Spurious and random "'flask_login.AnonymousUserMixin object' has no attribute" exceptions

[toastwaffle]

Flaks-Login appears to occasionally fail to do the login_required decorator properly, and allows running the view function when current_user is actually an AnonymousUserMixin object. This results in attribute errors where my code, expecting the user to be a logged in instance of the database model, continues blindly on under that assumption. I don't ever use anonymous users, and unauthenticated users should always be sent to the login page.

The problem doesn't happen consistently (as far as I can identify), and probably only affects about 1 in 1000 requests.

My code is at https://github.com/KebleBall/KebleBall; I'm using Flask-Login v0.3.2.

[alanhamlett]

If your view needs an authenticated user, decorate it with LoginManager.login_required. If your view can be visited by unauthenticated users, your AnonymousUser class should extend the flask_login.AnonymousUserMixin and stub out methods/properties that are throwing exceptions.

For example:

from myapp import app
from flask_login import LoginManager, AnonymousUserMixin

login_manager = LoginManager()
login_manager.setup_app(current_app)

class AnonymousUser(AnonymousUserMixin):

    @property
    def date_format(self):
        return 'YYYY-MM-DD'

    @property
    def has_premium_features(self):
        return False

login_manager.anonymous_user = AnonymousUser