Authentication and authorization
For basic user authentication, we will use Flask's httpauth
extension, written by Miguel Grinberg, as well as the password functions in Werkzeug. The httpauth
extension should have been installed as part of the requirements.txt
installation at the beginning of this chapter. The new file illustrating the security feature is named chapter9_9.py
. In the script, we will start with a few more module imports:
from werkzeug.security import generate_password_hash, check_password_hash
from flask_httpauth import HTTPBasicAuth
We will create an HTTPBasicAuth
object as well as the user database
object. Note that, during the user creation process, we will pass the password value; however, we are only storing password_hash
instead of the cleartext password
itself:
auth = HTTPBasicAuth()
<skip>
class User(db.Model):
__tablename__ = 'users'
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db...