search

infiniflow / ragflow

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding.
https://ragflow.io
Apache License 2.0
22.85k stars 2.24k forks source link

[Question]: Access interface of @login_required, always get unauthorized error 401 #2528

Open prettyprettyboy opened 1 month ago

prettyprettyboy commented 1 month ago

Describe your problem

访问带有@login_required的接口函数时,如http:/127.0.0.1/v1/user/logout,先用login函数接口登陆后,得到acess_token,再访问/logout接口,ret_msg仍然是Unauthorize401错误,该如何解决

JinHai-CN commented 1 month ago

We intend to create an international community, so we encourage using English for communication.

KevinHuSh commented 1 month ago

Check the authorization field in request headers.

prettyprettyboy commented 1 month ago 
import json
from login import encrypt
from flask_login import login_required, current_user, login_user, logout_user

base_url = 'http://127.0.0.1/v1/user/'

# 登录接口
login_url = base_url + 'login'

# 登出接口
logout_url = base_url + 'logout'

email = "test2@qq.com"
password = "123456"
encode_password = encrypt(password)
# 模拟用户登录的数据
login_data = {
    'email': email,
    'password': encode_password  # 注意:这里的密码应该是在客户端加密后发送的
}

# 发送登录请求
response = requests.post(login_url, json=login_data)

if response.status_code == 200:
    # 如果登录成功,从响应中获取access token或session信息
    response_data = response.json()
    data = response_data.get('data', {})
    access_token = data.get('access_token')
    headers = {
        'Authorization': f'Bearer {access_token}'
    }

    # 发送登出请求时带上认证头
    logout_response = requests.get(logout_url, headers=headers)

    print(f"Logout response status code: {logout_response.status_code}")
    print(f"Logout response content: {logout_response.json()}")

else:
    print("Login failed:", response.json())

返回{'data': None, 'retcode': 401, 'retmsg': "<Unauthorized '401: Unauthorized'>"}

prettyprettyboy commented 1 month ago

打印中间登录步骤,可以看到确实是登陆上了的

KevinHuSh commented 1 month ago

Could you try removing 'Bear'? You could checkout the network in web browser.

prettyprettyboy commented 1 month ago 
headers = {
    'Authorization': f'{access_token}'
}

修改成如上后还是401。但是我不带login_reqired的接口传入token之后都能访问。具体怎么在浏览器确认网络呢?

prettyprettyboy commented 1 month ago

如果是从UI界面上登录登出是完全没有问题的

KevinHuSh commented 1 month ago

I mean this one. image

prettyprettyboy commented 1 month ago

image 我发现这个request URL和API接口的URL都不是一个,API的是http://127.0.0.1/v1/user/login,他这个是 http://127.0.0.1/login。 而且我用UI界面注册的用户在API里面不能用,用API注册的用户在UI界面也不能用。