How do you log a user in and out in Flask using the Flask-Security extension?
I just started using flask-security, and going through the documentation here http://pythonhosted.org/Flask-Security/api.html , I can't really figure out how to explicitly log a user in and out, as well as authenticate the user before logging them in.
Flask-Security uses Flask-Login. So you can do the following as per documentation:
login_user(user) # where user is your user object
logout_user()
Obviously, you still need to write your views where you will validate the form submissions etc before calling these methods and do the proper template rendering or redirects as needed.
Go to the flask security configurations page here: http://pythonhosted.org/Flask-Security/configuration.html
and copy over all the default configuration values into your init.py file like:
app.config['SECURITY_LOGIN_USER_TEMPLATE'] = 'security/login_user.html'
etc...
Then you have to download the security file which contains all the html templates. Put that folder in your templates folder where you keep all the other html templates. You can use google to figure out where to download the folder as well as how to set up the rest of flask security. I had a lot of trouble figuring out flask security as well, but after poking around here and on google, I was able to get some of it working, so don't lose faith. Hope this helps.
Related
Since I want to keep the admin login separate from the user login on my Wagtail site, I'm trying to use the login page settings mentioned in this section of the documentation to direct people to a custom login page. I added the following settings to my base.py folder in the settings directory for my WT project under #Wagtail settings:
WAGTAIL_FRONTEND_LOGIN_URL = '/login/'
WAGTAIL_FRONTEND_LOGIN_TEMPLATE = 'base/login.html'
My project is structured similar to the bakerydemo, so there is a base app that manages a lot of the shared pieces of the site. I put my login.html in the templates directory for the base app. See link below for screenshot.
Screenshot of project directories
I am getting a 404 error whenever I try to navigate to the login URL I specified. Is there a setting I missed? Did I put the template in the wrong directory? Still getting used to how WT structures projects, so any pointers would be very much appreciated.
You should only set one of WAGTAIL_FRONTEND_LOGIN_URL and WAGTAIL_FRONTEND_LOGIN_TEMPLATE, not both.
WAGTAIL_FRONTEND_LOGIN_TEMPLATE is used if you want to use Wagtail's own login view (located at the URL /_util/login/), but want to customise its template. If you're going down this route, a path like 'base/login.html' is correct - Django will search within all template directories for a file matching this path.
WAGTAIL_FRONTEND_LOGIN_URL is used if you want to provide your own view code. To use this, you'll need to write the view function (most likely inheriting from Django's LoginView) and register it in the URL config, then point WAGTAIL_FRONTEND_LOGIN_URL at the resulting URL. In this case, your view function will be responsible for rendering an appropriate template, so WAGTAIL_FRONTEND_LOGIN_TEMPLATE will not come into play.
Good morning everyone,
I am developing an app for QNAP which has also a web interface. In my qpkg.conf I set QPKG_WEBUI and QPKG_USE_PROXY and I can see correctly the Web interface inside the QNAP interface once I am logged in. It seems perfectly integrated with the QNAP interface, BUT, I can see it also writing the right url in my web browser, even if I am not logged in the QNAP and I cleared all possible cache/cookies.
I want to give access to my Web interface only to valid users. Unfortunately I do not know how to do it. I tried to write a .htaccess to deploy with my application, but without any success (obviously I can not modify the apache standard configuration, and with the standard configuration I was not able to do it).
The only thing I found, inside the Apache folder, there is a pwauth executable that let me ask for username/password (even if I do not want to ask, I want only to see if the user is ALREADY logged in). Anyway with the standard apache configuration, the external module is not loaded, then I can not use the pwauth inside the .htaccess. Maybe I could create some custom cgi program that call it, but I would prefer to avoid custom solution, I really would like to follow a "standard" way to do it, it should be one.....
I would like to know if there is some QNAP variable to set in the qpkg.conf file, or some configuration to set in a .htaccess that does what I want: grant the access only if the user is ALREADY logged in.
Thanks very much to everyone, I could not find anything in google or in the official documentation.
I'm about to create a blog and wanted to host the content on Dropbox (only Markdown files, everything else is on my server) because I want to be able to quickly upload and edit posts from all my devices without having to get some FTP app on them.
So far I managed to access files via https://dl.dropboxusercontent.com/u/********/<sub-folder>/<file name>.md and like pointed out here I can get the last-modified attribute via etags.
However, I'm stuck at getting a file list (or a folder's metadata in general). Is this possible without using OAuth?
No, this isn't possible without using the API. But why are you against using the API?
Feel free to use my tool https://dbxoauth2.site44.com/ to get an OAuth access token for your account. Then just do an HTTP GET to https://api.dropbox.com/1/metadata/auto/<path> with an Authorization header of Bearer <token>. Ditto for getting the actual file contents, just use /files/auto/<path> instead.
Oh, unless you're doing this client-side in JavaScript? In that case, this won't work since you can't give your access token out to the client (where it could be abused by anyone who visited your website).
make "Public" folder and go https://www.dropbox.com/enable_public_folder
back to your dropbox folder (web) right mouse at file in public folder and chose "Copy public link..."
Update: As of September 1, 2017 public links have been disabled for all users.
https://help.dropbox.com/files-folders/share/public-folder
hello all i havent managed to find this elsewhere here nor in the old GAS product forum so here goes:
i am writing a simple client javascript which queries various APIs. when it comes to querying a certain GAS script i have set up to access gmail, i understand i am supposed to serve its data through JSONP. the client script dynamically injects a SCRIPT tag and should normally handle this "response" as script. except whenever the response contains html, requesting the user to grant permissions. in this case this HTML goes into the SCRIPT raising syntax error with MIME type mismatch.
researching this problem i was led to believe the solution lies somewhere around redirecting the user to this page always before every call. so my question is, where can i find best practice regarding this issue?
Unfortunately there isn't a full solution for detecting and granting authorizations to scripts used in JSONP requests. I've seen workarounds where an application first prompts the users to visit the web app's URL, so that they can grant authorization, before allowing them to use the JSONP portion of the application.
Okay I'm a little confused on how to do this due to the fact that I'm new to Joomla.
I have a site where users need to be logged in to view certain articles. I want restricted articles to basically pick up weather or not the user is logged in, if so proceed as normal, else display a login/registration form.
I looked at the plugins section and found a "Joomla-Authentication" plugin. Now, how do I use that in an article in the same fashion I use other plugins in article? i.E {plugin_name}params{/plugin_name}
NO... You do not need plugin for this AT ALL.
In Joomla you have "Access Type" for modules/articles/pretty much everything.
Public - Visitors
Registered - logged in users
Special - back-end users
In Back-End go to Modules and create new Log-In module. In the access type selected "Public".
When you create articles select "Registered Access" this way only signed-in users will see the article.
This will help you. Log-In the admin Back-End (Administrator Screen), go to Help->Joomla Help. In the Alphabetical Index find following topics:
Module Manager (it explains access types)
Module - New
Article Manager (it explains access types)
Article Manager - New/Edit
I found a solution that works for me. I downloaded and installed JUMI. Jumi is a Joomla extension that allows you to include files such as php and then executes the code in those files. Through PHP I check user access and do redirects accordingly.
JUMI can be downloaded here