Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flask-cors authenticated requests with current_user #220

Closed
jodiwaljay opened this issue May 6, 2018 · 3 comments
Closed

flask-cors authenticated requests with current_user #220

jodiwaljay opened this issue May 6, 2018 · 3 comments

Comments

@jodiwaljay
Copy link
Contributor

jodiwaljay commented May 6, 2018
edited
Loading

I have added after creating flask app instance
CORS(app, supports_credentials=True)

for login and checking authentication I am using

@app.route('/check_auth', methods=['GET'])
def check_auth():
    if current_user.is_authenticated:
        return success({ "message": 'Logged in', "user": current_user.obj_to_dict() })
    return error('Not logged in', status_code=403)


@app.route('/login', methods=['POST'])
def login():
    """Login Form"""
    username = request.json['username']
    password = request.json['password']
    data = User.query.filter_by(username=username).first()
    if data and bcrypt.check_password_hash(data.password, password.encode('utf-8')):
        login_user(data)
        dataDict = data.obj_to_dict(skip_columns=['password'])
        return success({ "message": 'successful', "data": dataDict })
    else:
        return error('Wrong username or password', status_code=403)

current_user.is_authenticated results false. But works perfectly fine in postman. Also if I remove CORS and try current_user.is_authenticated it works. So I'm sure issue is related with CORS.

Many similar issues are already present. Looking through them suggests that session problem is solved by using supports_credentials=True but current_user returns anonymous for me even after setting this argument
@jodiwaljay
Copy link
Contributor Author

jodiwaljay commented May 6, 2018
edited
Loading

I figured out the issue. I had to send withCredentials: true with xhr request to make sure frontend client sends session with the requests. Probably you should include that somewhere in the documentation. This silly thing ate up my lovely sunday morning. took help from http://reputablejournal.com/adventures-with-flask-cors.html#.Wu7BOnWuw8o

@jodiwaljay jodiwaljay reopened this May 6, 2018
@corydolphin
Copy link
Owner

corydolphin commented May 7, 2018 via email

@jodiwaljay
Copy link
Contributor Author

jodiwaljay commented May 7, 2018
edited
Loading

Sure. I'll be glad to do that. By adding the info you mean in readme, right ?
Also, I am closing the issue. Just wanted to bring this into attention

Edit
I have made a PR for that.
#221

jodiwaljay added a commit to jodiwaljay/flask-cors that referenced this issue May 7, 2018
@jodiwaljay
Update Api docs
7340d92 
corydolphin#220
@jodiwaljay jodiwaljay mentioned this issue May 7, 2018
Merged
corydolphin pushed a commit that referenced this issue Aug 30, 2020
@jodiwaljay
Update Api docs for credentialed requests (#221)
91babb9 
#220
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@corydolphin @jodiwaljay