login without required confirmation

[najibfahs]

Peace, First, thank you so much for this wonderful package, and thank you again for the continued support. My issue is this: SECURITY_CONFIRMABLE = True SECURITY_SEND_REGISTER_EMAIL = True SECURITY_LOGIN_WITHOUT_CONFIRMATION = False

When I register a user, I get the message that a confirmation email was sent (and the email is received indeed). However, I am able to log in without clicking on the confirmation link. Is this expected? What I expected is to be redirected to the confirm view so that another email is sent. I should not be allowed to be login if I have not confirmed the email.

In fact, after I register and get the flash message that an email was sent to me for further action, I click on the /confirm URL (not the link in the email) to see whether I am confirmed. I enter my registered email and the system flashes "Your email has already been confirmed" without even clicking on the link in the email. I don't think this is by design. Somehow, I am automatically confirmed without using the link in the email, even if the configuration parameters are set to do otherwise.

what am I doing wrong?

[jwag956]

Hmm - interesting - no - that's not by design. The code looks at the 'confirmed_at' column in your user model - what does that look like?

[najibfahs]

note: the email that I get after registration is actually a welcome email: Welcome xxxxx! You can confirm your email through the link below: Confirm my account

@jwag956: Now that you mentioned that, i think i know what is wrong! I added a default value to that confirmed_at column. confirmed_at = db.Column(db.DateTime, default=datetime.utcnow) let me remove it and test it.

[najibfahs]

indeed! it worked. thanks a lot for the comment. i should not have added a default attribute: _confirmedat = db.Column(db.DateTime) issue solved.