Configuring settings¶
• Intro • Settings • Forms • Emails • Advanced
Flask-User default features and settings can overridden through the app config:
# Customize Flask-User settings
USER_ENABLE_EMAIL = True
USER_ENABLE_USERNAME = False
Flask-User settings¶
Below is a complete list of configurable Flask-User settings and their defaults.
Note: Ignore the __Settings part of the class name. It’s a trick we use to split the code and docs across several files.
-
class
UserManager__Settings
Flask-User settings and their defaults.
Feature settings
-
USER_ENABLE_EMAIL
= True - Allow users to login and register with an email address
-
USER_ENABLE_MULTIPLE_EMAILS
= False - Allow users to associate multiple email addresses with one user account.Depends on USER_ENABLE_EMAIL=True
-
USER_ENABLE_USERNAME
= True - Allow users to login and register with a username
-
USER_ENABLE_CHANGE_USERNAME
= True - Allow users to change their username.Depends on USER_ENABLE_USERNAME=True.
-
USER_ENABLE_CHANGE_PASSWORD
= True - Allow users to change their password.
-
USER_ENABLE_CONFIRM_EMAIL
= True - Enable email confirmation emails to be sent.Depends on USER_ENABLE_EMAIL=True.
-
USER_ENABLE_FORGOT_PASSWORD
= True - Allow users to reset their passwords.Depends on USER_ENABLE_EMAIL=True.
-
USER_ENABLE_INVITE_USER
= False - Allow unregistered users to be invited.
-
USER_ENABLE_REGISTER
= True - Allow unregistered users to register.
-
USER_ENABLE_REMEMBER_ME
= True - Remember user sessions across browser restarts.
Generic settings and their defaults
-
USER_ENABLE_AUTH0
= False
-
USER_APP_NAME
= 'USER_APP_NAME' The application name displayed in email templates and page template footers.
-
USER_AUTO_LOGIN
= True Automatic sign-in if the user session has not expired.
-
USER_AUTO_LOGIN_AFTER_CONFIRM
= True Automatic sign-in after a user confirms their email address.
-
USER_AUTO_LOGIN_AFTER_REGISTER
= True Automatic sign-in after a user registers.
-
USER_AUTO_LOGIN_AFTER_RESET_PASSWORD
= True Automatic sign-in after a user resets their password.
-
USER_AUTO_LOGIN_AT_LOGIN
= True Automatic sign-in at the login form (if the user session has not expired).
-
USER_EMAIL_SENDER_EMAIL
= '' - Sender’s email address, used by the EmailAdapters.Required for sending emails.Derived from MAIL_DEFAULT_SENDER or DEFAULT_MAIL_SENDER when specified.
-
USER_EMAIL_SENDER_NAME
= '' - Sender’s name, user by the EmailAdapters.Optional. Defaults to USER_APP_NAME setting.
-
USER_IFIND_MODE
= 'ifind' - The way Flask-User handles case insensitive searches.Valid options are:- ‘ifind’ (default): Use the case insensitive ifind_first_object()- ‘nocase_collation’: username and email fields must be configuredwith an case insensitve collation (collation=’NOCASE’ in SQLAlchemy)so that a regular find_first_object() can be performed.
-
USER_SEND_PASSWORD_CHANGED_EMAIL
= True - Send notification email after a password change.Depends on USER_ENABLE_EMAIL=True.
-
USER_SEND_REGISTERED_EMAIL
= True - Send notification email after a registration.Depends on USER_ENABLE_EMAIL=True.
-
USER_SEND_USERNAME_CHANGED_EMAIL
= True - Send notification email after a username change.Depends on USER_ENABLE_EMAIL=True.
-
USER_REQUIRE_INVITATION
= False - Only invited users may register.Depends on USER_ENABLE_EMAIL=True.
-
USER_ALLOW_LOGIN_WITHOUT_CONFIRMED_EMAIL
= False - Ensure that users can login only with a confirmed email address.Depends on USER_ENABLE_EMAIL=True.
This setting works in tandem with the
@allow_unconfirmed_emails
view decorator to allow users without confirmed email addresses to access certain views.Caution
UseUSER_ALLOW_LOGIN_WITHOUT_CONFIRMED_EMAIL=True
and@allow_unconfirmed_email
with caution, as they relax security requirements.Make sure that decorated views never call other views directly. Allways seredirect()
to ensure proper view protection.
-
USER_REQUIRE_RETYPE_PASSWORD
= True - Require users to retype their password.Affects registration, change password and reset password forms.
-
USER_SHOW_EMAIL_DOES_NOT_EXIST
= False - Show ‘Email does not exist’ message instead of ‘Incorrect Email or password’.Depends on USER_ENABLE_EMAIL=True.
-
USER_SHOW_USERNAME_DOES_NOT_EXIST
= False - Show ‘Username does not exist’ message instead of ‘Incorrect Username or password’.Depends on USER_ENABLE_USERNAME=True.
-
USER_CONFIRM_EMAIL_EXPIRATION
= 172800 - Email confirmation token expiration in seconds.Default is 2 days (2*24*3600 seconds).
-
USER_INVITE_EXPIRATION
= 7776000 - Invitation token expiration in seconds.Default is 90 days (90*24*3600 seconds).
-
USER_RESET_PASSWORD_EXPIRATION
= 172800 - Reset password token expiration in seconds.Default is 2 days (2*24*3600 seconds).
-
USER_USER_SESSION_EXPIRATION
= 3600 - User session token expiration in seconds.Default is 1 hour (1*3600 seconds).
Password hash settings
-
USER_PASSLIB_CRYPTCONTEXT_SCHEMES
= ['bcrypt'] - List of accepted password hashes.See Passlib CryptContext docs on Constructor Keyword `’schemes’`` <http://passlib.readthedocs.io/en/stable/lib/passlib.context.html?highlight=cryptcontext#constructor-keywords>`_Example:
['bcrypt', 'argon2']
Creates new hashes with ‘bcrypt’ and verifies existing hashes with ‘bcrypt’ and ‘argon2’.
-
USER_PASSLIB_CRYPTCONTEXT_KEYWORDS
= {} - Dictionary of CryptContext keywords and hash options.Example:
dict(bcrypt__rounds=12, argon2__time_cost=2, argon2__memory_cost=512)
-
USER_CHANGE_PASSWORD_URL
= '/user/change-password'
-
USER_CHANGE_USERNAME_URL
= '/user/change-username'
-
USER_CONFIRM_EMAIL_URL
= '/user/confirm-email/<token>'
-
USER_EDIT_USER_PROFILE_URL
= '/user/edit_user_profile'
-
USER_EMAIL_ACTION_URL
= '/user/email/<id>/<action>'
-
USER_FORGOT_PASSWORD_URL
= '/user/forgot-password'
-
USER_INVITE_USER_URL
= '/user/invite'
-
USER_LOGIN_URL
= '/user/sign-in'
-
USER_LOGOUT_URL
= '/user/sign-out'
-
USER_MANAGE_EMAILS_URL
= '/user/manage-emails'
-
USER_REGISTER_URL
= '/user/register'
-
USER_RESEND_EMAIL_CONFIRMATION_URL
= '/user/resend-email-confirmation'
-
USER_RESET_PASSWORD_URL
= '/user/reset-password/<token>' Template file settings
-
USER_CHANGE_PASSWORD_TEMPLATE
= 'flask_user/change_password.html'
-
USER_CHANGE_USERNAME_TEMPLATE
= 'flask_user/change_username.html'
-
USER_EDIT_USER_PROFILE_TEMPLATE
= 'flask_user/edit_user_profile.html'
-
USER_FORGOT_PASSWORD_TEMPLATE
= 'flask_user/forgot_password.html'
-
USER_INVITE_USER_TEMPLATE
= 'flask_user/invite_user.html'
-
USER_LOGIN_TEMPLATE
= 'flask_user/login.html'
-
USER_LOGIN_AUTH0_TEMPLATE
= 'flask_user/login_auth0.html'
-
USER_MANAGE_EMAILS_TEMPLATE
= 'flask_user/manage_emails.html'
-
USER_REGISTER_TEMPLATE
= 'flask_user/register.html'
-
USER_RESEND_CONFIRM_EMAIL_TEMPLATE
= 'flask_user/resend_confirm_email.html'
-
USER_RESET_PASSWORD_TEMPLATE
= 'flask_user/reset_password.html' Email template file settings
-
USER_CONFIRM_EMAIL_TEMPLATE
= 'flask_user/emails/confirm_email'
-
USER_INVITE_USER_EMAIL_TEMPLATE
= 'flask_user/emails/invite_user'
-
USER_PASSWORD_CHANGED_EMAIL_TEMPLATE
= 'flask_user/emails/password_changed'
-
USER_REGISTERED_EMAIL_TEMPLATE
= 'flask_user/emails/registered'
-
USER_RESET_PASSWORD_EMAIL_TEMPLATE
= 'flask_user/emails/reset_password'
-
USER_USERNAME_CHANGED_EMAIL_TEMPLATE
= 'flask_user/emails/username_changed' FLask endpoint settings
-
USER_AFTER_CHANGE_PASSWORD_ENDPOINT
= ''
-
USER_AFTER_CHANGE_USERNAME_ENDPOINT
= ''
-
USER_AFTER_CONFIRM_ENDPOINT
= ''
-
USER_AFTER_EDIT_USER_PROFILE_ENDPOINT
= ''
-
USER_AFTER_FORGOT_PASSWORD_ENDPOINT
= ''
-
USER_AFTER_LOGIN_ENDPOINT
= ''
-
USER_AFTER_LOGOUT_ENDPOINT
= ''
-
USER_AFTER_REGISTER_ENDPOINT
= ''
-
USER_AFTER_RESEND_EMAIL_CONFIRMATION_ENDPOINT
= ''
-
USER_AFTER_RESET_PASSWORD_ENDPOINT
= ''
-
USER_AFTER_INVITE_ENDPOINT
= ''
-
USER_UNAUTHENTICATED_ENDPOINT
= 'user.login'
-
USER_UNAUTHORIZED_ENDPOINT
= ''
-
To keep the code base simple and robust, we offer no easy way to change the ‘/user’ base URLs or the ‘/flask_user’ base directories in bulk. Please copy them from this page, then use your editor to bulk-change these settings.