Porting Customizations¶
• Porting • Basics • Customizations • Advanced
Read this if you have:
- Specified custom Form classes (the .py files)
- Specified custom View functions
- Specified custom Password or username validators
- Specified a custom TokenManager
- Used the optional UserAuth class
This topic assumes that you completed the porting tasks described in Porting Basics.
UserManager customization¶
In v0.6, Flask-User was customized by adding parameters to the UserManager() instantiation. For example:
# Setup Flask-User
db_adapter = SQLAlchemyAdaper(db, User)
user_manager = UserManager(db_adapter, app,
register_form = CustomRegisterForm,
register_view_function = custom_register_view,
password_validator = custom_password_validator,
token_manager = CustomTokenManager())
In v1.0, Flask-User is customized by:
- Extending the CustomUserManager
class
- Setting properties in its customize()
method
- Overriding or extending methods
# Customize Flask-User
class CustomUserManager(UserManager):
def customize(self, app):
# Override properties
self.RegisterFormClass = CustomRegisterForm
self.token_manager = CustomTokenManager(app)
# Override methods
def register_view(self):
...
# Extend methods
def password_validator(self):
super(CustomUserManager, self).password_validator()
...
In v1.0, almost all UserManager
initiation parameters have been obsolted and
now only accepts the following:
- Required parameters
app
,db
andUserClass
. - Optional keyword parameters:
UserEmailClass
andUserInvitationClass
.
See also
Data-model changes¶
UserAuth
class has been dropped in v1.0+ to simplify the Flask-User source code
and make it more readable and easier to customize.See Advanced Porting topics for a workaround if you can not merge the UserAuth and User classes.
UserInvite
class has been renamed to UserInvitation
in v1.0+
to reflect that it’s an object and not an action.Use the following approach to use the new class name while keeping the old table name:
class UserInvitation(db.Model):
__tablename__ = 'user_invite'
...
Password method changes¶
verify_password()
APIverify_password(password, user)
verify_password(password, password_hash)
Please change:
user_manager.verify_password(password, user)
into:
verify_password(password, user.password)
@confirm_email_required decorator deprecated¶
The @confirm_email_required
view decorator has been deprecated for security reasons.
In v0.6, the USER_ENABLE_LOGIN_WITHOUT_CONFIRM_EMAIL
setting removed
confirmed email protection for all the views and required developers to re-protect
the vulnerable views with @confirm_email_required
.
In v1.0+ we adopt the opposite approach where the (renamed) USER_ALLOW_LOGIN_WITHOUT_CONFIRMED_EMAIL=True
setting continues to protect all the views, except those decorated with the
new @allow_unconfirmed_email
decorator.
Contact us¶
We believe this concludes the Porting steps for for applications with a high degree of Flask-User customizations.
If, after reading Advanced Porting topics, you still think this page is incomplete, please email ling.thio@gmail.com.
• Porting • Basics • Customizations • Advanced