You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Flaks-Login appears to occasionally fail to do the login_required decorator properly, and allows running the view function when current_user is actually an AnonymousUserMixin object. This results in attribute errors where my code, expecting the user to be a logged in instance of the database model, continues blindly on under that assumption. I don't ever use anonymous users, and unauthenticated users should always be sent to the login page.
The problem doesn't happen consistently (as far as I can identify), and probably only affects about 1 in 1000 requests.
If your view needs an authenticated user, decorate it with LoginManager.login_required. If your view can be visited by unauthenticated users, your AnonymousUser class should extend the flask_login.AnonymousUserMixin and stub out methods/properties that are throwing exceptions.
Flaks-Login appears to occasionally fail to do the
login_required
decorator properly, and allows running the view function whencurrent_user
is actually anAnonymousUserMixin
object. This results in attribute errors where my code, expecting the user to be a logged in instance of the database model, continues blindly on under that assumption. I don't ever use anonymous users, and unauthenticated users should always be sent to the login page.The problem doesn't happen consistently (as far as I can identify), and probably only affects about 1 in 1000 requests.
My code is at https://github.com/KebleBall/KebleBall; I'm using Flask-Login v0.3.2.
The text was updated successfully, but these errors were encountered: