Consider a Flask login form that checks username and password against stored values. What is the typical behavior after a successful login?
from flask import Flask, request, redirect, url_for, render_template_string app = Flask(__name__) users = {'alice': 'wonderland'} @app.route('/login', methods=['GET', 'POST']) def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] if username in users and users[username] == password: return redirect(url_for('dashboard')) else: return 'Login Failed', 401 return render_template_string('''<form method='post'> <input name='username'> <input name='password' type='password'> <input type='submit'> </form>''') @app.route('/dashboard') def dashboard(): return 'Welcome!' if __name__ == '__main__': app.run()
Think about what redirect(url_for('dashboard')) does after a successful login.
When the username and password match, the code redirects the user to the dashboard route, which shows a welcome message.
Which option correctly fixes the syntax error in this Flask login route code?
from flask import Flask, request app = Flask(__name__) users = {'alice': 'wonderland'} @app.route('/login', methods=['POST']) def login(): username = request.form['username'] password = request.form['password'] if username in users and users[username] == password return 'Logged in' else: return 'Failed' if __name__ == '__main__': app.run()
Python requires a colon at the end of control statements like if.
The if statement is missing a colon at the end, causing a syntax error. Adding ':' fixes it.
Given this Flask login snippet, what response does the server send when the password is wrong?
from flask import Flask, request app = Flask(__name__) users = {'bob': 'builder'} @app.route('/login', methods=['POST']) def login(): username = request.form['username'] password = request.form['password'] if username in users and users[username] == password: return 'Success' else: return 'Unauthorized', 401 if __name__ == '__main__': app.run()
Look at the else block's return statement and its status code.
If the password is wrong, the server returns the string 'Unauthorized' with status code 401, indicating access denied.
Examine the code below. Why does the login always fail even with correct credentials?
from flask import Flask, request app = Flask(__name__) users = {'eve': 'secret'} @app.route('/login', methods=['POST']) def login(): username = request.form.get('username') password = request.form.get('password') if username == users.get(username) and password == users.get(username): return 'Logged in' else: return 'Failed' if __name__ == '__main__': app.run()
Look carefully at the if condition comparing username and password.
The condition wrongly compares username to users.get(username) (which returns the password), so username == password is checked, which fails. It should check password == users.get(username).
Consider a Flask login system that stores passwords in plain text in a dictionary and checks them directly. What is the biggest security risk?
users = {'admin': '12345'}
@app.route('/login', methods=['POST'])
def login():
username = request.form['username']
password = request.form['password']
if username in users and users[username] == password:
return 'Welcome'
else:
return 'Denied', 401Think about how passwords should be stored securely.
Storing passwords in plain text is dangerous because if anyone accesses the data, they see all passwords. Passwords should be hashed and salted.