We’ve all experienced a time when we thought we were logged into a site and tried to access a protected page. Some sites handle this better than others, by letting the user know that the requested page is only for authenticated users.
When our user tries to access protected pages without logging in or encounters an error upon login, its best we communicate this somehow to the user.
We can catch authorization issues by adding a new route or endpoint with the
@login_manager.unauthorized_handler def unauthorized(): # do stuff return "Sorry you must be logged in to view this page"
@login_manager.unauthorized_handlerdecorator ensures that any time there is an authorization issue, the
unauthorized()route is called
- the message in the
returnstatement is HTML that is served to non-authenticated users. We can replace this with a template that users who fail to login see.
@login_manager.unauthorized_handler decorator to handle access errors.