search

lingthio / Flask-User

Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.
http://flask-user.readthedocs.io/
MIT License
1.06k stars 294 forks source link

register view while logged in #328

Open najibfahs opened 3 years ago

najibfahs commented 3 years ago

Hello, first time user of Flask-user. While logged in, I don't expect to have access to the registration view. I but I do. I don't believe it is supposed to work this way. Just like the log in view is not accessible while logged in, access to the register view must be denied. So I looked at the code in the login_view function and the following snippet is what prevents access:

Immediately redirect already logged in users

if self.call_or_get(current_user.is_authenticated) and self.USER_AUTO_LOGIN_AT_LOGIN: return redirect(safe_next_url)

But I dont see this under the register_view.

Or am I missing something? thanks!

dometto commented 3 years ago

I second this: this is strange behavior, and there should at least be an option to disable this. Are there any plans to address this?

Thanks for your work on Flask-User!

Chaostheorie commented 3 years ago

You can in this particular case customize the view, if that's important for you.

Below is an example of using customize and a custom function. It's been a while since I touched flask_user so use this as a reference and don't copy-pasta-it. The code is mostly copied from the source code. Reading it will most likely yield you a similar result.

from flask_user.user_manager import UserManager
from flask import redirect

class CustomUserManager(UserManager):
    def custom_register_view(self):
        """Prepare and process the login form."""
        safe_next_url = self._get_safe_next_url('next', self.USER_AFTER_LOGIN_ENDPOINT)

        # Immediately redirect already logged in users
        if self.call_or_get(current_user.is_authenticated) and self.USER_AUTO_LOGIN_AT_LOGIN:
            return redirect(safe_next_url)

        # run normal register view view
        self.register_view_old()

    def customize(self, app):
        self.register_view_old = self.register_view
        self.register_view = self.custom_register_view

user_manager = CustomUserManager(app, db, User)

The Project is on hiatus (not maintained) since about the start of 2020. I would recommend you to either implement the required parts in flask_login or search for another solution.