Protecting pages is the primary objective of authentication. We can leverage some very useful functions from Flask-Login to ensure our different pages or routes are protected.
One of the key pieces of code that we previously added is the LoginManager
object that we initialized with our instance of the Flask application. LoginManagers
have a method user_loader
that needs to be defined in order to load and verify a user from our database.
@login_manager.user_loader def load_user(id): return User.query.get(int(id))
- this method retrieves our
User
with an id valueid
from our database - without this function, we won’t be able to verify users on our protected routes!
Next we need to import the login_required
function from flask_login
at the top of our file:
from flask_login import login_required
We can now add the @login_required
function as a decorator to different routes to make logging in necessary.
@app.route('/home') @login_required def home(): return render_template('logged_in.html')
The @login_required
decorator will force the user to login before being able to view the page
Instructions
Import the login_required
function from flask_login
.
Add the @login_required
decorator to the home endpoint so that it is only accessible when logged in.