hrishikeshrt
commented
1 year ago I just realized that setting confirm_register_form=flask_security.RegisterForm seems to get me my desired result.
If this is an acceptable thing to do, then I guess we can close this.
(By "acceptable thing", I mean something that doesn't break something else, and I kind of assume that it doesn't since the documentation of ConfirmRegisterForm says The only difference between this and the other RegisterForm is that this one doesn’t require re-typing in the password)
jwag956
I know that setting
SECURITY_CONFIRMABLEtoTruedisables Confirm Password prompt as it is deemed "unnecessary" in the presence of e-mail confirmation. However, I do not see why.First of all, I think that "Confirm Password" is a QoL improvement feature, (and not the lack of it), as it prevents* users from mistyping a password. "Email Confirmation" is a security feature to ensure user's email id is valid and the user has access to it. I do not see why enabling the second should disable the first. At the very list, this should be configurable to allow having both even if for some reason it is kept off by default.