Context: I am currently using Flask & Python for a website that I am trying to create. I am also using MongoDB for my database. So far, I have used various flask libraries, but I seem to be having trouble with user authentication, specifically, LoginManager(). I believe that this could simply be due to bad configuration or something I am missing. I should state that I am no expert. I only took a class this semester in school, and I am simply trying to reproduce what I learnt. I sincerely apologize for the long message, but I wanted to give as much context as possible
Problem: I seem to be having an issue with my login() logic. Once the website renders, and I implement a new user registration, this works. Now once I try to login that user, the user should get logged in and redirected to the user's account page, but this doesnt happen. I get a flash warning on the login page saying that I should log in to access this page. Here is a screenshot:Error description
Now given that I had no such message in my code, I did some research and found out that this was the default message flask gives when a user that is not authenticated tries to access a specific resource. Given that for a user to be able to access their account, they must be logged in, so @login_required is a decorator for my account route. So from what I understood, it seems the user wasnt properly being authenticated. I tried to print status of current_user in my account route and login route. Below are the logs from the print statement in the login route, but for account, but since this doesnt even render,I cannot see the status at that point. So I tried to approach the problem from this perspective
Problem-solving approach: I tried first by adding print statements around where the user gets authenticated and logged in, within the login() route. This was the resulting logs in my terminal:
- 127.0.0.1 - - [26/Dec/2023 16:42:44] "GET / HTTP/1.1" 200 -
- 127.0.0.1 - - [26/Dec/2023 16:42:44] "GET /static/custom.css HTTP/1.1" 304 -
- 127.0.0.1 - - [26/Dec/2023 16:42:46] "GET /login HTTP/1.1" 200 -
- 127.0.0.1 - - [26/Dec/2023 16:42:47] "GET /static/custom.css HTTP/1.1" 304 -
- This is user before authenication: <flask_login.mixins.AnonymousUserMixin object at 0x7ff82018f2e0>
- This is user after authenication: Educator object
- 127.0.0.1 - - [26/Dec/2023 16:42:51] "POST /login HTTP/1.1" 302 -
- 127.0.0.1 - - [26/Dec/2023 16:42:51] "GET /account HTTP/1.1" 302 -
- 127.0.0.1 - - [26/Dec/2023 16:42:51] "GET /login?next=%2Faccount HTTP/1.1" 200 -
- 127.0.0.1 - - [26/Dec/2023 16:42:52] "GET /static/custom.css HTTP/1.1" 304 -
From what I understand, the user is actually getting logged in and authenticated. The redirection tries to occur, but doesnt, which leads me to believe that I might be missing something in my configuration or the logic of inheritance used in model.py messes up MongoDB.
Configuration files: I have an init.py where I create LoginManager() object. In another file called model.py, I set my load_user(). In config,py, which I will not be posting here, I do have a secret key initialized, using os.secrets from python. And finally, my routes.py, which contains all the routes.
init.py
#3rd party packagesfrom flask import Flask, render_template, request, redirect, url_forfrom flask_mongoengine import MongoEnginefrom flask_bcrypt import Bcryptfrom flask_login import LoginManager, current_user# local -- created objectsfrom .client import SchoolClient#--------------- CONFIGURING IMPORTANT FLASK EXTENSIONS ------------------------db = MongoEngine() # Creating database object to interact with MongoDBlogin_manager = LoginManager() # manages user's sessions,settings for logging inbcrypt = Bcrypt() # for password hashing.school_client = SchoolClient()# ------------------ importing blueprints to be used --------------from .content.routes import contentfrom .users.routes import users# custom 404def custom_404(e): return render_template("404.html"), 404# Tododef create_app(test_config=None): app = Flask(__name__) # storing the configuration of out Flask app. app.config.from_pyfile("config.py", silent=False) # this simply checks if I set up configuration for testing if test_config is not None: app.config.update(test_config) # initializes the created app based on what is needed db.init_app(app) login_manager.init_app(app) bcrypt.init_app(app) # registering the blueprint to the created app and creating a custom error page app.register_blueprint(users) app.register_blueprint(content) app.register_error_handler(404, custom_404) login_manager.login_view = "users.login" return appmodel.py
from flask_login import UserMixin # good for user authenticationfrom . import db, login_managerfrom .utils import curr_datetime# ------------------------------USER MANAGEMENT---------------------------------# This function, decorated with @login_manager.user_loader, is used to load a user from the database. It uses the argument, educator_id to find the specific educator that might exist in the database, and returns the first occurrence of the educator with such username.@login_manager.user_loaderdef load_user(user_id): return User.objects(username = user_id).first()class User(db.Document, UserMixin): # necessary, so MongoEngine can tell this class will be inherited. Found on stack overflow. This seems to be set to False by default meta = {'allow_inheritance': True} # Common field for all subclasses to be inherited. firstname = db.StringField(required=True, min_length=2, max_length=40) lastname = db.StringField(required=True, min_length=2, max_length=40) username = db.StringField(required=True, unique=True, min_length=2, max_length=40) email = db.EmailField(required=True, unique=True) password = db.StringField(required=True, min_length=12) # length of 12 profile_pic = db.ImageField() bio = db.StringField() # returns the user's first name and last name using current states def fullname(self): return f"{self.firstname} {self.lastname}" # helps user to update bio in real time def set_bio(self, bio_msg): self.bio = bio_msg self.save() # saves to databse?? def set_profile_pic(self, profile_pic): self.profile_pic = profile_pic self.save()# This class describes the user model and what each user (Educator's) state and characteristics should haveclass Educator(User): institution = db.StringField(required=True) role = db.StringField("Educator") # Get the corresponding place that they teach def get_institution(self): return self.institution def get_role(self): return self.role# represents student classclass Student(User): college = db.StringField(required=True) role = db.StringField("Student") def get_institution(self): return self.college def get_role(self): return self.roleroutes.py
# flask extensions and extra librariesfrom flask import Blueprint, redirect, url_for, render_template, request, flashfrom flask_login import current_user, login_required, login_user, logout_userfrom .. import bcryptfrom io import BytesIOfrom base64 import b64encodefrom werkzeug.utils import secure_filenamefrom base64 import b64encode# # local importsfrom ..models import User, Student, InformalEducator, Educatorfrom ..forms import RegistrationForm, LoginForm, UpdateUsernameForm, UpdateProfilePicFormusers = Blueprint("users", __name__)# ======================== USER MANAGEMENT VIEWS ==========================# This function helps users to register for a new account on the website. This could either be a Student, Teacher or informal educator, as stated in models.py@users.route("/register", methods=["GET", "POST"])def register(): if current_user.is_authenticated: return redirect(url_for('content.index')) #TODO # creates an instance of the form that is needed to register form = RegistrationForm() if request.method == 'POST': if form.validate_on_submit(): # hashes the user's password after user types it in hashed_pwd = bcrypt.generate_password_hash(form.password.data).decode('utf-8') # user = User(firstname=form.firstname.data, lastname=form.lastname.data, username=form.username.data, email=form.email.data, password=hashed_pwd) # Deciding what instance of user to create based on what user # indicates what role is if form.role.data == 'Educator': user = Educator( firstname=form.firstname.data, lastname=form.lastname.data, username=form.username.data, email=form.email.data, password=hashed_pwd, institution=form.institution.data ) elif form.role.data == 'Student': user = Student( firstname=form.firstname.data, lastname=form.lastname.data, username=form.username.data, email=form.email.data, password=hashed_pwd, institution=form.institution.data ) else: user = InformalEducator( firstname=form.firstname.data, lastname=form.lastname.data, username=form.username.data, email=form.email.data, password=hashed_pwd, institution=form.institution.data ) user.save() flash('Your account has been created! You are now able to log in', 'success') # after logging the user in, we redirect them to login return redirect(url_for('users.login')) return render_template('register.html', title = 'Register', form=form)@users.route('/login', methods=['GET', 'POST'])def login(): if current_user.is_authenticated: # redirect authenticated users return redirect(url_for('content.index')) form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): # Check if user exists and the password is correct user = User.objects(username = form.username.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): print("This is user before authenication:", current_user) login_user(user) print("This is user after authenication:", current_user) return redirect(url_for('users.account')) else: # If user is not authenticated, flash a message flash("Login Failed. Account might not exist or password might be wrong!") return render_template('login.html', title='Login', form=form)@users.route('/logout')@login_requireddef logout(): logout_user() flash('You have been logged out.', 'info') return redirect(url_for('content.index')) @users.route("/account", methods=["GET", "POST"])@login_requireddef account(): propic_update = UpdateProfilePicForm() username_update = UpdateUsernameForm() propic = None if request.method == "POST": # username update if username_update.validate(): current_user.modify(username = username_update.username.data) current_user.save() flash('Your username has been updated.', 'success') return redirect(url_for('users.account')) # profile picture update if propic_update.validate(): image = propic_update.picture.data filename = secure_filename(image.filename) content_type = f'images/{filename[-3:]}' if current_user.profile_pic.get() is None: # user doesn't have a profile picture => add one current_user.profile_pic.put(image.stream, content_type=content_type) else: # user has a profile picture => replace it current_user.profile_pic.replace(image.stream, content_type=content_type) current_user.save() flash('Your profile picture has been updated.', 'success') return redirect(url_for('users.account')) # get's the current user's profile picture if it exists if current_user.profile_pic: propic_bytes = BytesIO(current_user.profile_pic.read()) propic = b64encode(propic_bytes.getvalue()).decode() else: propic = None return render_template('account.html', image = propic, update_username_form = username_update, update_profile_picture_form=propic_update )