All geek questions in one place

How to override default messages for Flask-Security?

Flask-Security requires a lot of authentication and authorization efforts to develop Python Flask web applications. However, I ran into one problem.

Messages appear on the login page in response to various invalid logins. Examples include: - The specified user does not exist - The password is incorrect - The account is disabled.

This does not comply with safety guidelines. You should not inform the user of information about why his or her login attempt was rejected. The above messages make it easy for a hacker to identify valid usernames.

I would like to override these standard Flask-Security messages, replacing them with something like "Invalid username or password." However, I did not find a convenient way to do this.

These messages are stored in _default_messages at site-packages / flask_security / core.py. I could modify this file, but this is not a good solution: it will break if I reinstall or update Flask-Security.

I know that configures the default flags for security flasks . But opinions contain useful code like

{{ render_field_with_errors(login_user_form.email) }}

which hides implementation details of the login form. I would not want to give up all this useful code and rewrite most of it to change a few posts.

Does anyone know how best to configure messages for logging into Flask-Security?

+4
2

, , :

_default_messages = {
    'INVALID_PASSWORD': ('Invalid password', 'error'),
}

... later on in the init method ....

for key, value in _default_messages.items():
        app.config.setdefault('SECURITY_MSG_' + key, value)

, , , , app.config:

SECURITY_MSG_INVALID_PASSWORD = ('Your username and password do not match our records', 'error'),

, , , babel - . FOSS.

+4

Rachel (btw, core.py ). , . , , , - , . , .

:

  • . :

    SECURITY_MSG_INVALID_PASSWORD = ("Bad username or password", "error")
SECURITY_MSG_PASSWORD_NOT_PROVIDED = ("Bad username or password", "error")
SECURITY_MSG_USER_DOES_NOT_EXIST = ("Bad username or password", "error")

  • , (render_field). flask-bootstrap, , ( , , , ). + - :

    {% macro bootstrap_form_field_no_errors(field,
                    form_type="basic",
                    horizontal_columns=('lg', 2, 10),
                    button_map={}) %}
{% if field.widget.input_type == 'checkbox' %}
  {% call _hz_form_wrap(horizontal_columns, form_type, True) %}
    <div class="checkbox">
      <label>
        {{field()|safe}} {{field.label.text|safe}}
      </label>
    </div>
  {% endcall %}
{%- elif field.type == 'RadioField' -%}
  {# note: A cleaner solution would be rendering depending on the widget,
     this is just a hack for now, until I can think of something better #}
  {% call _hz_form_wrap(horizontal_columns, form_type, True) %}
    {% for item in field -%}
      <div class="radio">
        <label>
          {{item|safe}} {{item.label.text|safe}}
        </label>
      </div>
    {% endfor %}
  {% endcall %}
{%- elif field.type == 'SubmitField' -%}
  {# note: same issue as above - should check widget, not field type #}
  {% call _hz_form_wrap(horizontal_columns, form_type, True) %}
    {{field(class='btn btn-%s' % button_map.get(field.name, 'default'))}}
  {% endcall %}
{%- elif field.type == 'FormField' -%}
{# note: FormFields are tricky to get right and complex setups requiring
   these are probably beyond the scope of what this macro tries to do.
   the code below ensures that things don't break horribly if we run into
   one, but does not try too hard to get things pretty. #}
  <fieldset>
    <legend>{{field.label}}</legend>
    {%- for subfield in field %}
      {% if not bootstrap_is_hidden_field(subfield) -%}
        {{ form_field(subfield,
                      form_type=form_type,
                      horizontal_columns=horizontal_columns,
                      button_map=button_map) }}
      {%- endif %}
    {%- endfor %}
  </fieldset>
{% else -%}
  <div class="form-group">
      {%- if form_type == "inline" %}
        {{field.label(class="sr-only")|safe}}
        {{field(class="form-control", placeholder=field.description, **kwargs)|safe}}
      {% elif form_type == "horizontal" %}
        {{field.label(class="control-label " + (
          " col-%s-%s" % horizontal_columns[0:2]
        ))|safe}}
        <div class=" col-{{horizontal_columns[0]}}-{{horizontal_columns[2]}}">
          {{field(class="form-control", **kwargs)|safe}}
        </div>
        {%- if field.description -%}
          {% call _hz_form_wrap(horizontal_columns, form_type) %}
            <p class="help-block">{{field.description|safe}}</p>
          {% endcall %}
        {%- endif %}
      {%- else -%}
        {{field.label(class="control-label")|safe}}
        {{field(class="form-control", **kwargs)|safe}}

        {%- if field.errors %}
          {%- for error in field.errors %}
            <p class="help-block">{{error}}</p>
          {%- endfor %}
        {%- elif field.description -%}
          <p class="help-block">{{field.description|safe}}</p>
        {%- endif %}
      {%- endif %}
  </div>
{% endif %}
{% endmacro %}

  • , . , , , . , flask-bootstrap, , .

    {% macro fields_errors() %}
{% for field in varargs %}
{% if field.errors %}
  {% for error in field.errors %}
    {% call _hz_form_wrap(horizontal_columns, form_type) %}
      <div class="alert alert-danger">{{error}}</div>
    {% endcall %}
  {% endfor %}
{% endif %}
{% endfor %}
{% endmacro %}

all :

    {{ fields_errors(login_user_form.email, login_user_form.password, login_user_form.remember) }}`
+6
source

Source: https://habr.com/ru/post/1536965/

More articles:


All Articles