1

I am using flask_security to do registration in a flask app. When registering an email address an confirmation mail is sent, but it does not include a confirmation link.

I did not find an option to activate this and there is not much documentation about it.

The current configuration is

app = Flask(__name__)
app.config["DEBUG"] = True
app.config["SECRET_KEY"] = "..."
app.config["SECURITY_REGISTERABLE"] = True
app.config["SECURITY_RECOVERABLE"] = True
app.config["SECURITY_TRACKABLE"] = True
app.config["SECURITY_CHANGEABLE"] = True
app.config["SECURITY_PASSWORD_HASH"] = "sha512_crypt"
app.config["SECURITY_PASSWORD_SALT"] = "..."
app.config["SECURITY_CONFIRM_LOGIN_WITHOUT_CONFIRMATION"] = False
app.config["MAIL_SERVER"] = "smtp.gmail.com"
app.config["MAIL_PORT"] = 465
app.config["MAIL_USE_SSL"] = True
app.config["MAIL_USERNAME"] = "..."
app.config["MAIL_PASSWORD"] = "..."
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:////tmp/flaskpage.db"
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
thafritz
  • 449
  • 1
  • 6
  • 8

1 Answers1

4

You've not set all the settings that should. From the docs

SECURITY_CONFIRMABLE

Specifies if users are required to confirm their email address when registering a new account. If this value is True, Flask-Security creates an endpoint to handle confirmations and requests to resend confirmation instructions. The URL for this endpoint is specified by the SECURITY_CONFIRM_URL configuration option. Defaults to False.

You can also look at the code, it actually uses it value to register your user. From source code

confirmation_link, token = None, None
...
if _security.confirmable:
    confirmation_link, token = generate_confirmation_link(user)
    do_flash(*get_message('CONFIRM_REGISTRATION', email=user.email))

So because of SECURITY_CONFIRMABLE is not set, and its default is False you are getting no link.

Community
  • 1
  • 1
vishes_shell
  • 22,409
  • 6
  • 71
  • 81