This project is a Flask application that demonstrates the use of Flask-Security for user authentication and role management. It includes routes for user creation, authentication, and data retrieval, as well as public information access.
- Installation
- Configuration
- Database Models
- Routes
- One-time Setup
- Running the Application
- Navigation
- Example Requests
- Note
- Clone the repository:
git clone https://github.com/your-repo/flask-security-app.git
- Create a virtual environment and activate it:
python3 -m venv venv
source venv/bin/activate # On Windows use `venv\Scripts\activate`
- Install the required packages:
pip install -r requirements.txt
The application uses environment variables for configuration. You can set these variables in your environment or create a .env
file in the root directory.
SECRET_KEY
: Secret key for the Flask application.SECURITY_PASSWORD_SALT
: Salt for password hashing.
The application uses SQLAlchemy for ORM and defines the following models:
- Role: Represents a user role.
class Role(db.Model, fsqla.FsRoleMixin):
id = Column(Integer(), primary_key=True)
name = Column(String(100), unique=True)
description = Column(String(255))
- User: Represents a user.
class User(db.Model, fsqla.FsUserMixin):
id = Column(Integer, primary_key=True)
email = Column(String(255), unique=True)
password = Column(String(255))
active = Column(Boolean())
confirmed_at = Column(DateTime())
roles = relationship('Role', secondary=roles_users, backref=db.backref('users', lazy='dynamic'))
- Home: Requires authentication.
@app.route("/")
@auth_required()
def home():
return render_template_string("Hello {{ current_user.email }}")
- Get User Info: Requires authentication.
@app.route("/api/user", methods=["GET"])
@auth_required()
def get_user_info():
from flask_security import current_user
return jsonify({"email": current_user.email})
- Create User: Public route to create a new user.
@app.route("/api/user", methods=["POST"])
def create_user():
try:
data = request.json
user = user_datastore.create_user(email=data["email"], password=hash_password(data["password"]))
db.session.add(user)
db.session.commit()
return jsonify({"message": "User created successfully"}), 201
except Exception as e:
logging.error(f"Failed to create user: {e}")
return jsonify({"error": "Failed to create user"}), 400
- Public Info: Public route to access information without authentication.
@app.route("/public-info")
def public_info():
return jsonify({"message": "This is public information accessible without authentication."})
- Show Data: Public route to show all users and roles.
@app.route("/data")
def show_data():
users = User.query.all()
roles = Role.query.all()
users_data = [{
'id': user.id,
'email': user.email,
'active': user.active,
'confirmed_at': user.confirmed_at.isoformat() if user.confirmed_at else None,
'roles': [role.name for role in user.roles]
} for user in users]
roles_data = [{
'id': role.id,
'name': role.name,
'description': role.description
} for role in roles]
return jsonify({'users': users_data, 'roles': roles_data})
The application includes a one-time setup to create a test user:
with app.app_context():
db.create_all()
if not user_datastore.find_user(email="test@me.com"):
user_datastore.create_user(email="test@me.com", password=hash_password("password"))
db.session.commit()
To run the application, use the following command:
python app.py
The application will start on http://127.0.0.1:5000/
. You can access the following routes:
GET /
: Home page (requires authentication).GET /api/user
: Retrieve user information (requires authentication).POST /api/user
: Create a new user.GET /public-info
: Access public information.GET /data
: Show all users and roles.
- Home: Visit
http://127.0.0.1:5000/
to see the home page after logging in. - User Info: Use tools like
curl
or Postman to send aGET
request tohttp://127.0.0.1:5000/api/user
with authentication headers. - Create User: Send a
POST
request tohttp://127.0.0.1:5000/api/user
with a JSON body containingemail
andpassword
. - Public Info: Visit
http://127.0.0.1:5000/public-info
to see public information. - Show Data: Visit
http://127.0.0.1:5000/data
to see all users and roles.
- Create User:
curl -X POST http://127.0.0.1:5000/api/user -H "Content-Type: application/json" -d '{"email":"newuser@example.com", "password":"newpassword"}'
- Get User Info:
curl -X GET http://127.0.0.1:5000/api/user -H "Authorization: Bearer <your_token>"
This Flask application demonstrates a simple yet powerful way to manage user authentication and roles using Flask-Security. Feel free to extend the application with more features as needed.