How do I pass username:password in front of domain in url, flask

huangapple go评论68阅读模式
英文:

How do I pass username:password in front of domain in url, flask

问题

我目前正在构建一个应用程序,并且需要能够利用这样的事实:

https://username:password@domain.tld/page

你可以使用这个来登录页面,但是当我尝试找出在我的请求中何处传递这些数据到 Flask 来创建新路由时,我失败了。我知道我可以用其他方式做到这一点,但这个选项对我来说有一些优势。

我非常清楚这样做存在严重的安全隐患,将其用于登录是一个非常糟糕的主意,我不会用它来处理用户登录,而是其他数据。

如果有人能指导我如何从请求中获取这些信息,那将非常棒,再次感谢。

英文:

I am currently in the process of building an application, and I need to be able to make use of the fact that if you have a url like this:

https://username:password@domain.tld/page

you can use that to login on the page, however when trying to figure out where in my request that data gets passed to flask when making a new route, I am failing. I know that I can do this in other ways, however this option has some advantages for me.

I am very aware that there are serious security implications with this, and that using this for logging in is a very bad idea, and I am not going to use it to handle user logins, but rather other data.

If anyone can point me in a direction of how to get this information from a the request that would be lovely, thanks again.

答案1

得分: 2

以下是翻译好的部分:

用户名和密码可以在request对象的authorization属性中找到。给定类似以下的代码:

from flask import Flask, request

app = Flask(__name__)

@app.route('/')
def index():
    if request.authorization:
        auth = request.authorization
        return auth.parameters
    else:
        return 'Not authenticated'

像这样的请求:

curl http://alice:example@localhost:5000/

将导致以下结果:

{"password":"example","username":"alice"}

而没有授权的请求,像这样:

curl localhost:5000

将导致以下结果:

Not authenticated
英文:

The username and password are available on the authorization attribute of the request object. Given code like this:

from flask import Flask, request

app = Flask(__name__)

@app.route('/')
def index():
    if request.authorization:
        auth = request.authorization
        return auth.parameters
    else:
        return 'Not authenticated'

A request like:

curl http://alice:example@localhost:5000/

Will result in:

{"password":"example","username":"alice"}

While a request without authorization, like this:

curl localhost:5000

Will result in:

Not authenticated

huangapple
  • 本文由 发表于 2023年6月1日 01:50:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76376121.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定