Models

Flask-Security assumes you’ll be using libraries such as SQLAlchemy, MongoEngine, Peewee or PonyORM to define a data model that includes a User and Role model. The fields on your models must follow a particular convention depending on the functionality your app requires. Aside from this, you’re free to add any additional fields to your model(s) if you want. At the bare minimum your User and Role model should include the following fields:

User

  • id

  • email

  • password

  • active

Role

  • id

  • name

  • description

Additional Functionality

Depending on the application’s configuration, additional fields may need to be added to your User model.

Confirmable

If you enable account confirmation by setting your application’s SECURITY_CONFIRMABLE configuration value to True, your User model will require the following additional field:

  • confirmed_at

Trackable

If you enable user tracking by setting your application’s SECURITY_TRACKABLE configuration value to True, your User model will require the following additional fields:

  • last_login_at

  • current_login_at

  • last_login_ip

  • current_login_ip

  • login_count

Custom User Payload

If you want a custom payload after Register or Login an user, define the method get_security_payload in your User model. The method must return a serializable object:

class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = TextField()
    password = TextField()
    active = BooleanField(default=True)
    confirmed_at = DateTimeField(null=True)
    name = db.Column(db.String(80))

    # Custom User Payload
    def get_security_payload(self):
        return {
            'id': self.id,
            'name': self.name,
            'email': self.email
        }