def request_loader(request): email = request.form.get('email') if not validate(email): return user = User(email) # DO NOT ever store passwords in plaintext and always compare password # hashes using constant-time comparison! user.authenticate(request.form['password']) return user
def login(): if flask.request.method == 'GET': return flask.render_template("login.html") if flask.request.method == 'POST': print(flask.request.form) email = flask.request.form['username'] user = User(email) user.authenticate(flask.request.form['password']) if user.is_authenticated(): flask_login.login_user(user) return flask.redirect(flask.url_for('index')) return 'Bad login'
def login(): data = request.get_json() user = User.authenticate(email=data['email'], password=data['password']) # 如果用户名或密码验证不通过,则直接返回错误信息 if not user: return jsonify({'message': '用户名或密码错误'}), 401 # 如果用户名和密码验证通过,则生成token token = jwt.encode({ 'user': user.email, 'iat': datetime.utcnow(), 'exp': datetime.utcnow() + timedelta(minutes=30) }, current_app.config['SECRET_KEY']) return jsonify({'token': token.decode('utf-8')})