Skip to Content
Introduction to Authentication with Flask
Logging in a User

Best practices for user authentication using Flask is to make it hard for someone to use a stolen credential.

To achieve this in Flask use the Flask’s Werkzeug library which has generate_password_hash method to generate a hash, and check_password_hash method to compare login input with the value returned from the check_password_hash method.

Our login code will check whether the value passed in is the same as the hardcoded user we are using to emulate a database.

We create a User class to represent a user. This object takes advantage of UserMixin (Mixins are prepackaged code of common code needs). In this case we use UserMixin because it allows us to take advantage of common user account functions without having to write it all ourselves from scratch.

The code below is the logic we use to log a user in if their password is correct.

@app.route('/', methods=['GET', 'POST']) def index(): if flask.request.method == 'GET': return ''' <p>Your credentials: username: TheCodeLearner password: !aehashf0qr324*&#W)*E! </p> <form action='/' method='POST'> <input type='text' name='email' id='email' placeholder='email'/> <input type='password' name='password' id='password' placeholder='password'/> <input type='submit' name='submit'/> </form> ''' email = "TheCodeLearner" if flask.request.form['password'] == "!aehashf0qr324*&#W)*E!": user = User(email="", username="TheCodeLearner",password="!aehashf0qr324*&#W)*E!") login_user(user) return render_template("logged_in.html", current_user=user ) return login_manager.unauthorized()



Write the code for the method we use to load the user in memory


Write the code so that the user is logged in when the password check succeeds.

Folder Icon

Sign up to start coding

Already have an account?