Backend Development
Python Tutorial
Flask-Security: Adding user authentication and password encryption to Python web applications
Flask-Security: Adding user authentication and password encryption to Python web applications
Jun 17, 2023 pm 02:28 PM
Flask-Security: Adding user authentication and password encryption to Python web applications
As the Internet continues to develop, more and more applications require user authentication and password encryption to protect users Data security. In the Python language, there is a very popular web framework-Flask. Flask-Security is an extension library based on the Flask framework that helps developers easily add user authentication and password encryption capabilities to Python web applications.
Flask-Security has the following features:
- Can be easily integrated into existing Flask applications
- Supports multiple authentication methods, including passwords , tokens, social media login, etc.
- Supports password encryption and decryption (using Bcrypt encryption algorithm)
- Provides user role management functions, which can assign different roles to different users to Controlling user access to your application
In this article, we'll cover how to use Flask-Security to add user authentication and password encryption capabilities to your Python web application.
Installing Flask-Security
Before we start using Flask-Security, we need to install it first. We can use pip to install Flask-Security:
pip install Flask-Security
Of course, we also need to install some other necessary dependent libraries, including Flask and Flask-SQLAlchemy (or other ORM libraries):
pip install Flask Flask-SQLAlchemy
Configuring Flask-Security
After installing Flask-Security, we need to configure some parameters to enable user authentication and password encryption. First, we need to introduce the Flask-Security extension library into the Flask application:
from flask import Flask from flask_sqlalchemy import SQLAlchemy from flask_security import Security, SQLAlchemyUserDatastore, UserMixin, RoleMixin, login_required
Next, we need to define some necessary configuration parameters, including database connection information, keys, etc.:
app = Flask(__name__) app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///example.db' app.config['SECRET_KEY'] = 'mysecretkey'
Here we use SQLite as our database and save it in a file. Of course, you can also use other databases (such as MySQL or PostgreSQL), just modify the corresponding database connection information.
Next, we need to define a User and a Role class. Here we use SQLAlchemy as the ORM library:
db = SQLAlchemy(app)
class Role(db.Model, RoleMixin):
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(80), unique=True)
description = db.Column(db.String(255))
class User(db.Model, UserMixin):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(255), unique=True)
password = db.Column(db.String(255))
active = db.Column(db.Boolean())
confirmed_at = db.Column(db.DateTime())
roles = db.relationship('Role', secondary='user_roles',
backref=db.backref('users', lazy='dynamic'))
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
class UserRoles(db.Model):
id = db.Column(db.Integer(), primary_key=True)
user_id = db.Column(db.Integer(), db.ForeignKey('user.id'))
role_id = db.Column(db.Integer(), db.ForeignKey('role.id'))Here, we define a User class and a Role class, and add They are associated with the user_roles table respectively. We also define a user_datastore object for managing user and role information.
Next, we need to configure the parameters and classes we defined through the Security extension library:
security = Security(app, user_datastore)
At this point, we have completed the configuration of Flask-Security. Next, we can use user authentication and password encryption features in our Flask application.
Using Flask-Security for user authentication and password encryption
Before using Flask-Security, we need to create a new Flask blueprint and define some view functions in it to handle users Login, registration, logout and other operations:
from flask import Blueprint, render_template, redirect, url_for, request
from flask_security import login_user, logout_user, current_user, login_required
security_blueprint = Blueprint('security', __name__)
@security_blueprint.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
email = request.form.get('email')
password = request.form.get('password')
user = user_datastore.find_user(email=email)
if user is not None and user.password == password:
login_user(user)
return redirect(url_for('index'))
return redirect(url_for('login'))
return render_template('login.html')
@security_blueprint.route('/logout')
@login_required
def logout():
logout_user()
return redirect(url_for('index'))
@security_blueprint.route('/register', methods=['GET', 'POST'])
def register():
if request.method == 'POST':
email = request.form.get('email')
password = request.form.get('password')
user = user_datastore.create_user(email=email, password=password)
user_datastore.add_role_to_user(user, 'user')
db.session.commit()
login_user(user)
return redirect(url_for('index'))
return render_template('register.html')Here, we define three view functions: login, logout and register. The login function is used to process user login operations, the register function is used to process user registration operations, and the logout function is used to process user logout operations. Among them, we use the login_user and logout_user functions provided by Flask-Security to implement user login and logout functions. In the register function, we use the user_datastore.create_user and user_datastore.add_role_to_user functions to create a new user and assign it a default user role.
Here, we use Flask's template engine to render HTML pages. For details, please refer to the documentation of Flask template engine.
Finally, we need to register this blueprint in our Flask application:
app.register_blueprint(security_blueprint)
At this point, we have completed using Flask-Security. Now, we can launch our Flask application and access it through the browser.
Summary
In this article, we introduced how to use Flask-Security to add user authentication and password encryption capabilities to Python web applications. By studying this article, we can understand the basic usage of Flask-Security and understand some of its characteristics and precautions. In actual applications, we are free to customize and extend the functionality of Flask-Security to meet our needs.
The above is the detailed content of Flask-Security: Adding user authentication and password encryption to Python web applications. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to handle API authentication in Python
Jul 13, 2025 am 02:22 AM
The key to dealing with API authentication is to understand and use the authentication method correctly. 1. APIKey is the simplest authentication method, usually placed in the request header or URL parameters; 2. BasicAuth uses username and password for Base64 encoding transmission, which is suitable for internal systems; 3. OAuth2 needs to obtain the token first through client_id and client_secret, and then bring the BearerToken in the request header; 4. In order to deal with the token expiration, the token management class can be encapsulated and automatically refreshed the token; in short, selecting the appropriate method according to the document and safely storing the key information is the key.
How to test an API with Python
Jul 12, 2025 am 02:47 AM
To test the API, you need to use Python's Requests library. The steps are to install the library, send requests, verify responses, set timeouts and retry. First, install the library through pipinstallrequests; then use requests.get() or requests.post() and other methods to send GET or POST requests; then check response.status_code and response.json() to ensure that the return result is in compliance with expectations; finally, add timeout parameters to set the timeout time, and combine the retrying library to achieve automatic retry to enhance stability.
Python variable scope in functions
Jul 12, 2025 am 02:49 AM
In Python, variables defined inside a function are local variables and are only valid within the function; externally defined are global variables that can be read anywhere. 1. Local variables are destroyed as the function is executed; 2. The function can access global variables but cannot be modified directly, so the global keyword is required; 3. If you want to modify outer function variables in nested functions, you need to use the nonlocal keyword; 4. Variables with the same name do not affect each other in different scopes; 5. Global must be declared when modifying global variables, otherwise UnboundLocalError error will be raised. Understanding these rules helps avoid bugs and write more reliable functions.
Python FastAPI tutorial
Jul 12, 2025 am 02:42 AM
To create modern and efficient APIs using Python, FastAPI is recommended; it is based on standard Python type prompts and can automatically generate documents, with excellent performance. After installing FastAPI and ASGI server uvicorn, you can write interface code. By defining routes, writing processing functions, and returning data, APIs can be quickly built. FastAPI supports a variety of HTTP methods and provides automatically generated SwaggerUI and ReDoc documentation systems. URL parameters can be captured through path definition, while query parameters can be implemented by setting default values ??for function parameters. The rational use of Pydantic models can help improve development efficiency and accuracy.
Python for loop with timeout
Jul 12, 2025 am 02:17 AM
Add timeout control to Python's for loop. 1. You can record the start time with the time module, and judge whether it is timed out in each iteration and use break to jump out of the loop; 2. For polling class tasks, you can use the while loop to match time judgment, and add sleep to avoid CPU fullness; 3. Advanced methods can consider threading or signal to achieve more precise control, but the complexity is high, and it is not recommended for beginners to choose; summary key points: manual time judgment is the basic solution, while is more suitable for time-limited waiting class tasks, sleep is indispensable, and advanced methods are suitable for specific scenarios.
Python for loop over a tuple
Jul 13, 2025 am 02:55 AM
In Python, the method of traversing tuples with for loops includes directly iterating over elements, getting indexes and elements at the same time, and processing nested tuples. 1. Use the for loop directly to access each element in sequence without managing the index; 2. Use enumerate() to get the index and value at the same time. The default index is 0, and the start parameter can also be specified; 3. Nested tuples can be unpacked in the loop, but it is necessary to ensure that the subtuple structure is consistent, otherwise an unpacking error will be raised; in addition, the tuple is immutable and the content cannot be modified in the loop. Unwanted values can be ignored by \_. It is recommended to check whether the tuple is empty before traversing to avoid errors.
How to parse large JSON files in Python?
Jul 13, 2025 am 01:46 AM
How to efficiently handle large JSON files in Python? 1. Use the ijson library to stream and avoid memory overflow through item-by-item parsing; 2. If it is in JSONLines format, you can read it line by line and process it with json.loads(); 3. Or split the large file into small pieces and then process it separately. These methods effectively solve the memory limitation problem and are suitable for different scenarios.
Sending emails from Python script
Jul 12, 2025 am 12:18 AM
TosendemailsusingPython,usethesmtplibandemaillibraries.1)SetupSMTPwithserverdetailsandlogincredentials.2)ComposetheemailusingEmailMessagetosetcontent,subject,sender,andrecipient.3)Sendthemessageviaserver.send_message()andclosetheconnectionwithserver.
