Simple Login - Login Extension for Flask - maintainer @cuducos

Overview

Travis PyPI PyPI versions PyPI formats Flask Documentation

Login Extension for Flask

The simplest way to add login to flask!

Top Contributors

Add yourself, send a PR!

How it works

First install it from PyPI.

pip install flask_simplelogin

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
SimpleLogin(app)

That's it!

Now you have /login and /logout routes in your application.

The username defaults to admin and the password defaults to secret (yeah that's not clever, let's see how to change it)

Login Screen

Check the documentation for more details!

Comments
  • changed username field to not be autocapitalized

    changed username field to not be autocapitalized

    the current auto captilized field might be annoying when accessing the login page via mobile device when the default first letter is capitalized while the convention for username is usually only small letters

    Credit to Limor Eden for pointing me out for this issue

    opened by amitay87 8
  • Added the ability to modify message categories, disable messages

    Added the ability to modify message categories, disable messages

    Like the title suggests, this PR would allow users to set custom message categories and disable the messages from flask_simplelogin entirely. (See issue #17) This is done by replacing the string values in the messages dictionary with namedtuples (as recommended by @cuducos). The first value is the message string, the second is the category for flask to flash it as.

    This allows for some, interesting, modifications (as well as more practical ones if you use different categories in your project): Annotation 2019-10-25 181834 Annotation 2019-10-25 181759

    If the user sets messages=False flask_simplelogin will not flash any messages.

    There are still some issues that need to be worked on though:

    • As far as I can tell, the user needs to set up the namedtuple themselves
      from collections import namedtuple
      Message = namedtuple("Message","message category")
      

      for their app to use a custom dict. I wonder if there's a simple way...

    • There's no way to disable messages individually, which could be useful if you use a custom login checker, but want to keep other messages.
    • 'access_denied' and 'auth_error' don't currently use the namedtuple, which is somewhat unintuitive, but they don't have categories.
    • I'd like a second opinion on lines 183-184 (master) vs. 190-195 (message-improvements). The logic seems sound, but it feels like there should be a more pythonic way of doing it.
    • I haven't updated the README to reflect any of these changes yet.
    work in progress 
    opened by jforseth210 7
  • Lack of documentation regarding unit testing.

    Lack of documentation regarding unit testing.

    After putting it off for way too long, I've finally decided to teach myself unit testing with the unittest module and write some tests for my Flask project. I've run into a bit of a roadblock with the @login_required decorator though. I can't figure out how to test any of my views that require a login. For all of my other views, I'm able to use app.test_client(self).get() or .post() to make a request and run assertions on the response. However, I can't seem to get that to work with my login form since I don't have a valid csrf token. I saw that you had a similar test in test_app.py but I had some trouble modifying the session in my code, and I saw your comment:

    #token is still invalid :(

    leading me to believe that this was a dead end.

    Next, I searched this repo for references to csrf tokens, and didn't find anything. I realized that this was probably handled by WTForms, so I searched their docs for anything to do with testing, but the only thing I found was talking about recaptcha which didn't help me at all.

    I came back to this repo and noticed that there's the basic parameter for @login_required() so I tried to figure out a way to only enable basic logins when I was running a test. Modifying all of my @login_required decorators to accept a boolean seemed hacky, and I ran into circular import problems between my main file and my blueprints.

    At this point, I'm using the LiveServerTestCase from flask_testing with Selenium. It works, but running a whole browser is slow and seems hacky.

    The relevant code from my test file:

    import unittest
    import time
    from flask_testing import LiveServerTestCase
    from selenium import webdriver
    from selenium.webdriver.common.keys import Keys
    from webtool import app
    
    # Doesn't work
    class FlaskTestCase(unittest.TestCase):
        def test_login(self):
            tester = app.test_client(self)
            response = tester.post(
                '/login/', data=dict(username='testing', password=PROJECT_PASSWORD, next='/'))
            # csrf token missing
    
    # Works but inefficent.
    class LiveServer(LiveServerTestCase):
        def create_app(self):
            app.config['TESTING'] = True
            app.config['LIVESERVER_PORT'] = 0
            return app
    
        def test_correct_login(self):
            driver = webdriver.Firefox()
            driver.get(self.get_server_url()+"/login")
            username_elem = driver.find_element_by_id('username')
            username_elem.send_keys(username)
            password_elem = driver.find_element_by_id('password')
            password_elem.send_keys(password)
            password_elem.send_keys(Keys.RETURN)
            time.sleep(2)  # Give it time to load
            self.assertTrue('Successful' in driver.page_source)
            driver.close()
    

    tl;dr: I can't figure out how to unit test views protected by @login_required(). I was able to get it working with Selenium, but it's too slow.

    opened by jforseth210 6
  • Making messages more customizable

    Making messages more customizable

    We are already able to customize the dictionary of messages simplelogin flashes. However, there is no easy way to:

    1. Toggle messages on and off
    2. Customize the categories of the flashes

    Toggling could be useful if the user has implemented a custom login checker function, or if the user doesn't want to flash these messages. Custom categories could be useful for projects structured with different categories. For example, if I have a project that uses: 'success' 'alert' 'info' 'warning' and I try to use flask_simplelogin, the categories: 'danger' 'primary' etc, could break an existing project structure.

    I suggest something along the lines of:

    show_messages = True
    

    that can be configured just like the message dictionary. Then, all flashes could be place inside an if statement, like this:

    if show_messages:
          flash(self.messages['someKey'], 'someCategory')
    

    I'm not quite as sure how custom categories would work. Parts of the source code went over my head. For all I know, this could already be possible. If so, I'd suggest some updates to the README to clarify. If not, maybe a nested dictionary could be used?

    messages = {
    'login-success', {'message':'someMessage', 'category':'someCategory'},
    }
    
    hacktoberfest good first issue 
    opened by jforseth210 6
  • start sample_app.py error

    start sample_app.py error

    i got the error when i try to run this app

    #python simple_app.py 
    Traceback (most recent call last):
      File "simple_app.py", line 39, in <module>
        @login_required(username=['chuck', 'mary'])
      File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
        @wraps(function)
      File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
        setattr(wrapper, attr, getattr(wrapped, attr))
    AttributeError: 'NoneType' object has no attribute '__module__'
    

    my env python version is

    # python -V
    Python 2.7.13 (default, Aug  9 2017, 23:25:57) 
    

    OS system: ** centos 6.5 64bit**

    then i also try run python manage.py runserver

    Traceback (most recent call last):
      File "manage.py", line 135, in <module>
        main()
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 722, in __call__
        return self.main(*args, **kwargs)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 697, in main
        rv = self.invoke(ctx)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 895, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 535, in invoke
        return callback(*args, **kwargs)
      File "manage.py", line 89, in decorator
        configure_views(app)
      File "manage.py", line 66, in configure_views
        @login_required()
      File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
        @wraps(function)
      File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
        setattr(wrapper, attr, getattr(wrapped, attr))
    AttributeError: 'NoneType' object has no attribute '__module__'
    

    seems have the same problem

    opened by Linkding 4
  • New release?

    New release?

    PyPI has 0.7.0 and with some new features added e.g: new Message style looks like a new minor release is needed.

    https://github.com/flask-extensions/Flask-SimpleLogin/compare/0.0.7...main

    Time for a 0.1.0 ?

    I am currently installing from github but I will need to add this to an RPM package and then better to be on PyPI.

    opened by rochacbruno 3
  • Rename the repository

    Rename the repository

    Maybe it's just me (and my dear OCD), but what are the odds we might break something by renaming this repo Flask-SimpleLogin?

    image

    We might to update the documentation, update the Travis's URLs in the README.md and that's all, right?

    cc @Riverfount and, maybe, @rochacbruno

    opened by cuducos 3
  • simple_log soesn't work for blueprints

    simple_log soesn't work for blueprints

    Hey, great extension!

    I tried using simple_login, and it works great except, it does't work for paths added by blueprints.

    import flask
    import flask_simplelogin
    
    app = flask.Flask(__name__)
    
    my_blueprint = flask.Blueprint('BP', __name__)  # + some url_routes etc...
    app.register_blueprint(my_blueprint, url_prefix='/my_path')
    
    flask_simplelogin.SimpleLogin(app) # doesn't work for /my_path
    

    EDIT: sorry I probably misunderstood something here. I'll close this Thx again.

    opened by topper-123 3
  • csrf_token The CSRF token is invalid

    csrf_token The CSRF token is invalid

    I've hosted flask in heroku. When I login through desktop it's working but when I login through mobile, I get this error.

    Screenshot_20220821-163718_Brave.jpg

    After attempting once in mobile, the error continues in desktop too until I deploy fresh.

    what could have gone wrong?

    opened by gd03champ 2
  • Open redirect vulnerability

    Open redirect vulnerability

    First of all, thank you for the work! For the detail, there is an Open Redirect vulnerability in flask_simplelogin when authenticating after trying to access a page where the @login_required directive is set. An attacker can then send a link to : https://goodsite.com/login/?next=https://badsite.com/login -> The user authenticates and is then redirected to the wrong site with the same appearance (potentially) indicating for example "login failed", he then retypes his credentials and that's it for the attacker...

    I think it would be interesting to allow redirection only if the "next url" is "routable".

    opened by Guezone 2
  • Add a way to configurate login_url and logout_url

    Add a way to configurate login_url and logout_url

    Hola! Thanks for the app, it's really cool, simple and time-saving.

    I had a need to change some in-app variables (login_url, logout_url and home_url) and found it difficult because a method like this

    sl = SimpleLogin(app)
    sl.config['login_url'] = '/admin/login/'
    sl.config['logout_url'] = '/admin/logout/'
    sl.config['home_url'] = '/admin/'
    

    isn't working (views for login and logout are already registered at __init__) and changing blueprint url rules after that is a bit too hard.

    It would be great to have an ability to set this urls by writing something like this

    SIMPLELOGIN_LOGIN_URL = '/admin/login/'
    SIMPLELOGIN_LOGOUT_URL = '/admin/logout/'
    SIMPLELOGIN_HOME_URL = '/admin/'
    

    or this SimpleLogin(app, login_url='/admin/login/', logout_url='/admin/logout/', 'home_url'='/admin/')

    I could try to send a pull request, but not sure what method (or both) is better.

    enhancement hacktoberfest 
    opened by vvlch 2
  • Automate releases based on tags

    Automate releases based on tags

    Every time a new tag is pushed to main/master

    github actions can publish a new release.

    Example: https://github.com/rochacbruno/python-project-template/blob/main/.github/workflows/release.yml

    hacktoberfest 
    opened by rochacbruno 0
Releases(0.1.1)
Owner
Flask Extensions
A curated list (and repos) of Flask-Extensions
Flask Extensions
Simple Login - Login Extension for Flask - maintainer @cuducos

Login Extension for Flask The simplest way to add login to flask! How it works First, install it from PyPI: $ pip install flask_simplelogin Then, use

Flask Extensions 181 Jan 1, 2023
FastAPI-Login tries to provide similar functionality as Flask-Login does.

FastAPI-Login FastAPI-Login tries to provide similar functionality as Flask-Login does. Installation $ pip install fastapi-login Usage To begin we hav

null 417 Jan 7, 2023
User Authentication in Flask using Flask-Login

User-Authentication-in-Flask Set up & Installation. 1 .Clone/Fork the git repo and create an environment Windows git clone https://github.com/Dev-Elie

ONDIEK ELIJAH OCHIENG 31 Dec 11, 2022
Login-python - Login system made in Python, using native libraries

login-python Sistema de login feito 100% em Python, utilizando bibliotecas nativ

Nicholas Gabriel De Matos Leal 2 Jan 28, 2022
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 1.1k Jan 5, 2023
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 940 Feb 13, 2021
Flask Implementation of a login page and some basic functionality.

login_page Flask Implementation of a login page and some basic functionality. How to Run $ chmod +x run.sh setup.sh $ # run setup.sh only if the datab

null 3 Jun 3, 2021
Flask App With Login

Flask App With Login by FranciscoCharles Este projeto basico é o resultado do estudos de algumas funcionalidades do micro framework Flask do Python. O

Charles 3 Nov 14, 2021
An open source Flask extension that provides JWT support (with batteries included)!

Flask-JWT-Extended Features Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting views, but also many help

Landon Gilbert-Bland 1.4k Jan 4, 2023
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 49 Dec 23, 2022
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 39 Jan 23, 2021
Python's simple login system concept - Advanced level

Simple login system with Python - For beginners Creating a simple login system using python for beginners this repository aims to provide a simple ove

Low_Scarlet 1 Dec 13, 2021
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 3, 2023
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 997 Jan 6, 2023
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 916 Feb 15, 2021
Automatic login utility of free Wi-Fi captive portals

wicafe Automatic login utility of free Wi-Fi captive portals Disclaimer: read and grant the Terms of Service of Wi-Fi services before using it! This u

Takumi Sueda 8 May 31, 2022
🔐 Login & Register System

?? Login & Register System This is a developable login and register system. Enter your username and password to register or login to account. Automati

Firdevs Akbayır 10 Dec 12, 2022
Login System Using Django

Login System Django

Nandini Chhajed 6 Dec 12, 2021
Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator.

Django Admin Two-Factor Authentication Django Admin Two-Factor Authentication, allows you to login django admin with google authenticator. Why Django

Iman Karimi 9 Dec 7, 2022