9

I decorated a method with login_required, but I am surprised that its not executing at all, allowing in anonymous users. Printing the current_user within the method returns this:

<flask_login.AnonymousUserMixin object at 0xb67dbd4c>

Is it not supposed to reject users which return false in user.is_autheticated()? What did I do wrong?

I have setup FL this way:

lm = LoginManager(app)
lm.login_view = 'root'

in views.py:

@lm.user_loader
def load_user(id):
    return User.query.get(int(id))

the actual view:

@login_required
@app.route("/messages")
def messages():
    print "current user", current_user
    return "hello world"
pigletfly
  • 1,051
  • 1
  • 16
  • 32
Jesvin Jose
  • 22,498
  • 32
  • 109
  • 202

2 Answers2

8

Serendipity gave me this:

When applying further decorators, always remember that the route() decorator is the outermost:

I wrote it the wrong way (route not the outermost).

PDB can execute your suspect method in debug mode, to inspect the local state.

Flask-Login is present in GitHub anyway and the source of login_required is simple enough to understand.

Jesvin Jose
  • 22,498
  • 32
  • 109
  • 202
6

Everything looks OK, which probably means the problem is somewhere else.

What is the configuration you are using? If LOGIN_DISABLED or TESTING is set to true, authentication is disabled.

If your configuration is fine, set a breakpoint inside login_required decorator and check why it lets anonymous user in.

Bartosz Marcinkowski
  • 6,651
  • 4
  • 39
  • 69