search

pallets-eco / flask-security

Quick and simple security for Flask applications
MIT License
635 stars 155 forks source link

Unable to prevent flask-security to auto login after registration. #799

Closed parthjeet closed 1 year ago

parthjeet commented 1 year ago

When a user is registered, I do not want the user to log in automatically, instead the page should redirect to the login page. Here are my configs:

app.config['SECURITY_REGISTERABLE'] = True
app.config['SECURITY_CONFIRMABLE'] = False
app.config['SECURITY_SEND_REGISTER_EMAIL'] = False
app.config['USER_ENABLE_CONFIRM_EMAIL'] = False
app.config['SECURITY_POST_LOGIN_VIEW'] = '/'
app.config['SECURITY_POST_REGISTER_VIEW'] = '/login_redirect/'

Below is the /login_redirect/ route definition

@app.route('/login_redirect/')
@login_required
def login_redirect():
    return redirect(url_for('security.login'))
jwag956 commented 1 year ago

Correct - if you don't require confirmation, it automatically logs you in.

parthjeet commented 1 year ago

Do you think this can be added in a future release? Giving an option to not automatically log in after registration even if email confirmation is not required?

parthjeet commented 1 year ago

Also, a StackOverflow user(pjcunningham), helped with a workaround.

from flask_security.utils import logout_user

@app.route('/login_redirect/')
@login_required
def login_redirect():
    logout_user()
    return redirect(url_for('security.login'))