当应用程序自动将用户注销时,我的flask应用程序的登录表单无法验证(form.valididate=false(:
app.permanent_session_lifetime = timedelta(minutes=5)
form.errors返回一个空字典{}。
有什么想法吗?
下面的登录路线。当用户自动注销时,将完全绕过"if-form.validate_on_submit…"下面的代码。
@view.route('/Login', methods=['GET', 'POST'])
def login():
if current_user.is_authenticated and current_user.is_suspended != True:
return redirect(url_for('view.Index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('view.login'))
if user.is_suspended and user.check_password(form.password.data):
flash('Your login has been suspended. Please contact NZGBC.')
return redirect(url_for('view.login'))
user.session_token = user.generate_session_token()
db.session.commit()
login_user(user, remember=form.remember_me.data)
if form.remember_me.data is not True:
app.permanent_session_lifetime = timedelta(minutes=60)
else:
app.permanent_session_lifetime = timedelta(days=365)
next = request.args.get('next')
# is_safe_url should check if the url is safe for redirects.
# See http://flask.pocoo.org/snippets/62/ for an example.
if not is_safe_url(next):
return abort(400)
return redirect(next or url_for('view.Index'))
return render_template('login.html', highlight='11', title='Sign In', form=form)
根据您的评论:
由于CSRF令牌是一次性使用的,因此在使用CSRF令牌提交表单后,它将失败。
尝试在登录路径中执行此操作作为变通方法:
try:
if form.validate_on_submit():
# ... process your form normally ...
except:
return redirect(url_for('view.login'))
# ... maybe display a message for the user to reenter his creds because he was logged out ...
这应该是解决您问题的可行方法。