At 27:23, ur if " if not user and not check_password_hash(user.password, password)" will allow the user to login if the password is wrong, ti should be something like ' if not user OR not check_password_hash(user.password, password)' Because in ur case we have: - if the user doesnt exists, an error will be raised on the user.password - if the user exists then the first (not user) is set to false which wont listen to the second part because its an "and"
When i run "from project import db, create_app" in the terminal it send me this error: File "", line 1, in File "project/__init__.py", line 1, in from flask import Flask ImportError: No module named flask How do i fix this?
Thank you, this came at the right time, when I need to study authorization and authentication for future implementations in my work. Even though it is simple, it helps to have a notion for more complex implementations.
Hi, when i try to run a got this error: flask.cli.NoAppException: Could not import "flaskLogin.flaskLogin". cause my project name is flaskLogin, i've runed export FLASK_APP=flaskLogin
Hey man I am super late, but I had a question everytime I try to import something through terminal it doesn't work. For example, you said to "from project import db", however my thing tells me a module named db doesn't exist. any ideas on how to solve?
thanks for a nice video. But I've a query that i build an ecommerce wesite and when a specific_user adds items to cart it also displays in the other users of the database table.how to resolve it?.Any help is heartfully accepted..
is was great learning.. do you have video where user is added by admin and need to login with correct credential provided by admin. later on where user can reset the password
Hi isn't this authentication flawed? You are sending password to the server in plain-text (over https but if https fails due to certification fuckery or man in the middle, you have plain text) and hashing the password on the server side (although you would salt it on the server before storage so it that is just specifications we skip for simplification). Once you have access to the post, you can just extract the password or send the same post again. Having said that, I understand if you had the post, you would still be able to authenticate if the password was hashed on the client side. So is there anything that could would withstand a SSL failure (man in the middle is difficult to beat) but would not require implementing PGP in javascript + python?
Hi, thank you for this tutorial. I'm trying to build a login page with an username, password and department fields. The app has an User and Department model. Now it needs to know each department the user logged into, for it to be able to render the right template, etc... I've tried storing it in the g variable, using context processors but it did not work as I expected. I needed something like the flask-login package where I would have current_department and be able to access this value from a template or a view function. How should I do this?
Hi Anthony, First of all, this is a great video. I do have a query though that in your auth.py at 28:02 Line 16 it says "if not user and not check_password_hash:" should it be or instead of and because and would need the both of the conditions to be true to execute the function inside the if statement?
Hey Anthony, I really love your videos and they have cleared a lot of concepts for me! Can you please help me with the same task using PostgreSQL as the database?
This was good but I was wondering if there is anyway to set roles or permissions. I like Flask-Login as it is easy but Flask_User has authorization levels. Can I get authorization levels or permissions out of Flask-Login?
You'd have to make them yourself. But Flask-Security might work for you because it's based on Flask-Login but it doesn't give you actual pages like Flask-User.
@Pretty Printed, if you don't mind, could you do a quick tutorial on how to perform authentication where you have multiple models. Maybe something like Student and Staff
Hi there! I realise nobody will care about this unless you speak German, but it drove me crazy the entire video everytime you said "virkzirg" instead of WERKZEUG. In case you're interested: the pronunciation of "Werkzeug" is as follows: the "w" sounds like the "v" in "victory" the "er" sounds like the "arr" in "arrow" the "k" is basically like the english k the "z" is like english "ts" the "eu" sounds like the "oi" in "point" the "g" is like the "g" in "get" Or you can use this for reference: forvo.com/word/werkzeug/ Werkzeug is the German word meaning roughly something like "Tool" or "Toolkit".
hello Sear, i follow your tuto, it's a great thing for me to lear flask. but i can't find the file base.html. can you give the link please of this file. thanks alot
For a basic app it's fine. For apps where you expect more users, you may want to consider focusing more on security. Security depends more on what your use cases is and not some checklist of things to do.
Great vid man. In my case im trying to restrict api access based on user permissions. I'd like to know how that could be done with maybe flask_principle? Also why flask_login and not flask_jwt?
Hey Anthony, I really love your videos and they have cleared a lot of concepts for me! Can you please help me with the same task using MongoDB as the database?
It's just the login_required part, which is the simplest authorization you could have. It can easily be extended to more checks on what type of user is authorized to do what actions.
At 27:23, ur if " if not user and not check_password_hash(user.password, password)" will allow the user to login if the password is wrong, ti should be something like ' if not user OR not check_password_hash(user.password, password)'
Because in ur case we have:
- if the user doesnt exists, an error will be raised on the user.password
- if the user exists then the first (not user) is set to false which wont listen to the second part because its an "and"
You're absolutely right. Thanks for bringing it up.
I confused myself with the logic and didn't notice.
Yeah I noticed that as well, basically there should be an 'or' instead of an 'and'
Join my free course on the basics of Flask-SQLAlchemy: prettyprinted.com/flasksql
🌟❗if you are facing error in running flask app.
Use set in place of export command.
As export is only valid for Unix shells.
use set for windows.
Very nice tutorial it removes all confusion as i first seen video from two year back and now I have a better approch
how to run the app ?? my flask run is not working it there not a way to run it from python app.py
pls, explain how to run this app
how to run it from a py file, not from project folder ?
because I can not deploy it on Heroku
When i run "from project import db, create_app" in the terminal it send me this error:
File "", line 1, in
File "project/__init__.py", line 1, in
from flask import Flask
ImportError: No module named flask
How do i fix this?
Did you install flask?
I just wish you had 10kk subs, you deserve, your vids are lit
Thanks!
thanks for your video.... now i finally understand user authentication and login in flask
Thank you, this came at the right time, when I need to study authorization and authentication for future implementations in my work. Even though it is simple, it helps to have a notion for more complex implementations.
Glad it helped. Make sure you note the correction in this comment thread (at 27:23).
With this video and the token jwt one, you earned my sub bro, keep it up
Too bad I cannot double like this video. You are my hero.
Hi, when i try to run a got this error: flask.cli.NoAppException: Could not import "flaskLogin.flaskLogin". cause my project name is flaskLogin, i've runed export FLASK_APP=flaskLogin
it might cause your project name conflict with flasklogin package?
how to download your code from github?
where is the create_app function called?
This is some great stuff, hope you keep making more.
Hey man I am super late, but I had a question everytime I try to import something through terminal it doesn't work. For example, you said to "from project import db", however my thing tells me a module named db doesn't exist. any ideas on how to solve?
maybe type python before using python commands
Anybody get 'flask login module not found' error during Heroku Deployment?
Brother, simply you're the best!
Thanks for watching!
thanks for a nice video. But I've a query that i build an ecommerce wesite and when a specific_user adds items to cart it also displays in the other users of the database table.how to resolve it?.Any help is heartfully accepted..
This is awesome - thanks man for an amazing video 👌🏾
is was great learning.. do you have video where user is added by admin and need to login with correct credential provided by admin. later on where user can reset the password
kindly provide github source code link for the same
Hi,
How can i deploy this page using heroku
And gunicorn ?
Hi isn't this authentication flawed? You are sending password to the server in plain-text (over https but if https fails due to certification fuckery or man in the middle, you have plain text) and hashing the password on the server side (although you would salt it on the server before storage so it that is just specifications we skip for simplification). Once you have access to the post, you can just extract the password or send the same post again. Having said that, I understand if you had the post, you would still be able to authenticate if the password was hashed on the client side. So is there anything that could would withstand a SSL failure (man in the middle is difficult to beat) but would not require implementing PGP in javascript + python?
Is it save to send your password in plain text like this in form that is being pushed?
Super helpful! Thank you so much.
Hello Anthony..
Flask security login not working with nginx server
Just what i was looking for Thanks!!!!! You are awesome
Thanks for watching!
how did you do the css for this, where can I find this in your github?
Hi
It's a good video it's teach me to basic flask.Thank you very much ♥
Thanks man, This helped a lot!!
Thank you Anthony. Thats what i need..
Thanks for watching!
For mine, it says that the object 'User' has no attribute 'query'
i get internal error 500 when i click on signup button a , please someone help
Hi, thank you for this tutorial. I'm trying to build a login page with an username, password and department fields.
The app has an User and Department model.
Now it needs to know each department the user logged into, for it to be able to render the right template, etc...
I've tried storing it in the g variable, using context processors but it did not work as I expected.
I needed something like the flask-login package where I would have current_department and be able to access this value from a template or a view function. How should I do this?
why didn't you use a DB(use a query/function that checks for user-department relation) or or store user-department in flask sessions.
Cool video, thanks. At 5:55 you don’t need to comment out the code; Python is cool so, skip, just do
def login_pos():
pass
Awesome Tutorial man! Thank you a lot!
You're welcome! Thanks for watching.
Hi Anthony,
First of all, this is a great video. I do have a query though that in your auth.py at 28:02 Line 16 it says "if not user and not check_password_hash:"
should it be or instead of and because and would need the both of the conditions to be true to execute the function inside the if statement?
Yes, it should be an or instead. My mistake.
Does this generate a token? and if so how do I get it? I need it for an API
Thank you very much :)
thanks you, you are very clear!
You're welcome! Thanks for watching.
Do you have any video on role base authorization in flask?
damn this dude helped me alot
Wow! That was awesome!
Can I request a part 2 where email validation is used on this same framework :)
Thank you so much!
I'll consider a video on email validation. Thanks for the idea!
nice video sir..could u be able to make video on how to authenticate multiple users using loginmanager and flask-bluprints
Thanks for sharing, would it be possible to add Google and Facebook login?
Didn't find the Scotch.io link here, so went out and looked for it: scotch.io/tutorials/authentication-and-authorization-with-flask-login
Hey Anthony, I really love your videos and they have cleared a lot of concepts for me! Can you please help me with the same task using PostgreSQL as the database?
login?next=%2Fprofile -
Is it safe??
One question: How should I run this app if I am using pipenv as environment?
solved it: I just added a .flaskenv with this code FLASK_APP=.
This was good but I was wondering if there is anyway to set roles or permissions. I like Flask-Login as it is easy but Flask_User has authorization levels. Can I get authorization levels or permissions out of Flask-Login?
You'd have to make them yourself. But Flask-Security might work for you because it's based on Flask-Login but it doesn't give you actual pages like Flask-User.
@Pretty Printed, if you don't mind, could you do a quick tutorial on how to perform authentication where you have multiple models. Maybe something like Student and Staff
I think you could make a separate login page.
@@samrathchadha5062 Yeah. I figured. It's good practice, apparently, to have a separate auth table. Saved me lots of trouble.
Hi there!
I realise nobody will care about this unless you speak German, but it drove me crazy the entire video everytime you said "virkzirg" instead of WERKZEUG.
In case you're interested:
the pronunciation of "Werkzeug" is as follows:
the "w" sounds like the "v" in "victory"
the "er" sounds like the "arr" in "arrow"
the "k" is basically like the english k
the "z" is like english "ts"
the "eu" sounds like the "oi" in "point"
the "g" is like the "g" in "get"
Or you can use this for reference:
forvo.com/word/werkzeug/
Werkzeug is the German word meaning roughly something like "Tool" or "Toolkit".
Ok.
hello Sear, i follow your tuto, it's a great thing for me to lear flask. but i can't find the file base.html. can you give the link please of this file. thanks alot
I'm using Flask-Bootstrap for the base. If you want to modify it, you have to override with your own.
Would this actually be okay to use alone in Production? Like this is all the security an app has?
For a basic app it's fine. For apps where you expect more users, you may want to consider focusing more on security. Security depends more on what your use cases is and not some checklist of things to do.
Really nice video, but I keep thinking Kermit is teaching me python! :-)
Great vid man. In my case im trying to restrict api access based on user permissions. I'd like to know how that could be done with maybe flask_principle? Also why flask_login and not flask_jwt?
If you have an API the authentication will be different from this video. Check out my API auth video with JWT.
how to use jwt with flask login ?
Hey Anthony, I really love your videos and they have cleared a lot of concepts for me! Can you please help me with the same task using MongoDB as the database?
Maybe this video will help: ruclips.net/video/vVx1737auSE/видео.html
how about signup?
Hey!
How do I get rid of "/login?next=%2Fprofile"?
You'll have to create your own unauthorized callback: flask-login.readthedocs.io/en/latest/#flask_login.LoginManager.unauthorized_handler
so cool
Clean
Thanks for watching!
Registration no?
Are you going to publish the code on github?
Within a few days when I publish the article on Scotch.io.
where is authorization in this example?
It's just the login_required part, which is the simplest authorization you could have. It can easily be extended to more checks on what type of user is authorized to do what actions.
Greet thanks is actually not enough
'load_user' given an errors : User has no attribute 'query'
Make sure your User class is using Flask-SQLAlchemy.
There is only authentication, authorization is not.
Hard to follow
man you said authentication and AUTHORIZATION and there is nothing about authorization.