当我尝试使用@auth.login_required
装饰器访问路由时,系统会提示我输入用户名和密码。输入此信息后,函数的参数username_or_token
和password
为。为什么数据是空的?verify_password
''
@auth.verify_password
def verify_password(username_or_token, password):
# first try to authenticate by token
user = USER.verify_auth_token(username_or_token)
logger.debug("user = %r", user)
logger.debug("Entered USEREMAIL = %r" , username_or_token)
logger.debug("entered password = %r" , password)
if not user:
# try to authenticate with username/password
user = session.query(USER).filter_by(USEREMAIL=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
更新
我已将代码简化为:
@auth.verify_password
def verify_password(username, password):
logger.debug("username = %s" % username)
logger.debug("password = %s" % password)
return true
@app.route('/api/token')
@auth.login_required
def get_auth_token():
return "Hello, %s!" % auth.username()
我正在使用Advanced Rest Client
.
http://localhost:8081/myapp/api/token
我还附上了一个Authorization
标题。
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Authorization: Basic YXNkOmFzZA==
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh-TW;q=0.4
这导致输出:
Hello, !
日志文件:
username =
password =
我也不再被提示输入我security credentials
的。
另一个奇怪的是,即使我将 return 更改为false
in verify_password
,我仍然得到相同的输出:Hello, !