13

My login endpoint looks like

@app.route('/login/', methods=['GET', 'POST']) def login(): if request.method == 'POST': print request.form # debug line, see data printed below user = User.get(request.form['uuid']) if user and hash_password(request.form['password']) == user._password: login_user(user, remember=True) # change remember as preference return redirect('/home/') else: return 'GET on login not supported'

When I test this using curl, the GET call looks like

⮀ ~PYTHONPATH ⮀ ⭠ 43± ⮀ curl http://127.0.0.1:5000/login/ GET on login not supported

but on POST, I am not able to access the form data and get HTTP 400

⮀ ~PYTHONPATH ⮀ ⭠ 43± ⮀ curl -d "{'uuid': 'admin', 'password': 'admin'}" http://127.0.0.1:5000/login/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>400 Bad Request</title> <h1>Bad Request</h1> <p>The browser (or proxy) sent a request that this server could not understand.</p>

On the server though, my debug information prints the following

ImmutableMultiDict([("{'uuid': 'admin', 'password': 'admin'}", u'')])

where I do print request.form. I am not able to understand where I am doing wrong

Improve this question
0

2 Answers 2

Reset to default
8

You are not using curl correctly. Try like this:

curl -d 'uuid=admin&password=admin'

The 400 Bad Request error is the usual behavior when you try to get nonexistent keys from request.form.

Alternatively, use request.json instead of request.form and call curl like this:

curl -d '{"uuid":"admin","password":"admin"}' -H "Content-Type: application/json"
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

6

You still need to return a response:

from flask import abort @app.route('/login/', methods=['GET', 'POST']) def login(): if request.method == 'POST': user = User.get(request.form['uuid']) if user and hash_password(request.form['password']) == user._password: login_user(user, remember=True) return redirect('/home/') else: return abort(401) # 401 Unauthorized else: return abort(405) # 405 Method Not Allowed

Here's the documentation for custom Flask error pages.

Also, take a look at Flask-Bcrypt for password hashing.

Your CURL command line isn't valid. JSON objects need to have double quotes around the keys and values:

$ curl -d '{"uuid": "admin", "password": "admin"}' http://127.0.0.1:5000/login/

Now, you can access the keys with request.json.

Improve this answer

7 Comments

Thanks @Blender, but the question is why I am not able to access uuid when I am sending the data form client?
@daydreamer: Flask sends that response only if you access a key that doesn't exist in the request.form object. Try using request.form.get('uuid', None).
As mentioned in my question, my request.form is ImmutableMultiDict([("{'uuid': 'admin', 'password': 'admin'}", u'')])
@daydreamer: I know. How are you sending this request?
like this curl -X POST -d '{uuid: "admin", "password": "admin"}' http://127.0.0.1:5000/login/
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.