@login_required pages are accessible before email confirmation?

[ghost]

-Use Flask-User (0.6.20) -Email confirmation (USER_ENABLE_EMAIL) has to be True -Do the registration process on your website -Do NOT confirm the email and also do NOT log out! Right here and right now you can't access the /user/profile, but you can access any custom made route, even if it has the Flask-User @login_required decorator!

Please advise how to solve this issue!

[lingthio]

Hi @saitam1 ,

[lingthio]

I can not reproduce this issue. These are the steps I took:

• In example_apps/basic_app.py, I adjusted MAIL_USERNAME and MAIL_PASSWORD to my Google email account.
• I run "PYTHONPATH=. python example_apps/basic_app.py
• I register a new user (and do NOT confirm the email)
• I can NOT access the "localhost:5000/members" page, which has "@login_required"

Any chance you can send me relevant source code?

[ghost]

Hi @lingthio This issue occurs if you have a working system and then make changed to the routes and/or database mapping. I have worked around this with @confirm_email_required decorator. But this is not a usual problem.

Nevertheless I don't understand why after renaming some custom routes the /user/register and /user/sign-in stop working with the error message Internal Server Error, but when I try to use my custom route /customroute I am being forwarded by Flask-User to e.g. /user/sign-in?next=/customroute%3F%23 and can login. In this context I had the above mentioned issue.

Edit: I also had to rename my endpoints in settings.py, now everything works fine.

[lingthio]

Ok. I'm Closing this issue.