I have now converted our log in system to use the requred flask log-in manager. The rest of the website should also function normally in preventing users from doing things if not logged in.
In order to not convert all forms to flastwtf forms for CSRF protection, I have instead manually added CSRF protection using the flask_wtf.csrf import which allows the app to create a csrf token. The token is then added to all forms as a hidden input field. Once the form is submitted all the CSRF token comparison is handled automatically by flask meaning no additional validation check for the csrf token needs to be added.
Note in the future it would be better to use flaskwtf forms however what we have at the moment is still pretty good
I have now converted our log in system to use the requred flask log-in manager. The rest of the website should also function normally in preventing users from doing things if not logged in.
In order to not convert all forms to flastwtf forms for CSRF protection, I have instead manually added CSRF protection using the flask_wtf.csrf import which allows the app to create a csrf token. The token is then added to all forms as a hidden input field. Once the form is submitted all the CSRF token comparison is handled automatically by flask meaning no additional validation check for the csrf token needs to be added.
Note in the future it would be better to use flaskwtf forms however what we have at the moment is still pretty good