This repository has been archived by the owner on Jul 30, 2024. It is now read-only.
Added option to initialize with custom pwd_context #293
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I added the option to initialized Flask-Security with a user defined pwd_context.
My primary motivation for this change was to enable the use of the same pwd_context with two separate login systems: Flask-Security and Flask-JWT.
Unfortunately, you can not just nic the extension's
.pwd_context
and use that in your Flask-JWT authorization handler, because Flask-Security salts the password with theutils.get_hmac
function. Due to the salting outside of thepwd_context
, you can not use thepwd_context
outside of Flask-Security.My changes allow for two things:
Using
SECURITY_PASSWORD_NO_SALT=True
andSECURITY_PASSWORD_SALT=None
, you avoid the pre-salting of the password and then can use the extension's.pwd_context
asis. Passlib generally does a good job at using randomized salts on each call to encrypt, but the user should be aware. This options requires that Flask-Security is initialized so you can use it'spwd_context
Using your own pwd_context passed via
init_app(..., pwd_context=my_pwd_context)
, you can usemy_pwd_context
in two applications that share the same user model, where 1 application uses Flask-Security and the other solely uses Flask-JWT.This help address some compatibility issues with Issue #215