3

I am new to Flask and I need some help for my school work.

I am trying to build a simple ToDo list system using flask-restful.

My current code looks like this:

class ToDoList(Resource):
    '''TODO LIST'''
    operation = ['delete']
    decorators = [auth.login_required, advertise('operation')]
    def post(self):
        """remove all item in the TODO list"""
        operation = request.args.get('op')
        if operation == 'delete':
            collection2.delete_many({})
            return {'Success': 'OK'}, 200
        return {'Error':'Illegal Operation'}, 400
    def get(self):
        """return a list of the TODO name"""
        list_1 = collection2.find()
        list_2 = []
        for each in list_1:
            list_2.append(JSONEncoder().encode(each))
        return {'list':list_2}, 200

It works, but I want only the post method to require authentication, and get method without authentication so anyone can acquire the list without login. I am using the flask-restful I don't know how to give the decorators separately to each function.

Improve this question

2 Answers 2

Reset to default
5

I used flaskrestplus to do basic authentication. All the required authorizations are provided as an authorizations dictionary. Then they are passed to the API. Also the authorizations can be applied at the method level using 

@api.doc(security='basicAuth')

The validation logic (can be ldap validation or db validation) can be writted in a decorator called requires_Auth. This decorator is invoked using 

decorators = [requires_Auth]

Complete code 

from flask import Flask, request
from flask_restplus import Api, Resource
from functools import wraps

def requires_Auth(f):
    @wraps(f)
    def decorator(*args, **kwargs):
        auth = request.authorization
        if auth:
           print "inside decorator", auth.username,auth.password
            return f(*args, **kwargs)
        else:
            return "Login required!!!!",401
    return decorator


authorizations = {
    'basicAuth': {
        'type': 'basic',
        'in': 'header',
        'name': 'Authorization'
    }
}
api = Api(app, version='1.0', 
    authorizations=authorizations
)

ns = api.namespace('/', description='Authentication API')

@ns.route('/withDecorator')
class HelloWorldWithDecorator(Resource):
    decorators = [requires_Auth]
    @api.doc(security='basicAuth')
    def get(self):        
        return {'hello': 'world'}

api.add_namespace(ns)

if __name__ == '__main__':
    app.run(debug=True, host='0.0.0.0', port=5001)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

From Flask-RESTful documentation [1]:

Alternatively, you can specify a dictionary of iterables that map to HTTP methods and the decorators will only apply to matching requests.

def cache(f):
    @wraps(f)
    def cacher(*args, **kwargs):
        # caching stuff
    return cacher

class MyResource(restful.Resource):
     method_decorators = {'get': [cache]}

     def get(self, *args, **kwargs):
        return something_interesting(*args, **kwargs)

     def post(self, *args, **kwargs):
        return create_something(*args, **kwargs)

In your case it would be:

method_decorators = {'post': [auth.login_required]}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.