Password Protect one web page in Flask app

Question

Password Protect one web page in Flask app

I am running a Flask web app and using Apache Basic Authentication (with .htaccess and .htpasswd files) to secure it. I want the password to protect only one web page in the application. When I protect the password of the html file for the webpage, the effect has no effect and the webpage is still not password protected. Could it be because it is my python file that is calling the html file using render_template? I am not sure how to solve this problem.

+3

python flask apache .htaccess basic-authentication

accelke Apr 19 15 at 2:44

source to share

1 answer

dirn · Answer 1 · 2015-04-19T03:48:11+0000

You need to restrict access to your endpoint. This snippet should start working on the right track.

from functools import wraps
from flask import request, Response


def check_auth(username, password):
    """This function is called to check if a username /
    password combination is valid.
    """
    return username == 'admin' and password == 'secret'

def authenticate():
    """Sends a 401 response that enables basic auth"""
    return Response(
    'Could not verify your access level for that URL.\n'
    'You have to login with proper credentials', 401,
    {'WWW-Authenticate': 'Basic realm="Login Required"'})

def requires_auth(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        auth = request.authorization
        if not auth or not check_auth(auth.username, auth.password):
            return authenticate()
        return f(*args, **kwargs)
    return decorated

With this, you can decorate any endpoint you want to constrain with @requires_auth

.

@app.route('/secret-page')
@requires_auth
def secret_page():
    return render_template('secret_page.html')

Password Protect one web page in Flask app

More articles: