--- /tmp/flask-login-0.5.0-15pgukhj4/debian/python-flask-login-doc_0.5.0-1_all.deb
+++ python-flask-login-doc_0.5.0-1_all.deb
├── file list
│ @@ -1,3 +1,3 @@
│ -rw-r--r-- 0 0 0 4 2020-04-01 22:16:53.000000 debian-binary
│ -rw-r--r-- 0 0 0 1448 2020-04-01 22:16:53.000000 control.tar.xz
│ --rw-r--r-- 0 0 0 50312 2020-04-01 22:16:53.000000 data.tar.xz
│ +-rw-r--r-- 0 0 0 50304 2020-04-01 22:16:53.000000 data.tar.xz
├── control.tar.xz
│ ├── control.tar
│ │ ├── ./md5sums
│ │ │ ├── ./md5sums
│ │ │ │┄ Files differ
├── data.tar.xz
│ ├── data.tar
│ │ ├── file list
│ │ │ @@ -26,15 +26,15 @@
│ │ │ -rw-r--r-- 0 root (0) root (0) 286 2019-03-09 14:07:37.000000 ./usr/share/doc/python-flask-login-doc/html/_static/file.png
│ │ │ -rw-r--r-- 0 root (0) root (0) 4407 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/_static/flasky.css
│ │ │ -rw-r--r-- 0 root (0) root (0) 10847 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/_static/language_data.js
│ │ │ -rw-r--r-- 0 root (0) root (0) 90 2019-03-09 14:07:37.000000 ./usr/share/doc/python-flask-login-doc/html/_static/minus.png
│ │ │ -rw-r--r-- 0 root (0) root (0) 90 2019-03-09 14:07:37.000000 ./usr/share/doc/python-flask-login-doc/html/_static/plus.png
│ │ │ -rw-r--r-- 0 root (0) root (0) 4798 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/_static/pygments.css
│ │ │ -rw-r--r-- 0 root (0) root (0) 7300 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/genindex.html
│ │ │ --rw-r--r-- 0 root (0) root (0) 91296 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/index.html
│ │ │ +-rw-r--r-- 0 root (0) root (0) 91324 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/index.html
│ │ │ -rw-r--r-- 0 root (0) root (0) 518 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/objects.inv
│ │ │ -rw-r--r-- 0 root (0) root (0) 1969 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/py-modindex.html
│ │ │ -rw-r--r-- 0 root (0) root (0) 2371 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/search.html
│ │ │ -rw-r--r-- 0 root (0) root (0) 7115 2020-04-01 22:16:53.000000 ./usr/share/doc/python-flask-login-doc/html/searchindex.js
│ │ │ drwxr-xr-x 0 root (0) root (0) 0 2020-04-01 22:16:53.000000 ./usr/share/doc/python3-flask-login/
│ │ │ drwxr-xr-x 0 root (0) root (0) 0 2020-04-01 22:16:53.000000 ./usr/share/doc-base/
│ │ │ -rw-r--r-- 0 root (0) root (0) 383 2020-04-01 22:16:53.000000 ./usr/share/doc-base/flask-login
│ │ ├── ./usr/share/doc/python-flask-login-doc/html/index.html
│ │ │ @@ -120,40 +120,40 @@
│ │ │ should take the unicode
ID of a user, and return the corresponding user
│ │ │ object. For example:
@login_manager.user_loader
│ │ │ def load_user(user_id):
│ │ │ return User.get(user_id)
│ │ │
It should return None
(not raise an exception) if the ID is not valid.
│ │ │ +
It should return None
(not raise an exception) if the ID is not valid.
│ │ │ (In that case, the ID will manually be removed from the session and processing
│ │ │ will continue.)
The class that you use to represent users needs to implement these properties │ │ │ and methods:
│ │ │is_authenticated
True
if the user is authenticated, i.e. they
│ │ │ +True
if the user is authenticated, i.e. they
│ │ │ have provided valid credentials. (Only authenticated users will fulfill
│ │ │ the criteria of login_required
.)is_active
True
if this is an active user - in addition
│ │ │ +True
if this is an active user - in addition
│ │ │ to being authenticated, they also have activated their account, not been
│ │ │ suspended, or any condition your application has for rejecting an account.
│ │ │ Inactive accounts may not log in (without being forced of course).is_anonymous
True
if this is an anonymous user. (Actual
│ │ │ -users should return False
instead.)True
if this is an anonymous user. (Actual
│ │ │ +users should return False
instead.)get_id()
unicode
that uniquely identifies this user,
│ │ │ and can be used to load the user from the user_loader
│ │ │ callback. Note that this must be a unicode
- if the ID is natively
│ │ │ -an int
or some other type, you will need to convert it to unicode
.int
or some other type, you will need to convert it to unicode
.
│ │ │ To make implementing a user class easier, you can inherit from UserMixin
,
│ │ │ which provides default implementations for all of these properties and methods.
│ │ │ (It’s not required, though.)
Warning: You MUST validate the value of the next
parameter. If you do not,
│ │ │ +
Warning: You MUST validate the value of the next
parameter. If you do not,
│ │ │ your application will be vulnerable to open redirects. For an example
│ │ │ implementation of is_safe_url
see this Flask Snippet.
It’s that simple. You can then access the logged-in user with the
│ │ │ current_user
proxy, which is available in every template:
{% if current_user.is_authenticated %}
│ │ │ Hi {{ current_user.name }}!
│ │ │ {% endif %}
│ │ │ @@ -229,15 +229,15 @@
│ │ │
To customize the message category, set LoginManager.login_message_category
:
login_manager.login_message_category = "info"
│ │ │
When the log in view is redirected to, it will have a next
variable in the
│ │ │ query string, which is the page that the user was trying to access. Alternatively,
│ │ │ -if USE_SESSION_FOR_NEXT
is True
, the page is stored in the session under the
│ │ │ +if USE_SESSION_FOR_NEXT
is True
, the page is stored in the session under the
│ │ │ key next
.
If you would like to customize the process further, decorate a function with
│ │ │ LoginManager.unauthorized_handler
:
@login_manager.unauthorized_handler
│ │ │ def unauthorized():
│ │ │ # do stuff
│ │ │ return a_response
│ │ │ @@ -307,17 +307,17 @@
│ │ │
By default, when a user is not actually logged in, current_user
is set to
│ │ │ an AnonymousUserMixin
object. It has the following properties and methods:
is_active
and is_authenticated
are False
is_anonymous
is True
get_id()
returns None
is_active
and is_authenticated
are False
is_anonymous
is True
get_id()
returns None
If you have custom requirements for anonymous users (for example, they need
│ │ │ to have a permissions field), you can provide a callable (either a class or
│ │ │ factory function) that creates anonymous users to the LoginManager
with:
login_manager.anonymous_user = MyAnonymousUser
│ │ │
REMEMBER_COOKIE_NAME
remember_token
REMEMBER_COOKIE_DURATION
datetime.timedelta
object or integer seconds.
│ │ │ +a datetime.timedelta
object or integer seconds.
│ │ │ Default: 365 days (1 non-leap Gregorian year)REMEMBER_COOKIE_DOMAIN
.example.com
│ │ │ would allow the cookie to be used on all
│ │ │ subdomains of example.com
).
│ │ │ -Default: None
None
│ │ │ REMEMBER_COOKIE_PATH
/
REMEMBER_COOKIE_SECURE
None
None
│ │ │ REMEMBER_COOKIE_HTTPONLY
False
False
│ │ │ REMEMBER_COOKIE_REFRESH_EACH_REQUEST
True
the cookie is refreshed on every
│ │ │ +True
the cookie is refreshed on every
│ │ │ request, which bumps the lifetime. Works like
│ │ │ -Flask’s SESSION_REFRESH_EACH_REQUEST
.
│ │ │ -Default: False
SESSION_REFRESH_EACH_REQUEST
.
│ │ │ +Default: False
│ │ │ While the features above help secure your “Remember Me” token from cookie │ │ │ @@ -455,15 +455,15 @@ │ │ │
Or, to disable it:
│ │ │login_manager.session_protection = None
│ │ │
By default, it is activated in "basic"
mode. It can be disabled in the
│ │ │ -app’s configuration by setting the SESSION_PROTECTION
setting to None
,
│ │ │ +app’s configuration by setting the SESSION_PROTECTION
setting to None
,
│ │ │ "basic"
, or "strong"
.
When session protection is active, each request, it generates an identifier │ │ │ for the user’s computer (basically, a secure hash of the IP address and user │ │ │ agent). If the session does not have an associated identifier, the one │ │ │ generated will be stored. If it has an identifier, and it matches the one │ │ │ generated, then the request is OK.
│ │ │If the identifiers do not match in basic
mode, or when the session is
│ │ │ @@ -503,22 +503,22 @@
│ │ │ using your header_loader
.
To make it easier for you to write automated tests, Flask-Login provides a
│ │ │ custom test client class that will set the user’s login cookie for you.
│ │ │ To use this custom test client class, assign it to the
│ │ │ -test_client_class
attribute
│ │ │ +test_client_class
attribute
│ │ │ on your application object, like this:
from flask_login import FlaskLoginClient
│ │ │
│ │ │ app.test_client_class = FlaskLoginClient
│ │ │
Next, use the app.test_client()
method
│ │ │ +
Next, use the app.test_client()
method
│ │ │ to make a test client, as you normally do. However, now you can pass a
│ │ │ user object to this method, and your client will be automatically
│ │ │ logged in with this user!
def test_simple(self):
│ │ │ user = User.query.get(1)
│ │ │ with app.test_client(user=user) as client:
│ │ │ # this request has user 1 already logged in!
│ │ │ @@ -625,15 +625,15 @@
│ │ │
header_loader
(callback)[source]¶This function has been deprecated. Please use
│ │ │ LoginManager.request_loader()
instead.
This sets the callback for loading a user from a header value.
│ │ │ The function you set should take an authentication token and
│ │ │ -return a user object, or None
if the user does not exist.
None
if the user does not exist.
│ │ │ Parameters: | callback (callable) – The callback for retrieving a user object. | │ │ │
---|
Parameters: |
|
│ │ │
---|
if not current_user.is_authenticated:
│ │ │ return current_app.login_manager.unauthorized()
│ │ │
…which is essentially the code that this function adds to your views.
│ │ │It can be convenient to globally turn off authentication when unit testing.
│ │ │ To enable this, if the application configuration variable LOGIN_DISABLED
│ │ │ -is set to True
, this decorator will be ignored.
True
, this decorator will be ignored.
│ │ │ Note
│ │ │Per W3 guidelines for CORS preflight requests,
│ │ │ HTTP OPTIONS
requests are exempt from login checks.
Parameters: |
|
│ │ │
---|