How to use Flask-Security register view?

Question

Has anyone used Flask-Security extension for authentication? How do I get register view to work?

http://packages.python.org/Flask-Security/customizing.html

I am referring to link above.

 @app.route('/register', methods=['GET'])
 def register():
     return render_template('security/register_user.html')

I don't want to extend the default class, I just want to wrap the default registration view in my site layout so I did this.

{% extends "layout.html" %}
{% block title %}upload{% endblock %}
{% block body %}

{% from "security/_macros.html" import render_field_with_errors, render_field %}
{% include "security/_messages.html" %}
<h1>Register</h1>
<form action="{{ url_for_security('register') }}" method="POST" name="register_user_form">
{{ register_user_form.hidden_tag() }}
{{ render_field_with_errors(register_user_form.email) }}
{{ render_field_with_errors(register_user_form.password) }}
{% if register_user_form.password_confirm %}
   {{ render_field_with_errors(register_user_form.password_confirm) }}
{% endif %}
{{ render_field(register_user_form.submit) }}
</form>
{% include "security/_menu.html" %}

{% endblock %}

And I am getting the following error?

werkzeug.routing.BuildError
BuildError: ('security.register', {}, None)

Answer 1

You don't need to create the view. A default one is included in Flask-Security. You just need to enable it in your flask app config:

app = Flask(__name__)
app.config['SECURITY_REGISTERABLE'] = True

With this, the '/register' route should work.
There is another configuration value to change the URL if desired:

app.config['SECURITY_REGISTER_URL'] = '/create_account'

Other Flask-Security configuration information can be found here: http://pythonhosted.org/Flask-Security/configuration.html

Answer 2

The answer from @dcr is helpful, but I would like to clarify it a bit and make explicit some things which are only implied, both here and in the documentation.

Flask-Security comes with default views (also called routes). Many of them can be enabled using the -ABLE config variables, like so:

app.config["SECURITY_REGISTERABLE"] = True

You have a choice: either enable and use the default view, or leave it disabled and use your own instead. When you enable a view, you cannot then override it. When you think about it, this makes sense. Why enable the view if you're just planning to use your own implementation? How is flask supposed to know which route to use? And on the flip side: if a view is disabled, its endpoint will not work.

If you are using the default view, then you can create URLs to it using e.g. url_for('security.register') (or url_for_security('register') in the old style). Flask-Security will also look for a template in security/TEMPLATE_NAME.html and use it to display the form if it exists. This allows you to make visual changes and wrap the form in your UI as desired.

So, now it should be clear why Werkzeug is complaining. Try running flask routes on the command line, and look at the output. You'll see something like this:

(venv) ⋊> ~/flaskapp on master ⨯ flask routes
Endpoint                    Methods    Rule
--------------------------  ---------  ------------------------------------------
index                       GET        /
register                    GET        /register
security.login              GET, POST  /login
security.logout             GET        /logout
[...]

Notice that the security.register endpoint doesn't exist, because you haven't turned on REGISTERABLE. So url_for('security.register') will fail.

Your view doesn't do anything custom, it just displays the template. This is why @dcr says, correctly, that you don't need to create the view. Let Flask-Security do that for you by deleting your /register route entirely and turning on REGISTERABLE. Because you have properly named the register_user.html template, and placed it in templates/security/, Flask-Security will use it to display the page with the default form (or whatever form you provided when the security object was init'ed).

However! If the code you have there is just a placeholder, and you need to manipulate the form or the page somehow before display or when the user clicks submit, then you are going to want your own view. In this case, you should not enable REGISTERABLE, but this also means that security.register won't be available for you to use in url_for(). Instead, you'll use just 'register' (or '{bp_name}.register' if your registration code is in a Blueprint). Also, you don't need to name your page anything in particular then because you aren't relying on someone else's implementation of the view. You could put it loose in your templates folder and call it register.html. Whatever path you choose, you will need to pass that to render_template() in your view method.

Thanks to @drahoja9 in this answer who finally made this clear to me.

Answer 3

I have not really used Flask-Security but the Builderror is referring to the fact that flask cannot bind the security.register view to a URL. security is the name of the blueprint. So may I suggest you try to call the view as follows. Instead of app.route, use security.route.

@security.route('/register', methods=['GET'])
def register():
    return render_template('security/register_user.html')