User authentication in Python

Grace 96 Published: 11/20/2024

User authentication in Python

Here's a comprehensive overview of user authentication in Python:

User authentication is the process of verifying the identity of a user and ensuring that they are authorized to access certain resources or perform specific actions within an application. In Python, there are several ways to implement user authentication, including using built-in libraries like http.cookies and http.request, as well as third-party libraries like Flask-Login and Django's built-in authentication system.

One of the most common approaches is to use cookies and sessions. When a user logs in, their username and password are verified, and if everything checks out, they receive a session ID cookie that can be used to authenticate future requests. This approach has some limitations, such as being vulnerable to cookie tampering or stealing.

Another popular approach is to use JWT (JSON Web Tokens). JWTs are small pieces of JSON data that contain information about the user, and they're typically sent back with each request. When a user logs in, the server generates a new JWT and sends it back to the client. The client then uses this token for subsequent requests, without having to re-enter their login credentials.

Python's Flask library has built-in support for authentication using JWTs through its Flask-JWT-Extended library. This allows you to create secure routes that are only accessible to authenticated users.

Here is a simple example of how you might implement user authentication in Python using JWTs:

from flask import Flask, request, jsonify

import jwt


app = Flask(name)

User database (in real-world applications, this would be replaced with an actual database)

users = {"username1": "password1", "username2": "password2"}


def generate_token(username):


user_data = {"username": username}


return jwt.encode(user_data, "your-secret-key-here").decode("utf-8")


@app.route("/login", methods=["POST"])


def login():


username = request.form.get("username")


password = request.form.get("password")


if (username in users and users[username] == password):


return generate_token(username)


else:


return jsonify({"error": "Invalid username or password"}), 401


@app.route("/protected", methods=["GET"])


def protected():


token = request.headers["Authorization"]


try:


user_data = jwt.decode(token, "your-secret-key-here")


return jsonify({"message": f"Welcome {user_data['username']}!"})


except jwt.ExpiredSignatureError:


return jsonify({"error": "Token has expired"}), 401


if name == "main":


app.run(debug=True)

In this example, we're using the Flask-JWT-Extended library to create JWTs for authenticated users. When a user logs in, they receive a token that can be used to access protected routes like /protected. This token is validated on each request by checking that it was signed with the correct secret key.

Of course, this is just one simple example of how you might implement user authentication in Python using JWTs. There are many more advanced features and considerations to take into account, such as handling multiple tokens (for things like multi-factor authentication), validating tokens on each request, and dealing with expired or invalid tokens.

I hope this gives you a good starting point for implementing user authentication in your own Python application!

Python login and register system

I'd be happy to help you with a Python login and registration system!

What We'll Cover

User Registration Login System

Password Hashing Session Management (optional)

Code Structure

Before we dive into the code, let's take a look at our directory structure:

myapp/

myapp.py  # Our main application file


models/  # Where our database models live


init.py


user.py  # Our User model


config.py  # Configuration settings for our app


templates/  # HTML templates for our pages


init.py


register.html  # Register page template


login.html  # Login page template


...

User Registration

Now, let's create a User model to handle user registration:

# models/user.py

from flask_sqlalchemy import SQLAlchemy


db = SQLAlchemy()


class User(db.Model):


id = db.Column(db.Integer(), primary_key=True)


username = db.Column(db.String(80), unique=True, nullable=False)


password = db.Column(db.String(120), nullable=False)


def init(self, username, password):


self.username = username


self.password = password


def repr(self):


return f"User('{self.username}')"

Login System

Next, let's create our login system using Flask-Login:

# myapp.py

from flask import Flask, render_template, request, flash


from flask_login import LoginManager, UserMixin, login_user, logout_user, login_required


app = Flask(name)


app.config["SECRET_KEY"] = "your_secret_key_here"


login_manager = LoginManager()


login_manager.init_app(app)

Create our User class as a custom user loader for Flask-Login

@login_manager.user_loader


def load_user(user_id):


return User.query.get(int(user_id))


@app.route("/register", methods=["GET"])


def register():


return render_template("register.html")


@app.route("/register", methods=["POST"])


def register_user():


username = request.form["username"]


password = request.form["password"]

Create a new user with the provided info

new_user = User(username, password)

Save our new user to the database

db.session.add(new_user)


db.session.commit()


flash("User registered successfully!")


@app.route("/login", methods=["GET"])


def login():


return render_template("login.html")


@app.route("/login", methods=["POST"])


def login_user():


username = request.form["username"]


password = request.form["password"]

Query our database for the user with the given credentials

user = User.query.filter_by(username=username).first()


if user and user.password == password:

Log in this user using Flask-Login's login_user function

login_user(user)


flash("Logged in successfully!")


else:


flash("Invalid username or password!")


if name == "main":


app.run(debug=True)

Password Hashing

We'll use Werkzeug's generate_password_hash() to hash our user passwords:

from werkzeug.security import generate_password_hash, check_password_hash

class User:


def init(self, username, password):


self.username = username


self.password = generate_password_hash(password)


def check_password(self, provided_password):


return check_password_hash(self.password, provided_password)

Session Management (optional)

If you want to implement session management for your logged-in users:

from flask_login import login_user, logout_user

@app.route("/logout")


@login_required


def logout():


logout_user()


flash("Logged out successfully!")


return redirect(url_for("login"))

Template Code (register.html and login.html)

For the HTML templates, we'll use Jinja2 templating:




Username:



Password:







Username:



Password:

That's it! With this Python login and registration system, you can easily create a simple web app with user authentication using Flask-Login.

Related Articles