stop your app and open up a Python REPL, we can create the database using the create_all method on the db object.

如果停止应用程序并打开Python REPL，我们可以使用db对象上的create_all方法创建数据库。

from project import db, create_appdb.create_all(app=create_app()) # pass the create_app result so Flask-SQLAlchemy gets the configuration.

You should now see a db.sqlite file in your project directory. This database will have our user table in it.

现在，您应该在项目目录中看到一个db.sqlite文件。 该数据库中将包含我们的用户表。

报名方法 ( Sign up Method )

Now that we have everything set up, we can finally get to writing the code for the authorization.

现在我们已经完成了所有设置，我们终于可以开始编写授权代码了。

For our sign up function, we're going to take the data the user types into the form and add it to our database. But before we add it, we need to make sure the user doesn't already exist in the database. If it doesn't, then we need to make sure we hash the password before placing it into the database, because we don't want our passwords stored in plaintext.

对于我们的注册功能，我们将把用户输入的数据放入表单中并将其添加到我们的数据库中。 但是在添加它之前，我们需要确保用户在数据库中尚不存在。 如果不是，那么我们需要确保在将密码放入数据库之前对密码进行哈希处理，因为我们不希望密码以明文形式存储。

Let's start by adding a second function to handle the POSTed form data. In this function, we will gather the data passed from the user first.

首先，添加第二个函数来处理POST表单数据。 在此功能中，我们将首先收集从用户传递来的数据。

Let's start by creating the function and adding a redirect to the bottom because we know when we add the user to the database, we will redirect to the login route.

让我们从创建函数开始，然后将重定向添加到底部，因为我们知道将用户添加到数据库时，将重定向到登录路由。

身份验证 (auth.py)

# auth.pyfrom flask import Blueprint, render_template, redirect, url_for...@auth.route('/signup', methods=['POST'])def signup_post():# code to validate and add user to database goes herereturn redirect(url_for('auth.login'))

Now, let's add the rest of the code necessary for signing up a user.

现在，让我们添加其余的代码来注册用户。

To start, we'll have to use the request object to get the form data. If you're not familar with the request object, I wrote on article on it here: https://scotch.io/bar-talk/processing-incoming-request-data-in-flask

首先，我们必须使用request对象获取表单数据。 如果您不熟悉请求对象，我会在此处写一篇文章： https : //scotch.io/bar-talk/processing-incoming-request-data-in-flask

身份验证 (auth.py)

# auth.pyfrom flask import Blueprint, render_template, redirect, url_for, requestfrom werkzeug.security import generate_password_hash, check_password_hashfrom .models import Userfrom . import db...@auth.route('/signup', methods=['POST'])def signup_post():email = request.form.get('email')name = request.form.get('name')password = request.form.get('password')user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in databaseif user: # if a user is found, we want to redirect back to signup page so user can try againreturn redirect(url_for('auth.signup'))# create new user with the form data. Hash the password so plaintext version isn't saved.new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'))# add the new user to the databasedb.session.add(new_user)mit()return redirect(url_for('auth.login'))

测试注册方法 ( Test Sign Up Method )

Now that we have the sign up method done, we should be able to create a new user. Use the form to create a user.

现在我们已经完成了注册方法，我们应该能够创建一个新用户。 使用表单创建用户。

There are two ways you can verify if the sign up worked: you can use a database viewer to look at the row that was added to your table, or you can simply try signing up with the same email address again, and if you get an error, you know the first email was saved properly. So let's take that approach.

您可以通过两种方法来验证注册是否有效：可以使用数据库查看器查看添加到表中的行，或者可以尝试再次使用相同的电子邮件地址进行注册，以及错误，您知道第一封电子邮件已正确保存。 因此，让我们采用这种方法。

We can add code to let the user know the email already exists and tell them to go to the login page. By calling the flash function, we will send a message to the next request, which in this case, is the redirect. The page we land on will then have access to that message in the template.

我们可以添加代码以使用户知道电子邮件已经存在，并告诉他们转到登录页面。 通过调用flash函数，我们将向下一个请求发送一条消息，在这种情况下，该请求就是重定向。 然后，我们登录的页面将可以访问模板中的该消息。

First, we add the flash before we redirect back to our signup page.

首先，我们添加Flash，然后重定向回我们的注册页面。

身份验证 (auth.py)

# auth.pyfrom flask import Blueprint, render_template, redirect, url_for, request, flash...@auth.route('/signup', methods=['POST'])def signup_post():...if user: # if a user is found, we want to redirect back to signup page so user can try againflash('Email address already exists')return redirect(url_for('auth.signup'))

To get the flashed message in the template, we can add this code above the form. This will display the message directly above the form.

要在模板中获取闪烁的消息，我们可以将此代码添加到表单上方。 这将在表格正上方显示消息。

templates / signup.html (templates/signup.html)

<!-- templates/signup.html -->...{% with messages = get_flashed_messages() %}{% if messages %}<div class="notification is-danger">{{messages[0] }}. Go to <a href="{{ url_for('auth.login') }}">login page</a>.</div>{% endif %}{% endwith %}<form method="POST" action="/signup">...

登录方式 ( Login Method )

The login method is similiar to the signup function in that we will take the user information and do something with it. In this case, we will compare the email address entered to see if it's in the database. If so, we will test the password the user provided by hashing the password the user passes in and comparing it to the hashed password in the database. We know the user has entered the correct password when both hashed passwords match.

登录方法类似于注册功能，因为我们将获取用户信息并对其进行处理。 在这种情况下，我们将比较输入的电子邮件地址，以查看它是否在数据库中。 如果是这样，我们将通过哈希用户传入的密码并将其与数据库中的哈希密码进行比较来测试用户提供的密码。 我们知道当两个哈希密码匹配时，用户输入了正确的密码。

Once the user has passed the password check, we know that they have the correct credentials and we can go ahead and log them in using Flask-Login. By calling login_user, Flask-Login will create a session for that user that will persist as the user stays logged in, which will allow the user to view protected pages.

用户通过密码检查后，我们知道他们具有正确的凭据，我们可以继续使用Flask-Login登录。 通过调用login_user，Flask-Login将为该用户创建一个会话，该会话将在用户保持登录状态时保持不变，这将允许该用户查看受保护的页面。

We can start with a new route for handling the POSTed data. We'll redirect to the profile page when the user successfully logs in.

我们可以从处理POST数据的新路线开始。 用户成功登录后，我们将重定向到个人资料页面。

身份验证 (auth.py)

# auth.py...@auth.route('/login', methods=['POST'])def login_post():# login code goes herereturn redirect(url_for('main.profile'))

Now, we need to verify if the user has the correct credentials.

现在，我们需要验证用户是否具有正确的凭据。

身份验证 (auth.py)

# auth.py...@auth.route('/login', methods=['POST'])def login_post():email = request.form.get('email')password = request.form.get('password')remember = True if request.form.get('remember') else Falseuser = User.query.filter_by(email=email).first()# check if user actually exists# take the user supplied password, hash it, and compare it to the hashed password in databaseif not user or not check_password_hash(user.password, password): flash('Please check your login details and try again.')return redirect(url_for('auth.login')) # if user doesn't exist or password is wrong, reload the page# if the above check passes, then we know the user has the right credentialsreturn redirect(url_for('main.profile'))

Let's add in the block in the template so the user can see the flashed message. Like the signup form, let's add the potential error message directly above the form.

让我们在模板中添加块，以便用户可以看到闪烁的消息。 像注册表单一样，让我们​​直接在表单上方添加潜在的错误消息。

templates / login.html (templates/login.html)

<!-- templates/login.html -->...{% with messages = get_flashed_messages() %}{% if messages %}<div class="notification is-danger">{{messages[0] }}</div>{% endif %}{% endwith %}<form method="POST" action="/login">

So we have have the ability to say a user has been logged in succesfully, but there is nothing to actually log the user in anywhere. This is where we bring in Flask-Login.

因此，我们可以说用户已成功登录，但是没有任何内容可以实际登录该用户。 这是我们引入Flask-Login的地方。

But first, we need a few things for Flask-Login to work.

但是首先，我们需要一些东西来使Flask-Login正常工作。

We start by adding something called the UserMixin to our User model. The UserMixin will add Flask-Login attributes to our model so Flask-Login will be able to work with it.

我们首先在用户模型中添加一个称为UserMixin的东西。 UserMixin会将Flask-Login属性添加到我们的模型中，以便Flask-Login可以使用它。

models.py (models.py)

# models.pyfrom flask_login import UserMixinfrom . import dbclass User(UserMixin, db.Model):id = db.Column(db.Integer, primary_key=True) # primary keys are required by SQLAlchemyemail = db.Column(db.String(100), unique=True)password = db.Column(db.String(100))name = db.Column(db.String(1000))

Then, we need to specify our user loader. A user loader tells Flask-Login how to find a specific user from the ID that is stored in their session cookie. We can add this in our create_app function along with basic init code for Flask-Login.

然后，我们需要指定我们的用户加载器。 用户加载器告诉Flask-Login如何从存储在其会话cookie中的ID中查找特定用户。 我们可以将其与Flask-Login的基本初始化代码一起添加到create_app函数中。

__init__.py (__init__.py)

# __init__.py...from flask_login import LoginManager def create_app():...db.init_app(app)login_manager = LoginManager()login_manager.login_view = 'auth.login'login_manager.init_app(app)from .models import User@login_manager.user_loaderdef load_user(user_id):# since the user_id is just the primary key of our user table, use it in the query for the userreturn User.query.get(int(user_id))

Finally, we can add the login_user function just before we redirect to the profile page to create the session.

最后，我们可以在重定向到个人资料页面以创建会话之前添加login_user函数。

身份验证 (auth.py)

# auth.pyfrom flask_login import login_userfrom .models import User...@auth.route('/login', methods=['POST'])def login_post():# if the above check passes, then we know the user has the right credentialslogin_user(user, remember=remember)return redirect(url_for('main.profile'))

With Flask-Login setup, we can finally use the /login route.

通过Flask-Login设置，我们最终可以使用/ login路由。

When everything is successful, we will see the profile page.

一切成功后，我们将看到个人资料页面。

受保护的页面 ( Protected Pages )

If your name isn't also Anthony, then you'll see that your name is wrong. What we want is the profile to display the name in the database. So first, we need to protect the page and then access the user's data to get the name.

如果您的名字也不是Anthony，那么您会发现您的名字是错误的。 我们想要的是配置文件以在数据库中显示名称。 因此，首先，我们需要保护页面，然后访问用户数据以获取名称。

To protect a page when using Flask-Login is very simple: we add the @login_requried decorator between the route and the function. This will prevent a user who isn't logged in from seeing the route. If the user isn't logged in, the user will get redirected to the login page, per the Flask-Login configuration.

在使用Flask-Login时保护页面非常简单：我们在路由和函数之间添加@login_requried装饰器。 这样可以防止未登录的用户看到路由。 如果用户未登录，则根据Flask-Login配置，该用户将被重定向到登录页面。

With routes that are decorated with the login_required decorator, we then have the ability to use the current_user object inside of the function. This current_user represents the user from the database, and we can access all of the attributes of that user with dot notation. For example, current_user.email, current_user.password, and current_user.name and current_user.id will return the actual values stored in the database for the logged in user.

通过用login_required装饰器装饰的路由，我们便可以在函数内部使用current_user对象。 这个current_user代表数据库中的用户，我们可以使用点表示法访问该用户的所有属性。 例如，current_user.email，current_user.password，current_user.name和current_user.id将为登录用户返回存储在数据库中的实际值。

Let's use the name of the current user and send it to the template. We then will use that name and display its value.

让我们使用当前用户的名称，并将其发送到模板。 然后，我们将使用该名称并显示其值。

main.py (main.py)

# main.pyfrom flask import Blueprint, render_templatefrom flask_login import login_required, current_user...@main.route('/profile')@login_requireddef profile():return render_template('profile.html', name=current_user.name)

templates / profile.html (templates/profile.html)

<!-- templates/profile.html -->...<h1 class="title">Welcome, {{ name }}!</h1>

Once we go to our profile page, we then see that the user's name appears.

转到个人资料页面后，我们会看到出现用户名。

The final thing we can do is update our logout view. We can call the logout_user function in a route for logging out. We have the login_required decorator because it doesn't make sense to logout a user who isn't logged in to begin with.

我们可以做的最后一件事是更新注销视图。 我们可以在注销路径中调用logout_user函数。 我们有login_required装饰器，因为注销没有登录的用户没有任何意义。

身份验证 (auth.py)

# auth.pyfrom flask_login import login_user, logout_user, login_required...@auth.route('/logout')@login_requireddef logout():logout_user()return redirect(url_for('main.index'))

After we logout and try viewing the profile page again, we see a error message appear. This is because Flask-Login flashes a message for us when the user isn't allowed to access a page.

注销并尝试再次查看配置文件页面后，我们会看到一条错误消息。 这是因为不允许用户访问页面时，Flask-Login为我们闪烁了一条消息。

One last thing we can do is put if statements in the templates to display only the links relevant to the user. So before the user logins in, they will have the option to login or signup. After they have logged in, they can go to their profile or logout.

我们可以做的最后一件事是在模板中放置if语句，以仅显示与用户相关的链接。 因此，在用户登录之前，他们将可以选择登录或注册。 登录后，他们可以转到其个人资料或注销。

templates / base.html (templates/base.html)

<!-- templates/base.html -->...<div class="navbar-end"><a href="{{ url_for('main.index') }}" class="navbar-item">Home</a>{% if current_user.is_authenticated %}<a href="{{ url_for('main.profile') }}" class="navbar-item">Profile</a>{% endif %}{% if not current_user.is_authenticated %}<a href="{{ url_for('auth.login') }}" class="navbar-item">Login</a><a href="{{ url_for('auth.signup') }}" class="navbar-item">Sign Up</a>{% endif %}{% if current_user.is_authenticated %}<a href="{{ url_for('auth.logout') }}" class="navbar-item">Logout</a>{% endif %}</div>

结论 ( Conclusion )

We've done it! We have used Flask-Login and Flask-SQLAlchemy to build a very basic login system for our app. We covered how to authenticate a user by first creating a user model and storing the user information to later. Then we had to verify the user's password was correct by hashing the password from the form and comparing it to the one stored in the database. Finally, we added authorization to our app by using the @login_required decotor on a profile page so only logged in users can see that page.

我们做到了！ 我们已经使用Flask-Login和Flask-SQLAlchemy为我们的应用程序构建了一个非常基本的登录系统。 我们首先介绍了如何创建用户模型并存储用户信息以供以后验证用户的方法。 然后，我们必须通过对表单中的密码进行哈希处理并将其与数据库中存储的密码进行比较，以验证用户密码是否正确。 最后，我们通过在个人资料页面上使用@login_required装饰器将授权添加到我们的应用中，以便只有登录的用户才能看到该页面。

What we created in this tutorial will be sufficient for smaller apps, but if you wish to have more functionality from the beginning, you may want to consider using either the Flask-User or Flask-Security libraries, which are both build on top of the Flask-Login library.

我们在本教程中创建的内容对于较小的应用程序已经足够了，但是如果您希望从一开始就拥有更多功能，则可能需要考虑使用Flask-User或Flask-Security库，它们都基于Flask-Login库。

翻译自: https://scotch.io/tutorials/authentication-and-authorization-with-flask-login

flask身份验证