Reusable Flask authentication module with registration, login, and email verification
Project description
Flask Accounts
Plug-and-play authentication for Flask with UI, database, and email verification included.
A modular, reusable authentication system for Flask applications.
✨ Features
- User registration
- Login / logout
- Email verification (with expiration + resend)
- Password reset flow
- Password hashing (Werkzeug)
- Login and Auth request limiting
- PostgreSQL backend
- Session-based authentication
- Configurable UI (banners, redirects, custom CSS)
- SMTP email support (or terminal mode for development)
- One-command database bootstrap
🚀 Installation
pip install flask-accounts
Latest version: v0.2.0
⚡ Quick Start
Create run.py
from flask import Flask
from flask_accounts import init_auth
app = Flask(__name__)
app.config["SECRET_KEY"] = "your-secret-key"
# Database
app.config["DB_HOST"] = "localhost"
app.config["DB_NAME"] = "accountdb"
app.config["DB_USER"] = "accountuser"
app.config["DB_PASSWORD"] = "yourpassword"
# Email
app.config["SMTP_HOST"] = "smtp.email.com"
app.config["SMTP_PORT"] = 587
app.config["SMTP_USERNAME"] = "youremail@email.com"
app.config["SMTP_PASSWORD"] = "your_app_password"
app.config["SMTP_FROM_EMAIL"] = "youremail@email.com"
# Dev mode (prints emails to terminal)
app.config["USE_TERMINAL_EMAIL"] = True
init_auth(app)
if __name__ == "__main__":
app.run(debug=True)
🛠️ Database Setup
Recommended (first-time setup)
flask --app run.py auth-bootstrap-db
You will be prompted for your PostgreSQL admin credentials.
This command will:
- Create the database (if it does not exist)
- Create the user (if it does not exist)
- Grant permissions
- Initialize all required tables
Then run:
python run.py
Visit the URL shown in your terminal to access your app.
Initialize schema only (existing database)
flask --app run.py auth-init-db
🧩 Working with Your App
Flask Accounts integrates directly with your existing Flask routes and templates.
🔁 Redirects
Control where users are sent after key actions:
LOGIN_REDIRECT = "home" # <- MUST BE IN 'templates/home.html'>
REGISTER_REDIRECT = "auth.verify_email"
VERIFY_EMAIL_REDIRECT = "auth.show_login"
LOGOUT_REDIRECT = "auth.show_login"
These values must match your Flask endpoint names.
Example
from flask import render_template
@app.route("/home")
def home():
return render_template("home.html")
🔓 Logout
Use the built-in logout route:
<form method="POST" action="{{ url_for('auth.logout') }}">
<button type="submit">Logout</button>
</form>
This will:
- Clear the session
- Redirect based on
LOGOUT_REDIRECT
🔐 Protected Route Example
from flask import session, redirect, url_for
@app.route("/dashboard")
def dashboard():
if "user_id" not in session:
return redirect(url_for("auth.show_login"))
return "Welcome to your dashboard"
💡 Notes
- Blueprint routes use: "auth.route_name"
- App routes use: "route_name"
- Session stores
user_idwhen authenticated
🎨 Custom Styling
Place your CSS file in your app:
your_app/static/custom.css
Then configure:
AUTH_CUSTOM_CSS = "custom.css"
📸 Screenshots
🔐 Login
📝 Register
📧 Email Verification
⚙️ Configuration
Required
SECRET_KEY
DB_HOST
DB_NAME
DB_USER
DB_PASSWORD
SMTP_HOST
SMTP_PORT
SMTP_USERNAME
SMTP_PASSWORD
SMTP_FROM_EMAIL
USE_TERMINAL_EMAIL
Optional
# Redirects
LOGIN_REDIRECT = "home"
REGISTER_REDIRECT = "auth.verify_email"
VERIFY_EMAIL_REDIRECT = "auth.show_login"
LOGOUT_REDIRECT = "auth.show_login"
# UI
LOGIN_BANNER = "Welcome Back"
LOGIN_BANNER_MSG = "Login to your account"
REGISTER_BANNER = "Create Account"
REGISTER_BANNER_MSG = "Register to get started"
# Password reset
PASSWORD_RESET_TOKEN_EXPIRY = 3600
RESET_PASSWORD_REDIRECT = "auth.show_login"
# Styling
AUTH_CUSTOM_CSS = "custom.css"
# Rate limiting
AUTH_LOGIN_RATE_LIMIT = "5 per minute"
AUTH_FORGOT_PASSWORD_RATE_LIMIT = "3 per 10 minutes"
AUTH_RESEND_CODE_RATE_LIMIT = "3 per 10 minutes"
AUTH_VERIFY_EMAIL_RATE_LIMIT = "5 per 10 minutes"
🔐 Authentication Flow
- Register
- Verify email
- Login
- Reset password (if needed)
- Access protected routes
- Logout
🔌 Routes
/auth/register
/auth/login
/auth/logout
/auth/verify-email
/auth/resend-code
/auth/forgot-password
/auth/reset-password/<token>
⚠️ Notes
- Session-based authentication (no JWT)
- PostgreSQL via
psycopg2 - Database setup commands are safe to run multiple times (idempotent)
🚀 Roadmap
- OAuth (Google, GitHub)
- JWT / token-based authentication
- SQLAlchemy support
- Rate limiting
🧑💻 Author
Gabriel Leffew
📜 License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_accounts-0.2.0.tar.gz.
File metadata
- Download URL: flask_accounts-0.2.0.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f88cd3016cd14b1e09632b60c938b292fd325a705151dc247e4497fc085d0102
|
|
| MD5 |
fd0869478c50af0834d10b0044f3244b
|
|
| BLAKE2b-256 |
25b7f1bc0acffe3983fef1c5d1a1edfdbc940e3008b6194613fc492761889f7e
|
File details
Details for the file flask_accounts-0.2.0-py3-none-any.whl.
File metadata
- Download URL: flask_accounts-0.2.0-py3-none-any.whl
- Upload date:
- Size: 20.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
60ccee8fd2dcedf3402174d0f2c1a51613dc60d10e07c1ad3b56be94a7205cbe
|
|
| MD5 |
5af97e987ccd8de18283838e4f74826f
|
|
| BLAKE2b-256 |
4acb925e2ce56a14c7910655003253ee94eda95d9c0abc4581f09dee1c902f31
|
