search

pallets-eco / flask-security

Quick and simple security for Flask applications
MIT License
1.63k stars 513 forks source link

Flask security login with correct user id #862

Open earnestman opened 4 years ago

earnestman commented 4 years ago

Hi I use flask security, everything is fine but i can login with correct user id and password! But i want to login only with correct username and password

radusuciu commented 3 years ago

What datastore are you using? My guess is code like this is responsible: https://github.com/mattupstate/flask-security/blob/develop/flask_security/datastore.py#L242-L249

if self._is_numeric(identifier):
    return user_model_query.get(identifier)
for attr in get_identity_attributes():
    query = alchemyFn.lower(getattr(self.user_model, attr)) \
        == alchemyFn.lower(identifier)
    rv = user_model_query.filter(query).first()
    if rv is not None:
        return rv
manganmus commented 3 years ago

I have the same problem - when trying to login (or register a new user), I get "Model.UserDoesNotExist - instance matching query does not exist" . Debug message shows the query is filtering on user.id = the email address given in get_user(). I'm using Peewee for the datastore. Is there a fix for this?

jwag956 commented 3 years ago

I am not sure in 3.0.0 - but in my fork - this should be fixed in 3.4.4: https://pypi.org/project/Flask-Security-Too/

If you try Flask-Security-Too - make sure you follow the quick start guide - in particular:

    # we need the one from UserMixin.
    class User(UserMixin, db.Model):

i.e. the order of inheritence/mixin is important.