管理员(仅)用户注册,Flask-Security [英] Admin(only) registration of users, Flask-Security
问题描述
我目前正在使用Flask-Security(包括Flask-WTForms,Flask-SQLalchemy和Flask-Login)为Web应用程序建立登录.我已经能够毫不费力地设置我的大部分登录流程,包括忘记密码.但是,我想这样做,以便可以注册用户的唯一方法是通过仅管理员可以访问的页面.我已经成功配置了角色(管理员,用户)并设置了以下视图:
I'm currently building a login for a webapp using Flask-Security (which includes Flask-WTForms, Flask-SQLalchemy and Flask-Login). I've been able to fairly painlessly set up the majority of my login flow, including forgotten password; however I want to make it so that the only way users can be registered is through a page only accessible to the admins. I've managed to configure Roles (Admin, User) and set up the following view:
@app.route('/adminregister')
@roles_accepted('admin')
def adminregister():
return render_template('*')
这将创建成功限制为具有管理员角色的帐户的门户.我不确定如何进行此操作,因为Flask-security没有内置的手段来启用我要尝试执行的操作.
This creates the portal that is successfully limited to accounts with an Admin role. I'm unsure how to proceed for here however, as Flask-security has no built in means to enable what I'm trying to do.
我已经重写RegisterForm来通过正则表达式强制执行密码规则:
I've overridden RegisterForm already to enforce password rules through a regexp:
# fixed register form
class ExtendedRegisterForm(RegisterForm):
password = TextField('Password', [validators.Required(), validators.Regexp(r'(?=.*?[0-9])(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[$-/:-?{-~!"^_`\[\]])')])
基本上我想要一个位于/adminregister的表单,当管理员访问该表单时,它允许输入电子邮件地址,这时首先使用随机且安全的密码在数据库中创建用户,然后再输入发生与忘记密码类似的过程,并创建了1次密码代码来重置密码.
Basically I want a form, located at /adminregister, that when visited by an admin allows for the entry of an email address, at which point first the user is created in the database with a random and secure password, and then a similar process to a forgotten password happens and a 1 time password code is created to reset the password.
我看过的有用的东西
-
在flask-security/views.py中,有被遗忘的密码:
Within flask-security/views.py there is the forgotten passsword code:
def forgot_password():
"""View function that handles a forgotten password request."""
form_class = _security.forgot_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
send_reset_password_instructions(form.user)
if request.json is None:
do_flash(*get_message('PASSWORD_RESET_REQUEST', email=form.user.email))
if request.json:
return _render_json(form, include_user=False)
return _security.render_template(config_value('FORGOT_PASSWORD_TEMPLATE'),
forgot_password_form=form,
**_ctx('forgot_password'))
在flask_security/registerable.py中,有register_user的代码
Within flask_security/registerable.py there is the code for register_user
def register_user(**kwargs):
confirmation_link, token = None, None
kwargs['password'] = encrypt_password(kwargs['password'])
user = _datastore.create_user(**kwargs)
_datastore.commit()
if _security.confirmable:
confirmation_link, token = generate_confirmation_link(user)
do_flash(*get_message('CONFIRM_REGISTRATION', email=user.email))
user_registered.send(app._get_current_object(),
user=user, confirm_token=token)
if config_value('SEND_REGISTER_EMAIL'):
send_mail(config_value('EMAIL_SUBJECT_REGISTER'), user.email, 'welcome',
user=user, confirmation_link=confirmation_link)
return user
我想以某种方式将这两者结合起来,以便在提交带有'/adminregister'唯一字段"Email"的表单时,将在数据库中添加带有安全,随机密码的电子邮件,并向该电子邮件地址发送带有更改密码的链接的电子邮件(最好是一条消息说明).我什至不确定在哪里添加这样的代码,因为没有什么可以专门覆盖的,特别是因为我找不到一种方法来覆盖RegisterForm以具有FEWER字段和相同的功能.
I want to somehow combine these two, so that upon submission of a form with the sole field "Email" at '/adminregister' the email is added with a secure, random password in the database and the email address is sent an email with a link to change there password (and ideally a message explaining). I'm not even sure where I would add such code, as there is nothing to specifically override, especially as I can't find a way to override RegisterForm to have FEWER fields and the same functionality.
我的代码的结构与flask-security文档的 quickstart 一致.
The structure of my code is in line with the flask-security documentation's quickstart.
在此先感谢您提供的任何指导.
Thank you in advance for any guidance you can offer.
推荐答案
我最终使用了以下解决方法:
I ended up using a work around as follows:
-
我启用了注册,但是将注册视图限制为具有管理员角色的用户.
I enabled registration but limited registration view to users with an admin role.
我在视图->注册中使用了del form.password,不再发送带有密码字段的表单.
I used del form.password in views -> register to no longer send the form with a password field.
我在.registerable中执行了以下操作,并生成了一个随机密码填充表格.
I did the following in .registerable, generating a random password to fill the table.
kwargs['password'] = encrypt_password(os.urandom(24))
在注册表单中电子邮件的管理员条目上,我启用了密码识别功能.这意味着用户将立即收到一封电子邮件,以确认其帐户并说明他们已被注册.确认后,他们将重定向到忘记密码"页面,并要求更改密码(基于安全性的限制).
Upon admin entry of an email in the registration form, I had confimable enabled. This means the user would immediatly get an email to confirm their account and explaining they'd been registered. Upon confirmation they are redirected to the forgotten password page and asked to change their password (which is limited based on security).
如果有人想出一种更直接的方法,我将不胜感激.如果有人遇到同样的问题,我会把它留在这里.
If anyone comes up with a more direct way I'd appreciate it. I'm leaving this here in case anyone has the same problem.
这篇关于管理员(仅)用户注册,Flask-Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
