4

I have a python flask app using mongoengine and flask-security built up from the examples to expose all of the confirmation, registration, tracking, and recovery functionality.

Everything works except that a user created imperatively in the code using:

MongoEngineUserDatastore.create_user(...)

cannot login. That is, when you try to login with this user, you get an error message:

"Email requires confirmation"

Since the email with a hashed URL has not been sent, there is no way to confirm. Is there a parameter I can pass somewhere to confirm this user on creation or set the confirmed flag somewhere?

Here's my code:

doru
  • 9,022
  • 2
  • 33
  • 43
David Watson
  • 3,394
  • 2
  • 36
  • 51

2 Answers2

5

I figured it out by confirming a newly registered user and examining mongodb to see what fields were added. Turns out that the required field for confirmation is confirmed_at, which must have a datetime so:

import datetime

# Create a user to test with
@app.before_first_request
def create_user():
    user_datastore.create_user(
        email='me@mydomain.com',
        password=utils.encrypt_password('password'),
        confirmed_at=datetime.datetime.now())

I've updated the gist here:

https://gist.github.com/davidthewatson/327776905ef30815c138

David Watson
  • 3,394
  • 2
  • 36
  • 51
  • Cool - please mark as answered and that will help other users, with similar issues. – Ross Mar 07 '13 at 09:39
  • 1
    I'd love to mark it as answered. Unfortunately, SO doesn't allow me to mark it answered for two days for reasons that are beyond me. – David Watson Mar 07 '13 at 12:46
1

When you create your test user you need to make them active eg:

@app.before_first_request
def create_user():
    user_datastore.create_user(
        email='me@mydomain.com', 
        password=utils.encrypt_password('password'),
        active=True)
Ross
  • 17,861
  • 2
  • 55
  • 73
  • Thanks for your answer, Ross. Unfortunately, that didn't work. It did set the active flag true which can be seen in this mongo query result: > db.user.find() { "_id" : ObjectId("513755fd0d3085357eef0fff"), "_types" : [ "User" ], "roles" : [ ], "_cls" : "User", "active" : true, "password" : "$2a$12$aeT/0Nb9mtQ/hAPAIwoG7.9Q27P9ytz/guDXhE7KbpksskwRZeXCC", "email" : "me@mydomain.com" } but the login still fails with "Email requires confirmation". – David Watson Mar 06 '13 at 14:44
  • The active flag is for flask-login. – nycynik May 05 '16 at 02:35