DEVHIDE
Login Or Sign up

Users granted entry through flask_login

157 Views Asked by At

I have a problem with my website which is built using python, flask, gunicorn + supervisorctl, nginx stack.

The problem is: if I am logged on as a user (say admin for e.g.) after restarting my website through "sudo supervisorctl reload' after making some updates to it, any user who attempts to login afterwards becomes logged in as admin even if they enter a random username and password combination. Obviously this is very alarming.

I'm currently using the flask_login plugin to handle the login but I suspect is something to do with flask sessions and how it interacts.

My login code is below

from flask import render_template, flash, redirect, url_for, request, current_app, session
from flask_login import current_user, login_user, logout_user, login_required

@bp.route('/login', methods = ['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        return redirect(url_for('main.user'))
    form=LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username = form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            return redirect(url_for('auth.login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('main.user')
        return redirect(next_page)
    return render_template('auth/login.html', title=_('登录'), form=form)

I also use flask session to identify the current language and mange translations

in main routing:

@bp.before_app_request  ####Michael: becareful of these
def before_request():
    if current_user.is_authenticated:
        current_user.last_seen = datetime.utcnow()
        db.session.commit()


@bp.context_processor
def inject_conf_var():
    return dict(CURRENT_LANGUAGE=session.get('language', 
request.accept_languages.best_match(current_app.config['LANGUAGES'])))

and in my init

@babel.localeselector
def get_locale():
    # if the user has set up the language manually it will be stored in the session,
    # so we use the locale from the user settings
    try:
        language = session['language']
        print(session['language'])
    except KeyError:
        language = None
    if language is not None:
        return language
    return 
request.accept_languages.best_match(current_app.config['LANGUAGES'])

I'm not really sure where to start identifying what the problem is, its a bit beyond me at the moment. Closest thing i saw was this:

Users appear to be logged in as another user

but the same thing seems to happen across computers in my case so not really a VPN issue, I'm not sure if the same solution would work.

Grateful for any help!

authentication flask-login flask-session
Original Q&A
0

There are 0 best solutions below

Related Questions in AUTHENTICATION

Related Questions in FLASK-LOGIN

Related Questions in FLASK-SESSION

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.