Override Flask-Security's /login endpoint
Funnily enough, I've come across a very similar problem today.If I manage to resolve it in a way I'd consider elegant enough for an SO answer, I'll update this. In the meantime, my thoughts on strategies for approaching the problem are:
- Subclass flask-security and overload only the
@login_requireddecorator to redirect you to the right place. Probably quickest, if the redirection is the only issue you're having. - If you're solely using Oauth, then use an alternative decorator to replace
@login_required. Flask-OAuthlib is a useful library for oath stuff and the documents show you how to protect a resource using the `@oauth.require_oauth' decorator.
Flask-Stormpath is a commercial solution and I'm not familiar enough to comment on whether it covers this particular ground, so I shan't recommend it as a possible approach. However for background reading they have a useful overview of the authentication hornets nest associated with Flask.
You may want to override the original Flask-Security's login view. Something like this:
my_blueprint = Blueprint('my_blueprint', __name__)@bp.route('/login', methods=['GET', 'POST'])@anonymous_user_requireddef my_login_view(): # Do whatever you want to do here. Try to find inspiration in the original codeapp = Flask(__name__)app.register_blueprint(my_blueprint)# You will need to define User and Role classes, see Flask-Security's documentationuser_datastore = SQLAlchemyUserDatastore(db, User, Role)security = Security(app, user_datastore)And that's it. If you want to use the Flask-Security's original HTML template, you will need to override it as well (see Flask-Security's documentation). There you just place your own view instead of the old one:
...<form action="{{ url_for('my_blueprint.my_login') }}" method="POST" name="login_user_form">...