I'm using the flask-login
library, and I haven't been able to find any good tutorials or documentation on how to go about allowing a user to reset their password through an email. What direction/resources can I look at on how to do this? A thorough google search didn't reveal anything useful.
Base logic:
email
field.Logic to enter/generate password can be different:
flask-login
doesn't take care of reset password emails and other such things. Its just there to manage sessions and cookies.
You should use Flask-Security
which adds password reset functionality and other common security related features to flask. Flask-Security uses flask-login to handle sessions, but adds other features on top to round out the security features:
Email Confirmation
If desired you can require that new users confirm their email address. Flask-Security will send an email message to any new users with an confirmation link. Upon navigating to the confirmation link, the user will be automatically logged in. There is also view for resending a confirmation link to a given email if the user happens to try to use an expired token or has lost the previous email. Confirmation links can be configured to expire after a specified amount of time.
Password Reset/Recovery
Password reset and recovery is available for when a user forgets his or her password. Flask-Security sends an email to the user with a link to a view which they can reset their password. Once the password is reset they are automatically logged in and can use the new password from then on. Password reset links can be configured to expire after a specified amount of time.
User Registration
Flask-Security comes packaged with a basic user registration view. This view is very simple and new users need only supply an email address and their password. This view can be overrided[sic] if your registration process requires more fields.
Flask-Login
only provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time. but not reset password, change password, email confirmation etc.
Flask-security
was the best and easy option to do these. It pretty much handles everything. but it is not actively maintained.
Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. -- From flask-security Github repo
So i recommend Flask-Security-Too
library which is improved version and actively maintained. It also has much more features like 2FA Auth, Unified Sign-In etc
You can install install it using pip
pip install flask-security-too flask-sqlalchemy
and import libraries like
from flask-security import current_user, login_required
There are some complete (but simple) examples available in the examples directory of the Flask-Security repo.
Documentation : https://flask-security-too.readthedocs.io/en/stable/index.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With