Simple Login - Login Extension for Flask - maintainer @cuducos

Overview

Travis PyPI PyPI versions PyPI formats Flask Documentation

Login Extension for Flask

The simplest way to add login to flask!

Top Contributors

Add yourself, send a PR!

How it works

First install it from PyPI.

pip install flask_simplelogin

from flask import Flask
from flask_simplelogin import SimpleLogin

app = Flask(__name__)
SimpleLogin(app)

That's it!

Now you have /login and /logout routes in your application.

The username defaults to admin and the password defaults to secret (yeah that's not clever, let's see how to change it)

Login Screen

Check the documentation for more details!

Comments
  • changed username field to not be autocapitalized

    changed username field to not be autocapitalized

    the current auto captilized field might be annoying when accessing the login page via mobile device when the default first letter is capitalized while the convention for username is usually only small letters

    Credit to Limor Eden for pointing me out for this issue

    opened by amitay87 8
  • Added the ability to modify message categories, disable messages

    Added the ability to modify message categories, disable messages

    Like the title suggests, this PR would allow users to set custom message categories and disable the messages from flask_simplelogin entirely. (See issue #17) This is done by replacing the string values in the messages dictionary with namedtuples (as recommended by @cuducos). The first value is the message string, the second is the category for flask to flash it as.

    This allows for some, interesting, modifications (as well as more practical ones if you use different categories in your project): Annotation 2019-10-25 181834 Annotation 2019-10-25 181759

    If the user sets messages=False flask_simplelogin will not flash any messages.

    There are still some issues that need to be worked on though:

    • As far as I can tell, the user needs to set up the namedtuple themselves
      from collections import namedtuple
      Message = namedtuple("Message","message category")
      

      for their app to use a custom dict. I wonder if there's a simple way...

    • There's no way to disable messages individually, which could be useful if you use a custom login checker, but want to keep other messages.
    • 'access_denied' and 'auth_error' don't currently use the namedtuple, which is somewhat unintuitive, but they don't have categories.
    • I'd like a second opinion on lines 183-184 (master) vs. 190-195 (message-improvements). The logic seems sound, but it feels like there should be a more pythonic way of doing it.
    • I haven't updated the README to reflect any of these changes yet.
    work in progress 
    opened by jforseth210 7
  • Lack of documentation regarding unit testing.

    Lack of documentation regarding unit testing.

    After putting it off for way too long, I've finally decided to teach myself unit testing with the unittest module and write some tests for my Flask project. I've run into a bit of a roadblock with the @login_required decorator though. I can't figure out how to test any of my views that require a login. For all of my other views, I'm able to use app.test_client(self).get() or .post() to make a request and run assertions on the response. However, I can't seem to get that to work with my login form since I don't have a valid csrf token. I saw that you had a similar test in test_app.py but I had some trouble modifying the session in my code, and I saw your comment:

    #token is still invalid :(

    leading me to believe that this was a dead end.

    Next, I searched this repo for references to csrf tokens, and didn't find anything. I realized that this was probably handled by WTForms, so I searched their docs for anything to do with testing, but the only thing I found was talking about recaptcha which didn't help me at all.

    I came back to this repo and noticed that there's the basic parameter for @login_required() so I tried to figure out a way to only enable basic logins when I was running a test. Modifying all of my @login_required decorators to accept a boolean seemed hacky, and I ran into circular import problems between my main file and my blueprints.

    At this point, I'm using the LiveServerTestCase from flask_testing with Selenium. It works, but running a whole browser is slow and seems hacky.

    The relevant code from my test file:

    import unittest
    import time
    from flask_testing import LiveServerTestCase
    from selenium import webdriver
    from selenium.webdriver.common.keys import Keys
    from webtool import app
    
    # Doesn't work
    class FlaskTestCase(unittest.TestCase):
        def test_login(self):
            tester = app.test_client(self)
            response = tester.post(
                '/login/', data=dict(username='testing', password=PROJECT_PASSWORD, next='/'))
            # csrf token missing
    
    # Works but inefficent.
    class LiveServer(LiveServerTestCase):
        def create_app(self):
            app.config['TESTING'] = True
            app.config['LIVESERVER_PORT'] = 0
            return app
    
        def test_correct_login(self):
            driver = webdriver.Firefox()
            driver.get(self.get_server_url()+"/login")
            username_elem = driver.find_element_by_id('username')
            username_elem.send_keys(username)
            password_elem = driver.find_element_by_id('password')
            password_elem.send_keys(password)
            password_elem.send_keys(Keys.RETURN)
            time.sleep(2)  # Give it time to load
            self.assertTrue('Successful' in driver.page_source)
            driver.close()
    

    tl;dr: I can't figure out how to unit test views protected by @login_required(). I was able to get it working with Selenium, but it's too slow.

    opened by jforseth210 6
  • Making messages more customizable

    Making messages more customizable

    We are already able to customize the dictionary of messages simplelogin flashes. However, there is no easy way to:

    1. Toggle messages on and off
    2. Customize the categories of the flashes

    Toggling could be useful if the user has implemented a custom login checker function, or if the user doesn't want to flash these messages. Custom categories could be useful for projects structured with different categories. For example, if I have a project that uses: 'success' 'alert' 'info' 'warning' and I try to use flask_simplelogin, the categories: 'danger' 'primary' etc, could break an existing project structure.

    I suggest something along the lines of:

    show_messages = True
    

    that can be configured just like the message dictionary. Then, all flashes could be place inside an if statement, like this:

    if show_messages:
          flash(self.messages['someKey'], 'someCategory')
    

    I'm not quite as sure how custom categories would work. Parts of the source code went over my head. For all I know, this could already be possible. If so, I'd suggest some updates to the README to clarify. If not, maybe a nested dictionary could be used?

    messages = {
    'login-success', {'message':'someMessage', 'category':'someCategory'},
    }
    
    hacktoberfest good first issue 
    opened by jforseth210 6
  • start sample_app.py error

    start sample_app.py error

    i got the error when i try to run this app

    #python simple_app.py 
    Traceback (most recent call last):
      File "simple_app.py", line 39, in <module>
        @login_required(username=['chuck', 'mary'])
      File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
        @wraps(function)
      File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
        setattr(wrapper, attr, getattr(wrapped, attr))
    AttributeError: 'NoneType' object has no attribute '__module__'
    

    my env python version is

    # python -V
    Python 2.7.13 (default, Aug  9 2017, 23:25:57) 
    

    OS system: ** centos 6.5 64bit**

    then i also try run python manage.py runserver

    Traceback (most recent call last):
      File "manage.py", line 135, in <module>
        main()
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 722, in __call__
        return self.main(*args, **kwargs)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 697, in main
        rv = self.invoke(ctx)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
        return _process_result(sub_ctx.command.invoke(sub_ctx))
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 895, in invoke
        return ctx.invoke(self.callback, **ctx.params)
      File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 535, in invoke
        return callback(*args, **kwargs)
      File "manage.py", line 89, in decorator
        configure_views(app)
      File "manage.py", line 66, in configure_views
        @login_required()
      File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
        @wraps(function)
      File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
        setattr(wrapper, attr, getattr(wrapped, attr))
    AttributeError: 'NoneType' object has no attribute '__module__'
    

    seems have the same problem

    opened by Linkding 4
  • New release?

    New release?

    PyPI has 0.7.0 and with some new features added e.g: new Message style looks like a new minor release is needed.

    https://github.com/flask-extensions/Flask-SimpleLogin/compare/0.0.7...main

    Time for a 0.1.0 ?

    I am currently installing from github but I will need to add this to an RPM package and then better to be on PyPI.

    opened by rochacbruno 3
  • Rename the repository

    Rename the repository

    Maybe it's just me (and my dear OCD), but what are the odds we might break something by renaming this repo Flask-SimpleLogin?

    image

    We might to update the documentation, update the Travis's URLs in the README.md and that's all, right?

    cc @Riverfount and, maybe, @rochacbruno

    opened by cuducos 3
  • simple_log soesn't work for blueprints

    simple_log soesn't work for blueprints

    Hey, great extension!

    I tried using simple_login, and it works great except, it does't work for paths added by blueprints.

    import flask
    import flask_simplelogin
    
    app = flask.Flask(__name__)
    
    my_blueprint = flask.Blueprint('BP', __name__)  # + some url_routes etc...
    app.register_blueprint(my_blueprint, url_prefix='/my_path')
    
    flask_simplelogin.SimpleLogin(app) # doesn't work for /my_path
    

    EDIT: sorry I probably misunderstood something here. I'll close this Thx again.

    opened by topper-123 3
  • csrf_token The CSRF token is invalid

    csrf_token The CSRF token is invalid

    I've hosted flask in heroku. When I login through desktop it's working but when I login through mobile, I get this error.

    Screenshot_20220821-163718_Brave.jpg

    After attempting once in mobile, the error continues in desktop too until I deploy fresh.

    what could have gone wrong?

    opened by gd03champ 2
  • Open redirect vulnerability

    Open redirect vulnerability

    First of all, thank you for the work! For the detail, there is an Open Redirect vulnerability in flask_simplelogin when authenticating after trying to access a page where the @login_required directive is set. An attacker can then send a link to : https://goodsite.com/login/?next=https://badsite.com/login -> The user authenticates and is then redirected to the wrong site with the same appearance (potentially) indicating for example "login failed", he then retypes his credentials and that's it for the attacker...

    I think it would be interesting to allow redirection only if the "next url" is "routable".

    opened by Guezone 2
  • Add a way to configurate login_url and logout_url

    Add a way to configurate login_url and logout_url

    Hola! Thanks for the app, it's really cool, simple and time-saving.

    I had a need to change some in-app variables (login_url, logout_url and home_url) and found it difficult because a method like this

    sl = SimpleLogin(app)
    sl.config['login_url'] = '/admin/login/'
    sl.config['logout_url'] = '/admin/logout/'
    sl.config['home_url'] = '/admin/'
    

    isn't working (views for login and logout are already registered at __init__) and changing blueprint url rules after that is a bit too hard.

    It would be great to have an ability to set this urls by writing something like this

    SIMPLELOGIN_LOGIN_URL = '/admin/login/'
    SIMPLELOGIN_LOGOUT_URL = '/admin/logout/'
    SIMPLELOGIN_HOME_URL = '/admin/'
    

    or this SimpleLogin(app, login_url='/admin/login/', logout_url='/admin/logout/', 'home_url'='/admin/')

    I could try to send a pull request, but not sure what method (or both) is better.

    enhancement hacktoberfest 
    opened by vvlch 2
  • Automate releases based on tags

    Automate releases based on tags

    Every time a new tag is pushed to main/master

    github actions can publish a new release.

    Example: https://github.com/rochacbruno/python-project-template/blob/main/.github/workflows/release.yml

    hacktoberfest 
    opened by rochacbruno 0
Releases(0.1.1)
Owner
Flask Extensions
A curated list (and repos) of Flask-Extensions
Flask Extensions
Doing the OAuth dance with style using Flask, requests, and oauthlib.

Flask-Dance Doing the OAuth dance with style using Flask, requests, and oauthlib. Currently, only OAuth consumers are supported, but this project coul

David Baumgold 915 Dec 28, 2022
Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

Skit 3 Jan 08, 2022
A Python tool to generate and refresh Amazon access tokens.

amazon_auth A Python tool to generate and refresh Amazon access tokens. Description This tool generates and outputs Amazon access and refresh tokens f

15 Nov 21, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
Login-python - Login system made in Python, using native libraries

login-python Sistema de login feito 100% em Python, utilizando bibliotecas nativ

Nicholas Gabriel De Matos Leal 2 Jan 28, 2022
API with high performance to create a simple blog and Auth using OAuth2 ⛏

DogeAPI API with high performance built with FastAPI & SQLAlchemy, help to improve connection with your Backend Side to create a simple blog and Cruds

Yasser Tahiri 111 Jan 05, 2023
REST implementation of Django authentication system.

djoser REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such

Sunscrapers 2.2k Jan 01, 2023
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Jazzband 3.2k Dec 28, 2022
Imia is an authentication library for Starlette and FastAPI (python 3.8+).

Imia Imia (belarussian for "a name") is an authentication library for Starlette and FastAPI (python 3.8+). Production status The library is considered

Alex Oleshkevich 91 Nov 24, 2022
Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

3 Jan 08, 2022
Brute force a JWT token. Script uses multithreading.

JWT BF Brute force a JWT token. Script uses multithreading. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help!

Ivan Šincek 5 Dec 02, 2022
Web authentication testing framework

What is this This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticate

OWASP 88 Jan 01, 2023
This project is an open-source project which I made due to sharing my experience around the Python programming language.

django-tutorial This project is an open-source project which I made due to sharing my experience around the Django framework. What is Django? Django i

MohammadMasoumi 6 May 12, 2022
Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster

Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. Kubernetes supports OpenID Connect Tokens as a way to identify users wh

7 Nov 20, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 03, 2023
This is a Python library for accessing resources protected by OAuth 2.0.

This is a client library for accessing resources protected by OAuth 2.0. Note: oauth2client is now deprecated. No more features will be added to the l

Google APIs 787 Dec 13, 2022
Djagno grpc authentication service with jwt auth

Django gRPC authentication service STEP 1: Install packages pip install -r requirements.txt STEP 2: Make migrations and migrate python manage.py makem

Saeed Hassani Borzadaran 3 May 16, 2022
Simple Login - Login Extension for Flask - maintainer @cuducos

Login Extension for Flask The simplest way to add login to flask! How it works First, install it from PyPI: $ pip install flask_simplelogin Then, use

Flask Extensions 181 Jan 01, 2023
An extension of django rest framework, providing a configurable password reset strategy

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022