Re: [flask] [ANN] Flask-Login 0.1 released
- From:
- Ron DuPlain
- Date:
- 2011-06-05 @ 09:38
Hi Matthew,
On Fri, Jun 3, 2011 at 12:24 PM, Matthew Frazier
<leafstormrush@gmail.com> wrote:
> On PyPI: http://pypi.python.org/pypi/Flask-Login/0.1
> On Bitbucket: https://bitbucket.org/leafstorm/flask-login/
> Documentation: http://packages.python.org/Flask-Login/
This extension looks really great! I like the API you present, right
down to the UserMixin and AnonymousUser. I'm trying Flask-Login on a
project this weekend, and I'll help push this through the approval
process. Two points of feedback, for your consideration:
* Use an extension namespace to avoid collisions with a 'user'
attribute on the request context stack. See Flask-SQLAlchemy for an
example.[1]
* Use app.config to set configurable login/refresh messages.
Flask-Login only has a couple messages for display, and you have clear
hooks for how to customize these. On a more general note, I'd like to
hear from those working on internationalization projects on good
patterns for Flask extensions to support locales.
Thanks,
Ron
[1]:
https://github.com/mitsuhiko/flask-sqlalchemy/blob/master/flaskext/sqlalchemy.py#L640
Re: [flask] [ANN] Flask-Login 0.1 released
- From:
- Tom Atkins
- Date:
- 2011-06-04 @ 08:35
Excellent - thanks for your work on this.
I've also been looking at Sean's 'Flask Skeleton' announced on the list
today. There seems to be a bit of overlap in the login functionality. As a
bit of a newbie I'm not feeling confident enough to evaluate the merits of
both approaches.
Can anyone comment on this?
On 3 June 2011 17:24, Matthew Frazier <leafstormrush@gmail.com> wrote:
> I am proud to announce the release of Flask-Login 0.1, which provides
> user session management for Flask. Its basic features include:
>
> - Logging users in and out
> - Nearly-transparent "Remember Me" functionality
> - Requiring users to log in for views (and customizing what happens when
> they are not logged in)
>
> Since my last progress update, I have added:
>
> - Marking logins "fresh" so that if one's session is reloaded from a
> "Remember Me" cookie, you can require them to re-authenticate before
> accessing sensitive data
> - Support for using different authentication tokens besides the user ID
> - Session protection, to prevent people from stealing session cookies
> - Signals
> - Better tests
>
> On PyPI: http://pypi.python.org/pypi/Flask-Login/0.1
> On Bitbucket: https://bitbucket.org/leafstorm/flask-login/
> Documentation: http://packages.python.org/Flask-Login/
>
> I anticipate it being officially approved soon.
> --
> Regards, Matthew "LeafStorm" Frazier
> http://leafstorm.us/
>
Re: [flask] [ANN] Flask-Login 0.1 released
- From:
- Sean Chittenden
- Date:
- 2011-06-04 @ 17:39
> Excellent - thanks for your work on this.
>
> I've also been looking at Sean's 'Flask Skeleton' announced on the list
today. There seems to be a bit of overlap in the login functionality. As
a bit of a newbie I'm not feeling confident enough to evaluate the merits
of both approaches.
>
> Can anyone comment on this?
I looked at Flask-Login a while and really like it's cookie and session
handling. The reason I didn't implement it out of the shoot was because I
was looking at repose.who and and repose.what for authentication and
authorization (authorization is typically tricky to implement in a
sensible way and something I'd like to support). I'm not sure I'll end up
using either of those options, however.
What I'd like to support is a many-to-many user <=> role, and many-to-many
role<=>view. Once I put a square around that problem, I'll revisit this.
-sc
--
Sean Chittenden
sean@chittenden.org