search

corydolphin / flask-cors

Cross Origin Resource Sharing ( CORS ) support for Flask
https://flask-cors.corydolphin.com/
MIT License
877 stars 137 forks source link

flask-cors authenticated requests with current_user #220

Closed jodiwaljay closed 6 years ago

jodiwaljay commented 6 years ago

I have added after creating flask app instance CORS(app, supports_credentials=True)

for login and checking authentication I am using

@app.route('/check_auth', methods=['GET'])
def check_auth():
    if current_user.is_authenticated:
        return success({ "message": 'Logged in', "user": current_user.obj_to_dict() })
    return error('Not logged in', status_code=403)

@app.route('/login', methods=['POST'])
def login():
    """Login Form"""
    username = request.json['username']
    password = request.json['password']
    data = User.query.filter_by(username=username).first()
    if data and bcrypt.check_password_hash(data.password, password.encode('utf-8')):
        login_user(data)
        dataDict = data.obj_to_dict(skip_columns=['password'])
        return success({ "message": 'successful', "data": dataDict })
    else:
        return error('Wrong username or password', status_code=403)

current_user.is_authenticated results false. But works perfectly fine in postman. Also if I remove CORS and try current_user.is_authenticated it works. So I'm sure issue is related with CORS.

Many similar issues are already present. Looking through them suggests that session problem is solved by using supports_credentials=True but current_user returns anonymous for me even after setting this argument

jodiwaljay commented 6 years ago

I figured out the issue. I had to send withCredentials: true with xhr request to make sure frontend client sends session with the requests. Probably you should include that somewhere in the documentation. This silly thing ate up my lovely sunday morning. took help from http://reputablejournal.com/adventures-with-flask-cors.html#.Wu7BOnWuw8o

corydolphin commented 6 years ago

Ahh, sorry to hear you had trouble!

Is there any chance you have the time to make a pull request to add the information you’d like to see? I’d really appreciate the help!

Thanks, Cory

On Sun, May 6, 2018 at 12:55 AM Jay Jodiwal notifications@github.com wrote:

Reopened #220 https://github.com/corydolphin/flask-cors/issues/220.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/corydolphin/flask-cors/issues/220#event-1611582738, or mute the thread https://github.com/notifications/unsubscribe-auth/AAbRqfzH6CaoTWx-eAgGheN-N067bSzeks5tvqxmgaJpZM4Tz6_S .

-- @CoryDolphin https://twitter.com/CoryDolphin 339-440-3020 <javascript:void(0);>

jodiwaljay commented 6 years ago

Sure. I'll be glad to do that. By adding the info you mean in readme, right ? Also, I am closing the issue. Just wanted to bring this into attention

Edit I have made a PR for that. https://github.com/corydolphin/flask-cors/pull/221