Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

Add loginable and logoutable config flags #824

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add loginable and logoutable config flags #824

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions docs/configuration.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,26 @@ Feature Flags
change password endpoint. The URL for this endpoint is
specified by the ``SECURITY_CHANGE_URL`` configuration
option. Defaults to ``False``.
``SECURITY_LOGINABLE`` Specifies if Flask-Security should enable the login
endpoint. The URL for this endpoint is specified by
the ``SECURITY_LOGIN_URL`` configuration option.
This should generally be left enabled, unless you
want to use a custom login endpoint instead of the one
provided by Flask-Security. Note that this flag
does not affect whether or not authentication is
enforced across your site's views. For controlling
that, refer to the ``LOGIN_DISABLED`` flag for
Flask-Login. Defaults to ``True``.
``SECURITY_LOGOUTABLE` Specifies if Flask-Security should enable the logout
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
``SECURITY_LOGOUTABLE` Specifies if Flask-Security should enable the logout
``SECURITY_LOGOUTABLE`` Specifies if Flask-Security should enable the logout

endpoint. The URL for this endpoint is specified by
the ``SECURITY_LOGOUT_URL`` configuration option.
This should generally be left enabled, unless you
want to use a custom logout endpoint instead of the
one provided by Flask-Security. Note that this flag
does not affect whether or not authentication is
enforced across your site's views. For controlling
that, refer to the ``LOGIN_DISABLED`` flag for
Flask-Login. Defaults to ``True``.
========================= ======================================================

Email
Expand Down
2 changes: 2 additions & 0 deletions flask_security/core.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@
'TRACKABLE': False,
'PASSWORDLESS': False,
'CHANGEABLE': False,
'LOGINABLE': True,
'LOGOUTABLE': True,
'SEND_REGISTER_EMAIL': True,
'SEND_PASSWORD_CHANGE_EMAIL': True,
'SEND_PASSWORD_RESET_EMAIL': True,
Expand Down
5 changes: 3 additions & 2 deletions flask_security/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,8 @@ def create_blueprint(state, import_name):
subdomain=state.subdomain,
template_folder='templates')

bp.route(state.logout_url, endpoint='logout')(logout)
if state.logoutable:
bp.route(state.logout_url, endpoint='logout')(logout)

if state.passwordless:
bp.route(state.login_url,
Expand All @@ -351,7 +352,7 @@ def create_blueprint(state, import_name):
bp.route(state.login_url + slash_url_suffix(state.login_url,
'<token>'),
endpoint='token_login')(token_login)
else:
elif state.loginable:
bp.route(state.login_url,
methods=['GET', 'POST'],
endpoint='login')(login)
Expand Down
40 changes: 37 additions & 3 deletions tests/test_misc.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,13 @@ def send_email(msg):
assert app.mail_sent is True


def test_register_blueprint_flag(app, sqlalchemy_datastore):
app.security = Security(app, datastore=Security, register_blueprint=False)
def test_not_logoutable(app, sqlalchemy_datastore):
app.config['SECURITY_LOGOUTABLE'] = False
app.security = Security(app, datastore=sqlalchemy_datastore)
client = app.test_client()
response = client.get('/login')
e = '[email protected]'
authenticate(client, email=e)
response = client.get('/logout')
assert response.status_code == 404


Expand Down Expand Up @@ -280,3 +283,34 @@ class MyRegisterForm(RegisterForm):
def test_without_babel(client):
response = client.get('/login')
assert b'Login' in response.data


def test_register_blueprint_flag(app, sqlalchemy_datastore):
app.security = Security(app, datastore=Security, register_blueprint=False)
client = app.test_client()
response = client.get('/login')
assert response.status_code == 404


def test_loginable(app, sqlalchemy_datastore):
app.security = Security(app, datastore=sqlalchemy_datastore)
client = app.test_client()
response = client.get('/login')
assert response.status_code == 200


def test_not_loginable(app, sqlalchemy_datastore):
app.config['SECURITY_LOGINABLE'] = False
app.security = Security(app, datastore=sqlalchemy_datastore)
client = app.test_client()
response = client.get('/login')
assert response.status_code == 404


def test_logoutable(app, sqlalchemy_datastore):
app.security = Security(app, datastore=sqlalchemy_datastore)
client = app.test_client()
e = '[email protected]'
authenticate(client, email=e)
response = client.get('/logout')
assert response.status_code == 302