flask-login不会拒绝非活动用户

Question

我正在构建一个python应用程序，我希望用户最初注册为非活动状态，这样我就可以通过切换存储用户的mongodb中的“active”属性来单独批准它们。我遇到的问题是将active更改为false似乎对用户登录的能力没有任何影响。

这是我的登录和注册路线：

@auth_flask_login.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST" and "email" in request.form:
        email = request.form["email"]
        userObj = User()
        user = userObj.get_by_email_w_password(email)
        if user and flask_bcrypt.check_password_hash(user.password,request.form["password"]) and user.is_active():
            remember = request.form.get("remember", "no") == "yes"

            if login_user(user, remember=remember):
                print user.is_active
                flash("Logged in!")
                return redirect('/notes/create')
            else:
                error = "invalid user"

    return render_template("/auth/login.html")


@auth_flask_login.route("/register", methods=["GET","POST"])
def register():

    registerForm = forms.SignupForm(request.form)
    current_app.logger.info(request.form)

    if request.method == 'POST' and registerForm.validate() == False:
        current_app.logger.info(registerForm.errors)
        return "uhoh registration error"

    elif request.method == 'POST' and registerForm.validate():
        email = request.form['email']

        # generate password hash
        password_hash = flask_bcrypt.generate_password_hash(request.form['password'])

        is_active = False

        # prepare User
        user = User(email,password_hash,is_active)
        print user

        try:
            user.save()

            flash("Please log in")
            return redirect('/login') #redirect to the login page when 


        except:
            flash("unable to register with that email address")
            current_app.logger.error("Error on registration - possible duplicate emails")

    # prepare registration form         
    templateData = {

        'form' : registerForm
    }

    return render_template("/auth/register.html", **templateData)`enter code here`

我的用户模型：

class User(db.Document):
    email = db.EmailField(unique=True)
    password = db.StringField(default=True)
    active = db.BooleanField(default=True)
    isAdmin = db.BooleanField(default=False)
    timestamp = db.DateTimeField(default=datetime.datetime.now())

    def is_authenticated(self):
        return True

    def is_active(self):
        return self.active

    def is_anonymous(self):
        return False

    def get_id(self):
        return unicode(self.id)

我感谢任何帮助。我已经坚持了几个小时。

编辑：@auth_flask_login是我正在使用的蓝图。

Answer 1

据我所知，Flask Login为您提供的@auth_flask_login没有装饰器。

对于不需要登录的视图，您应该这样，下面的示例特别是登录页面的情况：

@app.route('/login', ...)
def login(...):
    ...
    some logic that goes for authentication
    ...
    login_user(user)  # user is a User object and this should login the user.
    ...
    more stuff
    ...

阅读login_user函数here。

需要登录的页面：

@app.route('/some_page', ...)
@login_required
def someview(...):
    ...

您应该阅读login_required

您可以阅读有关此here

的更多信息

编辑：

from flask.ext.login import current_user

...

@app.route('/some_page', ...)
@login_required
def someview(...):
    ...
    if not current_user.active:
        ...  # 403 or some redirect, what ever you intend
    ...  # Stuff that should happen if the user was indeed active