Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@yutamugiruru(mui)

Flask-loginでタイムアウト設定(記録)

Posted at

FlaskにてFlask-loginを使用してsessionのタイムアウト設定を行いました。
パスワードのハッシュ化、セッションのタイムアウト後にログイン画面に推移します。

###app.py

#import
from flask import Flask, session, app
from flask import render_template, request, redirect, url_for
from flask_sqlalchemy import SQLAlchemy
from flask_login import UserMixin, LoginManager, login_user, logout_user, login_required, current_user
from werkzeug.security import generate_password_hash, check_password_hash

#app
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///data.db'
app.config['SECRET_KEY'] = os.rundum
app.config['PERMANENT_SESSION_LIFETIME'] = timedalta(minutes=10)#session time(10分)
db.SQLAlchemy(app)

#flask-login
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login' #redirect login

#user table
class User(UserMixin,db.Model):
    __tablename__ = 'users'
    id = db.Column(db.Integer, primary_key=True)
    authority = db.Column(db.String(15), nullable=False)
    password = db.Column(db.String(15), nullable=False)

#login_manager
@login_manager.user_loader
def load_user(user_id):
    return User.query.get(int(user_id))

#signup
@app.route("/signup", methods=['GET','POST'])
@login_required
def signup():
    if request.method == 'POST':
        authority = request.form.get('authority')
        password = request.form.get('password')
        if authority == '':
            err_msg = "権限を入力してください"
            return render_template('auth/signup.html', err_msg = err_msg)
        elif password == '':
            err_msg = "パスワードを入力してください"
            return render_template('auth/signup.html', err_msg = err_msg)
        else:
            user = User(authority = authority, password = generate_password_hash(password, method='sha256')) #password hash
            db.session.add(user)
            db.session.commit()
            return render_template('auth/signup.html', authority = authority, password = password)
    else:
        return render_template('auth/signup.html')

#login
@app.route("/login",methods=['GET','POST'])
def login():
    session.permanent = True #make session permanent
    if request.method == 'POST':
        password = request.form.get('password')
        user1 = User.query.filter_by(authority = "host").one_or_name()
        user2 = User.query.filter_by(authority = "common").one_or_name()
        if check_password_hash(user1.password, password):
            login_user(user = user1)
            next = request.args.get('next')
            return redirect(next or url_for('search'))
        elif check_password_hash(user2.password, password):
            login_user(user = user2)
            next = request.args.get('next')
            return redirect(next or url_for('search'))
        else:
            err_msg = "パスワードがなし又は違います。"
            return render_template('auth/login.html', err_msg = err_msg)
    else:
        return render_template('auth/login.html')
0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?