Skip to main content

Login

Authenticate a user and create a session. 
POST /login

Request Parameters

username
string
required
The username for authentication. Must match a user in the system.
password
string
required
The user’s password. Must match the password stored for the username.

Request Format

The endpoint expects form-encoded data (Content-Type: application/x-www-form-urlencoded).

Response

On successful authentication:
  • Status: 302 Redirect
  • Redirect: /monitor (for admin users) or / (for regular users)
  • Session: Sets authentication cookie
On failed authentication:
  • Status: 200 OK (re-renders login page)
  • Message: Flash message “Usuario o contraseña incorrectos”

Code Examples

curl -X POST http://localhost:5000/login \
  -d "username=empleado1" \
  -d "password=123" \
  -c cookies.txt

Implementation Details

The endpoint implementation (app.py:95-109): 
@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        user_input = request.form['username']
        pass_input = request.form['password']
        usuarios = leer_json(USUARIOS_FILE)
        
        if any(u['username'] == user_input and u['pass'] == pass_input for u in usuarios):
            login_user(User(user_input))
            if user_input == 'admin':
                return redirect(url_for('monitor'))
            return redirect(url_for('index'))
            
        flash('Usuario o contraseña incorrectos')
    return render_template('login.html')

Default Credentials

The system initializes with default test users:
UsernamePasswordEmailRole
admin123[email protected]Admin
empleado1123[email protected]User

Logout

End the current user session. 
GET /logout

Response

  • Status: 302 Redirect
  • Redirect: /login
  • Action: Clears authentication cookie

Code Examples

curl -X GET http://localhost:5000/logout \
  -b cookies.txt

Session Management

The API uses Flask-Login for session management:
  • Sessions are stored in encrypted cookies
  • The secret key is configured as 'clave_secreta_muy_segura'
  • Unauthorized requests are redirected to /login
  • The @login_required decorator protects authenticated endpoints

Build docs developers (and LLMs) love

Get started for freeTalk to us