Optional use of @auth.login_required

miguelgrinberg / Flask-HTTPAuth

Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

MIT License

1.27k stars 228 forks source link

Optional use of @auth.login_required #149

Closed sicenul closed 2 years ago

sicenul commented 2 years ago

Hello, is it possible to configure the use of @auth.login_required, so I can switch on/off the auth using a configuration file only? The purpose is sometimes I need to open the endpoint for limited time. Maybe something like @auth.login_required(login = True) ?

If possible, please show me how. Thank you.

miguelgrinberg commented 2 years ago

You can bypass authentication in your verify_password callback. For example:

@auth.verify_password
def verify_password(username, password):
    if app.config['DISABLE_AUTH']:
        return True
    if username in users and check_password_hash(users.get(username), password):
        return username

sicenul commented 2 years ago

Great, thanks