在我的flask应用程序中,我正在使用flask-login来管理用户登录和注销。
我已经向我的配置文件添加了密钥。另外,我在表单的开头致电{{login_form.csrf_token}}。但是,当我尝试与用户登录时,有时会遇到400(错误请求)错误,抱怨令牌不匹配。之后,检查csrf字段,我意识到,它总是生成相同的几个标记。为了弄清出现此错误的情况:
我认为,以某种方式无法确定已使用的令牌或注销后令牌无法释放。我已经处理了将近2天的问题,我无法弄清为什么会这样。请帮助大家
@bp.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
if current_user.has_role(['Super Admin', 'Admin']):
return redirect(url_for('admin.admin_dash'))
if current_user.has_role(['Gym']):
return redirect(url_for('gym.gymmain'))
form = LoginForm()
if form.validate_on_submit():
print("FORM VALIDATED !!")
user = SuperUser.query.filter_by(email=form.email.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid email or password')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
if current_user.has_role(['Super Admin', 'Admin']):
next_page = url_for('admin.admin_dash')
if current_user.has_role(['Gym']):
next_page = url_for('gym.gymmain')
return redirect(next_page)
else:
return render_template('home/login.html', title='Log In', login_form=form)
@ bp.route('/登出')
def logout():
print("Logging out !!")
session.pop('_flashes', None)
logout_user()
return redirect(url_for('home.index'))
@bp.route('/login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated:
if current_user.has_role(['Super Admin', 'Admin']):
return redirect(url_for('admin.admin_dash'))
if current_user.has_role(['Gym']):
return redirect(url_for('gym.gymmain'))
form = LoginForm()
if form.validate_on_submit():
print("FORM VALIDATED !!")
user = SuperUser.query.filter_by(email=form.email.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid email or password')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
if current_user.has_role(['Super Admin', 'Admin']):
next_page = url_for('admin.admin_dash')
if current_user.has_role(['Gym']):
next_page = url_for('gym.gymmain')
return redirect(next_page)
else:
return render_template('home/login.html', title='Log In', login_form=form)
db = SQLAlchemy()
migrate = Migrate(compare_type=True)
login = LoginManager()
login.login_view = 'auth.login'
csrf = CsrfProtect()
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
with app.app_context():
db.app = app
db.init_app(app)
migrate.init_app(app, db)
login.init_app(app)
csrf.init_app(app)