Hey all, I'm writing a webapp for internal use, and need to roll a basic administration system. I've been looking into using Flask-Login, but have a couple of questions that I haven't been able to figure out from the docs or the mailing list archives. What is the purpose of the is_authenticated() function? I'm trying to use SQLAlchemy as my backend for the user lists, and am running into some issues when attempting to implement the required functions. Is it meant more for verification, such as sending out emails to verify account creation? Or should my login function set this to true when successfully logged in, and the opposite for my logout function? I'm confused as setting authenticated to True doesn't prevent logout_user() from logging out the user (i.e. after logout, hitting any protected view redirects to the login page), while setting it to False prevents login_user() from logging in the user. Anthony Ford, KF5IBN, ford.anthonyj@gmail.com
On Nov 27, 2011, at 11:17 , Anthony Ford wrote: > Hey all, > > I'm writing a webapp for internal use, and need to roll a basic administration system. I've been looking into using Flask-Login, but have a couple of questions that I haven't been able to figure out from the docs or the mailing list archives. > > What is the purpose of the is_authenticated() function? I'm trying to use SQLAlchemy as my backend for the user lists, and am running into some issues when attempting to implement the required functions. Is it meant more for verification, such as sending out emails to verify account creation? Or should my login function set this to true when successfully logged in, and the opposite for my logout function? Mostly, is_authenticated is just a way for login_required to distinguish actual users from non-actual (i.e. anonymous) users. In most cases, it should always return True for any actual account in the database. You can think of it as "is_an_actual_user()". > I'm confused as setting authenticated to True doesn't prevent logout_user() from logging out the user (i.e. after logout, hitting any protected view redirects to the login page), while setting it to False prevents login_user() from logging in the user. When I designed how is_authenticated and is_active work with login and logout, I assumed that whatever user is logged in, you always want them logged out when you call login_user, whereas I assumed that if a user isn't "real" (so to speak) you shouldn't be able to log them in to begin with. > Anthony Ford, > KF5IBN, > ford.anthonyj@gmail.com Thanks, Matthew Frazier http://leafstorm.us/
Ah. Alrighty. That makes sense. Thanks for clearing that up. I'll set that up in my models. Thanks, Anthony Ford, KF5IBN, ford.anthonyj@gmail.com On Sun, Nov 27, 2011 at 10:32, Matthew Frazier <leafstormrush@gmail.com>wrote: > On Nov 27, 2011, at 11:17 , Anthony Ford wrote: > > > Hey all, > > > > I'm writing a webapp for internal use, and need to roll a basic > administration system. I've been looking into using Flask-Login, but have a > couple of questions that I haven't been able to figure out from the docs or > the mailing list archives. > > > > What is the purpose of the is_authenticated() function? I'm trying to > use SQLAlchemy as my backend for the user lists, and am running into some > issues when attempting to implement the required functions. Is it meant > more for verification, such as sending out emails to verify account > creation? Or should my login function set this to true when successfully > logged in, and the opposite for my logout function? > > Mostly, is_authenticated is just a way for login_required to distinguish > actual users from non-actual (i.e. anonymous) users. In most cases, it > should always return True for any actual account in the database. You can > think of it as "is_an_actual_user()". > > > I'm confused as setting authenticated to True doesn't prevent > logout_user() from logging out the user (i.e. after logout, hitting any > protected view redirects to the login page), while setting it to False > prevents login_user() from logging in the user. > > When I designed how is_authenticated and is_active work with login and > logout, I assumed that whatever user is logged in, you always want them > logged out when you call login_user, whereas I assumed that if a user isn't > "real" (so to speak) you shouldn't be able to log them in to begin with. > > > Anthony Ford, > > KF5IBN, > > ford.anthonyj@gmail.com > > Thanks, > Matthew Frazier > http://leafstorm.us/ > > >