Successful flask login returns route: /NONE

1
votes

This flask app is properly prompting for username and password- but according to the log files, returning the route /NONE despite that issue, the session seems to be valid and other @login_required routes can be accessed. Any ideas as to what is going on would be appreciated.

Login Template: login.html

{% extends "bootstrap/base.html" %}
{% block content %}
<div class="container">
<div class="row">
    <form class="form-signin" action="/logmein" method="POST">
        <h2 class="form-signin-heading"> PCBevo Login</h2>
        <div class="col-2">
            <label for="username" class="sr-only">Username</label>
            <input type="text" id="username" class="form-control" placeholder="username" name="username" required autofocus>
        </div>
        <div class="col-3">
            <label for="inputPassword" class="sr-only">Password</label>
            <input type="password" id="inputPassword" class="form-control" placeholder="password" name="password" required>
        </div>
        <div class="col-4">
            <button class="btn btn-lg btn-primary btn-block" type="submit" value="Submit">Sign in</button>
        </div>
    </form>
</div>

</div> <!-- /container -->
{% endblock %}

Below is the SQLAlchemy User Model:

class User(UserMixin, db.Model):
    __tablename__ = "users"
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(254), unique=True)
    email = db.Column(db.String(50), unique=True)
    password = db.Column(db.String(80))
    groups = db.Column(db.String(80))

    def __init__(self, username, email, password, groups):
        self.username = username
        self.email = email
        self.password = password
        self.groups = groups if isinstance(groups, str) else      ','.join(groups)

    def __repr__(self):
        clsname = self.__class__.__name__
        return "{}({}) ".format(clsname, self.username)

    def is_developer(self):

        return isinstance(self.groups, str) and 'dev' in self.groups.split(',')

Selected attributes for app setup of login_manager and problem routes:

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'

@login_manager.user_loader
def load_user(user_id):
    return User.query.get(int(user_id))

@app.route('/login')
def login():
    session['next'] = request.args.get('next')
    return render_template('login.html')

@app.route('/logmein', methods=['POST'])
def logmein():
    username = request.form['username']
    password = request.form['password']
    user = User.query.filter_by(username=username).first()

    if not user:
        return '<h1>User not found!</h1>'

    stored_password = user.password
    if check_password_hash(stored_password, password):
       login_user(user)
        try:
            return redirect(session['next'])
        except KeyError:
            return '<h1>You are now logged in!</h1>'
    else:
       return '<h1>Wrong password!</h1>'
1
pythonflasklogin
check session['next'] before return redirect(session['next']). It can be empty. Especially if you will run /login instead of /login?next=some_urlfuras
@furas this hint enabled the joy I was seeking. Thank you!!! put this as answer and I will mark itTimothy Lombard

1 Answers

2
votes

Check session['next'] before return redirect(session['next']).

It can be empty if you will run /login instead of /login?next=some_url

because request.args.get('next') will return default value None

But you can use own default value ie. main page "/" 

request.args.get('next', "/" )