Create a gist now

Instantly share code, notes, and snippets.

@senaps /fab.py Secret
Created May 1, 2017

What would you like to do?
flask-apbuilder hack
###### Client side Flask
# to import in client! :)
import requests
import json
r = requests.session()
# making the session and login :
s = r.post('http://0.0.0.0:8080/loginapi/', json={"username": "senaps", "password": "12345"})
if s:
#return s.text
return redirect(url_for('data'))
else:
return 'hum!'
except:
return 'something wrong code_level!'
# to get other url's from our site:
s = r.get('http://0.0.0.0:8080/home/index')
return s.text
##### Flask appbuilder Source
# flask login source is : /env/local/lib/python2.7/site-packages/flask_appbuilder/security/view.py
#to class AuthView(BaseView):
@expose('/logoutapi/')
def logoutapi(self):
logout_user()
return jsonify({"result": "logged of succesfully"})
#to class AuthDBView(AuthView):
@expose('/loginapi/', methods=['POST'])
def loginapi(self):
username = request.json['username']
password = request.json['password']
user = self.appbuilder.sm.auth_user_db(username, password)
if not user:
return jsonify({"result": "wrong credintials"})
login_user(user, remember=False)
return jsonify({"result": "You are logged in!"})
###### Flask appbuilder protected view:
# on a custom class just with @has_access
class MyView(BaseView):
route_base = "/home"
@expose('/index')
@has_access
def index(self):
return jsonify({'output': 'ok!'})
#return "hello world!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment