Hooks for user_login/user_logout to update 'is_authenticated'

pallets-eco / flask-security

Quick and simple security for Flask applications

MIT License

1.63k stars 513 forks source link

Hooks for user_login/user_logout to update 'is_authenticated' #870

Open MikeSnyder360 opened 2 years ago

MikeSnyder360 commented 2 years ago

Hi. I have a working setup using MongoEngine and I would like to set 'is_authenticated' in the database instead of always returning true. I tried to load login_user as _login_user, and wrap that, but mine is not being invoked.

What is the right way to do this? I was thinking of the reverse for logout_user.

from flask_security import login_user as _login_user

def login_user(user, remember=None):
    print("My Login User Running!")
    user.authenticated = True
    return _login_user(user, remember=None):

MikeSnyder360 commented 2 years ago

I've also tried to override this way:

 flask_security.utils.login_user = login_user
 flask_security.login_user = login_user

jwag956 commented 2 years ago

You should be able to use the login_manager signals - 'user_logged_in' and 'user_logged_out'.

Off question - without knowing anything about your app - this seems like a terrible idea - there are too many ways things could crash that would have 'is_authenticated' in the DB forever. But you say 'instead of always returning true' - so maybe there is something else going on - who wants to know if they are authenticated? if they get a 404 response from an API - they know!

MikeSnyder360 commented 2 years ago

Thanks @jwag956 ! I appreciate your feedback.

It's more from an administration standpoint. If I want to know 'whose logged in right now', I don't really have a way of getting that from the database. That seems like an attainable piece of information.