How to use Flask-Security to implement user authentication and authorization

How to use Flask-Security to implement user authentication and authorization

Introduction:
In modern web applications, user authentication and authorization are essential functions. To simplify this process, Flask-Security is a very useful extension that provides a series of tools and functions to make user authentication and authorization simple and convenient. This article will introduce how to use Flask-Security to implement user authentication and authorization.

1. Install the Flask-Security extension:
Before we begin, we need to install the Flask-Security extension. It can be installed through the pip command, as shown below:

pip install Flask-Security

2. Initialize the Flask application:
First, we need to initialize Flask-Security in the Flask application. You need to import the Flask-Security extension into the application and set up the associated SQLAlchemy database, as shown below:

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_security import Security, SQLAlchemyUserDatastore, UserMixin, RoleMixin

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.db'
app.config['SECRET_KEY'] = 'secret_key'

db = SQLAlchemy(app)

class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(255), unique=True)
    password = db.Column(db.String(255))

class Role(db.Model, RoleMixin):
    id = db.Column(db.Integer, primary_key=True)
    name = db.Column(db.String(80), unique=True)
    description = db.Column(db.String(255))

user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)

3. Create a database:
Flask-Security requires a database to store user and role information. You can use Flask-Migrate to create a database table, as shown below:

from flask_migrate import Migrate

migrate = Migrate(app, db)

if __name__ == '__main__':
    app.run()

Run the following command to create a database table:

flask db init
flask db migrate
flask db upgrade

4. User registration and authentication:
Flask-Security provides A series of view functions to handle user registration and authentication logic. We can bind these view functions through Flask routing, as shown below:

from flask_security import login_required, LoginForm, RegisterForm, current_user

@app.route('/')
@login_required
def home():
    return 'Hello, {}!'.format(current_user.email)

@app.route('/login', methods=['GET', 'POST'])
def login():
    form = LoginForm()

    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data).first()
        if user and user.password == form.password.data:
            login_user(user)
            return redirect(url_for('home'))

    return render_template('login.html', form=form)

@app.route('/register', methods=['GET', 'POST'])
def register():
    form = RegisterForm()

    if form.validate_on_submit():
        user = User(email=form.email.data, password=form.password.data)
        db.session.add(user)
        db.session.commit()
        return redirect(url_for('login'))

    return render_template('register.html', form=form)

5. Role authorization:
In addition to user authentication, Flask-Security also provides role authorization functions. We can use the @roles_required decorator to restrict only users with specific roles to access certain routes, as shown below:

from flask_security import roles_required

@app.route('/admin')
@roles_required('admin')
def admin():
    return 'Admin Page'

6. Summary:
By introducing the Flask-Security extension , we can easily implement user authentication and authorization functions. In this article, we introduce how to initialize Flask-Security, create a database, and implement user registration and authentication and role authorization, and give corresponding code examples. By using Flask-Security, we can save a lot of development efforts and provide more secure and trustworthy web applications.

Note: The above code examples are for reference only and may need to be adjusted and expanded according to specific needs in actual applications.

The above is the detailed content of How to use Flask-Security to implement user authentication and authorization. For more information, please follow other related articles on the PHP Chinese website!