def request_loader(request):
email = request.form.get('email')
if not validate(email):
return
user = User(email)
# DO NOT ever store passwords in plaintext and always compare password
# hashes using constant-time comparison!
user.authenticate(request.form['password'])
return user
def login():
if flask.request.method == 'GET':
return flask.render_template("login.html")
if flask.request.method == 'POST':
print(flask.request.form)
email = flask.request.form['username']
user = User(email)
user.authenticate(flask.request.form['password'])
if user.is_authenticated():
flask_login.login_user(user)
return flask.redirect(flask.url_for('index'))
return 'Bad login'
def login():
data = request.get_json()
user = User.authenticate(email=data['email'], password=data['password'])
# 如果用户名或密码验证不通过,则直接返回错误信息
if not user:
return jsonify({'message': '用户名或密码错误'}), 401
# 如果用户名和密码验证通过,则生成token
token = jwt.encode({
'user': user.email,
'iat': datetime.utcnow(),
'exp': datetime.utcnow() + timedelta(minutes=30)
}, current_app.config['SECRET_KEY'])
return jsonify({'token': token.decode('utf-8')})
