Now we will perform the following tasks:
- Configure the Flask-HTTPAuth extension to work with our User model to verify passwords and set the authenticated user associated with a request.
- Declare a custom function that the Flask-HTTPAuth extension will use as a callback to verify a password.
- Create a new base class for our resources that will require authentication.
Open the views.py file within the service folder and add the following code after the last line that uses the import statement and before the lines that declare the Blueprint instance named service_blueprint. The code file for the sample is included in the restful_python_2_03_02 folder, in the Flask01/service/views.py file:
from flask_httpauth import HTTPBasicAuth from flask import g from models import User, UserSchema auth = HTTPBasicAuth() @auth.verify_password def verify_user_password(name, password): user = User.query.filter_by(name=name).first() if not user or not user.verify_password(password): return False g.user = user return True class AuthenticationRequiredResource(Resource): method_decorators = [auth.login_required] user_schema = UserSchema()
First, we create an instance of the flask_httpauth.HTTPBasicAuth class named auth. Then, we declare the verify_user_password function that receives two arguments: name and password. The function uses the @auth.verify_password decorator to make this function become the callback that Flask-HTTPAuth will use to verify the password for a specific user. The function retrieves the user whose name matches the name specified in the name argument and saves its reference in the user variable. If a user is found, the code checks the results of the user.verify_password method with the received password as an argument.
If either a user isn't found or the call to user.verify_password returns False, the function returns False and the authentication will fail. If the call to user.verify_password returns True, the function stores the authenticated User instance in the user attribute for the flask.g object.
Then, we declared the AuthenticationRequiredResource class as a subclass of flask_restful.Resource. We just specified auth.login_required as one of the members of the list that we assign to the method_decorators property inherited from the base class. This way, all the methods declared in a resource that uses the new AuthenticationRequiredResource class as its superclass will have the auth.login_required decorator applied to them, and therefore, any method that is called for the resource will require authentication.
Finally, the last line creates an instance of the UserSchema class and saves it in the user_schema variable.
Now we will replace the base class for the existing resource classes to make them inherit from AuthenticationRequiredResource instead of Resource. We want any of the requests that retrieve or modify categories and messages to be authenticated.
The following lines show the current declarations for the four resource classes:
class NotificationResource(Resource): class NotificationListResource(Resource): class NotificationCategoryResource(Resource): class NotificationCategoryListResource(Resource):
Open the views.py file within the service folder and replace Resource with AuthenticationRequiredResource in the previously shown four lines that declare the resource classes. The following lines show the new code for each resource class declaration. The code file for the sample is included in the restful_python_2_03_02 folder, in the Flask01/service/views.py file:
class NotificationResource(AuthenticationRequiredResource): class NotificationListResource(AuthenticationRequiredResource): class NotificationCategoryResource(AuthenticationRequiredResource): class NotificationCategoryListResource(AuthenticationRequiredResource):