-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add overriding of login_form to customizing.rst #377
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -93,6 +93,34 @@ directly to the model, so the model should look like:: | |
first_name = db.Column(db.String(255)) | ||
last_name = db.Column(db.String(255)) | ||
|
||
For ``login_form`` it's necessary to override ``validate`` method if you | ||
want to implement your own logic of authentication. Also ``login_form`` | ||
needs to have ``user`` member set to User model object instance:: | ||
|
||
from flask import current_app | ||
from flask_security.forms import LoginForm as BaseLoginForm | ||
from wtforms import BooleanField, StringField, PasswordField, SubmitField | ||
from wtforms.validators import DataRequired | ||
from app.models import User | ||
|
||
class LoginForm(BaseLoginForm): | ||
"""User Login form. """ | ||
username = StringField('User name') | ||
password = PasswordField('Password', validators=[DataRequired()]) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since you are using BaseLoginForm - you don't need to specify fields that are identical to underlying fields. |
||
remember_me = BooleanField('Remember Me') | ||
submit = SubmitField('Sign In') | ||
|
||
# flask_security requires that LoginForm has <user> property of user to log in | ||
user = None | ||
|
||
def validate(self): | ||
self.user = User.query.filter_by(username=self.username.data).first() | ||
if self.user is None or not self.user.check_password(self.password.data): | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't see a check_password? - the proper method to use is: if not self.user.verify_and_update_password(self.password.data): Also - in these error cases - you aren't updating the form error fields:
|
||
current_app.logger.warning(f"Failed attempt to log in as <{self.username.data}>") | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. For examples like this - I would not bother with logging.... |
||
return False | ||
current_app.logger.info(f"User {self.user} is logged in") | ||
return True | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe add a comment that this example doesn't deal with inactive nor confirmation..... |
||
The following is a list of all the available form overrides: | ||
|
||
* ``login_form``: Login form | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is application specific right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's an example