portermahoney
commented
8 years ago Just found an easier work around, simply allow the identity field to be called email. To use this solution you'd want to extend the model and change the displayed name of that field like: class ExtendedLoginForm(LoginForm): email = TextField('Username or email:')
At this point I'd suggest that email simply get called identity_attr or something like that, but it's a more minor suggestion.
Thanks
paway
Currently LoginForm validation returns False if email is not provided: https://github.com/mattupstate/flask-security/blob/4049c0620383f42d37950c7a35af5ddd6df0540f/flask_security/forms.py#L222
I suggest it throw an error only if none of the SECURITY_USER_IDENTITY_ATTRIBUTES are provided.
I'm currently using either: SECURITY_USER_IDENTITY_ATTRIBUTES = ('email', 'username')
I was able override validate() in my ExtendedLoginForm and only error if a user cannot be found from either email or username. But I'd propose a more general solution in LoginForm validate.
Thanks