flask-extensions / flask-simplelogin Goto Github PK

So Flask 2.3.0 deprecates a bunch of json support: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0

This has been anticipated in flask-wtf release 1.1.1.

However flask-simplelogin pins flask-wtf to 0.x:

Flask-WTF = "^0.15.1"

resulting in the following error in my explainerdashboard library that uses flask_simplelogin as a dependency:

ImportError while loading conftest '/home/runner/work/explainerdashboard/explainerdashboard/tests/conftest.py'.
tests/conftest.py:21: in <module>
    from explainerdashboard import RegressionExplainer, ClassifierExplainer, ExplainerDashboard, ExplainerHub
explainerdashboard/__init__.py:5: in <module>
    from .dashboards import ExplainerDashboard, ExplainerHub, InlineExplainer
explainerdashboard/dashboards.py:41: in <module>
    from flask_simplelogin import SimpleLogin, login_required
/opt/hostedtoolcache/Python/3.9.[16](https://github.com/oegedijk/explainerdashboard/actions/runs/4856284560/jobs/8655687817#step:6:17)/x64/lib/python3.9/site-packages/flask_simplelogin/__init__.py:24: in <module>
    from flask_wtf import FlaskForm
/opt/hostedtoolcache/Python/3.9.16/x64/lib/python3.9/site-packages/flask_wtf/__init__.py:3: in <module>
    from .recaptcha import *
/opt/hostedtoolcache/Python/3.9.16/x64/lib/python3.9/site-packages/flask_wtf/recaptcha/__init__.py:2: in <module>
    from .fields import *
/opt/hostedtoolcache/Python/3.9.16/x64/lib/python3.9/site-packages/flask_wtf/recaptcha/fields.py:3: in <module>
    from . import widgets
/opt/hostedtoolcache/Python/3.9.16/x64/lib/python3.9/site-packages/flask_wtf/recaptcha/widgets.py:4: in <module>
    JSONEncoder = json.JSONEncoder
E   AttributeError: module 'flask.json' has no attribute 'JSONEncoder'

So would be great if you could upgrade the dependency of flask-wtf!

Change your web browser to NOT BE MAXIMIZED. Drag your browser width to be smaller and smaller. At some point the menu/navigation disappears.

We are already able to customize the dictionary of messages simplelogin flashes. However, there is no easy way to:

1. Toggle messages on and off
2. Customize the categories of the flashes

Toggling could be useful if the user has implemented a custom login checker function, or if the user doesn't want to flash these messages. Custom categories could be useful for projects structured with different categories.
For example, if I have a project that uses:
'success'
'alert'
'info'
'warning'
and I try to use flask_simplelogin, the categories:
'danger'
'primary'
etc, could break an existing project structure.

I suggest something along the lines of:

show_messages = True

that can be configured just like the message dictionary.
Then, all flashes could be place inside an if statement, like this:

if show_messages:
      flash(self.messages['someKey'], 'someCategory')

I'm not quite as sure how custom categories would work. Parts of the source code went over my head.
For all I know, this could already be possible. If so, I'd suggest some updates to the README to clarify.
If not, maybe a nested dictionary could be used?

messages = {
'login-success', {'message':'someMessage', 'category':'someCategory'},
}

Hey @rochacbruno, the function dispatch of the login_required decorator has a flash call with a english message that is hard to translate.

What do you think about making SimpleLogin's message dictionary a module global dictionary. That way, it would be easier to apply translations.

I've hosted flask in heroku. When I login through desktop it's working but when I login through mobile, I get this error.

After attempting once in mobile, the error continues in desktop too until I deploy fresh.

what could have gone wrong?

Hey, great extension!

I tried using simple_login, and it works great except, it does't work for paths added by blueprints.

import flask
import flask_simplelogin

app = flask.Flask(__name__)

my_blueprint = flask.Blueprint('BP', __name__)  # + some url_routes etc...
app.register_blueprint(my_blueprint, url_prefix='/my_path')

flask_simplelogin.SimpleLogin(app) # doesn't work for /my_path

EDIT: sorry I probably misunderstood something here. I'll close this
Thx again.

i got the error when i try to run this app

#python simple_app.py 
Traceback (most recent call last):
  File "simple_app.py", line 39, in <module>
    @login_required(username=['chuck', 'mary'])
  File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
    @wraps(function)
  File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
    setattr(wrapper, attr, getattr(wrapped, attr))
AttributeError: 'NoneType' object has no attribute '__module__'

my env python version is

# python -V
Python 2.7.13 (default, Aug  9 2017, 23:25:57) 

OS system: ** centos 6.5 64bit**

then i also try run python manage.py runserver

Traceback (most recent call last):
  File "manage.py", line 135, in <module>
    main()
  File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/python2.7/lib/python2.7/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "manage.py", line 89, in decorator
    configure_views(app)
  File "manage.py", line 66, in configure_views
    @login_required()
  File "/usr/local/python2.7/lib/python2.7/site-packages/flask_simplelogin/__init__.py", line 109, in login_required
    @wraps(function)
  File "/usr/local/python2.7/lib/python2.7/functools.py", line 33, in update_wrapper
    setattr(wrapper, attr, getattr(wrapped, attr))
AttributeError: 'NoneType' object has no attribute '__module__'

seems have the same problem

HI Bruno,

While checking out the quokka cms, I came across the login page user is navigated to for the /admin view . Then I got to know it is a part of flask_simplelogin

The UI for login page covered in login.html in flask_simplelogin can be more enhanced.I want to contribute this project.The name and the password in the login form is placed quite left .We can work on that and also in my opinion it would be good if we replace it with username.

I am a beginner and really want to start contributions .I am thankful if you give me opportunity to work on this for the betterment of the project. I am attaching the area of the application I want to start working.

First of all, thank you for the work! For the detail, there is an Open Redirect vulnerability in flask_simplelogin when authenticating after trying to access a page where the @login_required directive is set. An attacker can then send a link to : https://goodsite.com/login/?next=https://badsite.com/login -> The user authenticates and is then redirected to the wrong site with the same appearance (potentially) indicating for example "login failed", he then retypes his credentials and that's it for the attacker...

I think it would be interesting to allow redirection only if the "next url" is "routable".

Maybe it's just me (and my dear OCD), but what are the odds we might break something by renaming this repo Flask-SimpleLogin?

We might to update the documentation, update the Travis's URLs in the README.md and that's all, right?

cc @Riverfount and, maybe, @rochacbruno

Can we know which user is logged in currently? do we have a method or a function to call and check?

PyPI has 0.7.0 and with some new features added e.g: new Message style looks like a new minor release is needed.

0.0.7...main

Time for a 0.1.0 ?

I am currently installing from github but I will need to add this to an RPM package and then better to be on PyPI.

with REQUIRES_LOGIN_FOR_ALL_VIEWS config, every view is automatically protected.

then a @no_login decorator can be used in specific paths

See #10

Every time a new tag is pushed to main/master

github actions can publish a new release.

Example: https://github.com/rochacbruno/python-project-template/blob/main/.github/workflows/release.yml

Thanks for creating such nice extension! 🏆 I'd like to list here what I think would be nice to have in a documentation page.

• Introduction: What this extension is about and which problem it solves
• How to install the extension
• Examples
• Troubleshooting

The README already have most of it covered but it's handy to have a documentation where we can search for terms, see the pages available and go directly for what we're looking for.
Here a nice example of documentation: https://dramatiq.io/ (IMHO) They use Sphinx to generate it.

Hola! Thanks for the app, it's really cool, simple and time-saving.

I had a need to change some in-app variables (login_url, logout_url and home_url) and found it difficult because a method like this

sl = SimpleLogin(app)
sl.config['login_url'] = '/admin/login/'
sl.config['logout_url'] = '/admin/logout/'
sl.config['home_url'] = '/admin/'

isn't working (views for login and logout are already registered at __init__) and changing blueprint url rules after that is a bit too hard.

It would be great to have an ability to set this urls by writing something like this

SIMPLELOGIN_LOGIN_URL = '/admin/login/'
SIMPLELOGIN_LOGOUT_URL = '/admin/logout/'
SIMPLELOGIN_HOME_URL = '/admin/'

or this
SimpleLogin(app, login_url='/admin/login/', logout_url='/admin/logout/', 'home_url'='/admin/')

I could try to send a pull request, but not sure what method (or both) is better.

Is there a callback to perform actions after the user logs out?
I can make a pull request if this isn't already possible

run the command：pip install flask_simplelogin
but can't be installed successfully
“””
Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/flask-simplelogin/
‘’‘’‘’

After putting it off for way too long, I've finally decided to teach myself unit testing with the unittest module and write some tests for my Flask project. I've run into a bit of a roadblock with the @login_required decorator though. I can't figure out how to test any of my views that require a login.
For all of my other views, I'm able to use app.test_client(self).get() or .post() to make a request and run assertions on the response. However, I can't seem to get that to work with my login form since I don't have a valid csrf token. I saw that you had a similar test in test_app.py but I had some trouble modifying the session in my code, and I saw your comment:

#token is still invalid :(

leading me to believe that this was a dead end.

Next, I searched this repo for references to csrf tokens, and didn't find anything. I realized that this was probably handled by WTForms, so I searched their docs for anything to do with testing, but the only thing I found was talking about recaptcha which didn't help me at all.

I came back to this repo and noticed that there's the basic parameter for @login_required() so I tried to figure out a way to only enable basic logins when I was running a test. Modifying all of my @login_required decorators to accept a boolean seemed hacky, and I ran into circular import problems between my main file and my blueprints.

At this point, I'm using the LiveServerTestCase from flask_testing with Selenium. It works, but running a whole browser is slow and seems hacky.

The relevant code from my test file:

import unittest
import time
from flask_testing import LiveServerTestCase
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
from webtool import app

# Doesn't work
class FlaskTestCase(unittest.TestCase):
    def test_login(self):
        tester = app.test_client(self)
        response = tester.post(
            '/login/', data=dict(username='testing', password=PROJECT_PASSWORD, next='/'))
        # csrf token missing

# Works but inefficent.
class LiveServer(LiveServerTestCase):
    def create_app(self):
        app.config['TESTING'] = True
        app.config['LIVESERVER_PORT'] = 0
        return app

    def test_correct_login(self):
        driver = webdriver.Firefox()
        driver.get(self.get_server_url()+"/login")
        username_elem = driver.find_element_by_id('username')
        username_elem.send_keys(username)
        password_elem = driver.find_element_by_id('password')
        password_elem.send_keys(password)
        password_elem.send_keys(Keys.RETURN)
        time.sleep(2)  # Give it time to load
        self.assertTrue('Successful' in driver.page_source)
        driver.close()

tl;dr: I can't figure out how to unit test views protected by @login_required(). I was able to get it working with Selenium, but it's too slow.