Internal Redirect in Flask

grim picture grim · Sep 12, 2015 · Viewed 22.7k times · Source

In short:

By only using the Flask micro-framework (and its dependencies) can we perform an internal redirect from one route to another?

For example:

  1. User submits the registration form (both username and password) to @app.route('/register', methods=['POST'])
  2. If the registration is successful, Flask internally does an HTTP POST to @app.route('/login', methods['POST']) passing the username and password
  3. Process and log in the user

Details:

I am building a REST API using Flask and the Flask-JWT extension. More specifically I'm implementing the login and registration.

Login works perfectly and returns a JSON object with a token.

Following is my (login) authentication handler (i.e. /auth (POST request) - Default Flask-JWT authentication URL rule):

@jwt.authentication_handler
def authenticate(username, password):
    user = User.query.filter_by(username=username).first()
    if user and user.verify_password(password):
        return user
    return None

A successful login returns:

{
  "token": "<jwt-token>"
}

Following is my registration route:

@app.route('/register', methods=['PUT'])
def register():
    username = request.form.get('username')
    password = request.form.get('password')
    if username is None or password is None:
        abort(400)  # missing parameters

    user = User.query.filter_by(username=username).first()
    if user:
        abort(400)  # user exists
    else:
        user = User(user=user)
        user.hash_password(password)
        db.session.add(user)
        db.session.commit()

        # How do we generate a token?
        # Perform an internal redirect to the login route?

    return jsonify({'token': <jwt-token>}), 201

Answer

AlexLordThorsen picture AlexLordThorsen · Sep 12, 2015

You should use the Post-Redirect-Get pattern.

from flask import Flask, redirect, request, render_template
app = Flask("the_flask_module")

@app.route('/', methods=["GET", "POST"])
def post_redirect_get():
    if request.method == "GET":
        return render_template("post_redirect_get.html")
    else:
        # Use said data.
        return redirect("target", code=303)

@app.route("/target")
def target():
    return "I'm the redirected function"

app.run(host="0.0.0.0", port=5001)

And if you want to pass data to the target function (like that token) you can use the session object to store it

So that would break down something like

@app.route('/register', methods=['PUT'])
def register():
    username = request.form.get('username')
    password = request.form.get('password')
    if username is None or password is None:
        abort(400)  # missing parameters

    user = User.query.filter_by(username=username).first()
    if user:
        abort(400)  # user exists
    else:
        user = User(user=user)
        user.hash_password(password)
        db.session.add(user)
        db.session.commit()

        # How do we generate a token?
        redirect("login_success", code=307)

@app.route("login_success", methods=["GET", "POST"])
@jwt_required()
def login_success():
    return "Redirected Success!"

Edit: I haven't used Flask-JWT before and didn't know about the post requirement. But you can tell Flask to redirect with the current method used (rather than a get request) by passing the redirect function code=307.. Hopefully that solves your extended problem.