Category: Flask

2016-09-29T14:54:27Z

Implementing the "Soft Delete" Pattern with Flask and SQLAlchemy

Soft Deletes

Every time I find myself writing code to delete data from a database I get nervous. What if I later determine that I needed this piece of information, after all? For example, what if having access to this data that was deleted would have helped me reproduce or debug an issue? Or what if the data can be useful for audit purposes in a future version of the application?

You can find lots of reasons to never delete records from your database. But obviously these records that you saved from permanent deletion need to be marked as being "less interesting" than the rest, so that you have something you can use to filter them out in queries. The Soft Delete pattern is one of the available options to implement deletions without actually deleting the data. It does it by adding an extra column to your database table(s) that keeps track of the deleted state of each of its rows. This sounds straightforward to implement, and strictly speaking it is, but the complications that derive from the use of soft deletes are far from trivial. In this article I will discuss some of these issues and how I avoid them in Flask and SQLAlchemy based applications.

15 comments

2016-04-04T17:57:45Z

How Secure Is The Flask User Session?

Many times I hear people say that user sessions in Flask are encrypted, so it is safe to write private information in them. Sadly, this is a misconception that can have catastrophic consequences for your applications and, most importantly, for your users. Don't believe me? Below you can watch me decode a Flask user session in just a few seconds, without needing the application's secret key that was used to encode it.

20 comments

2016-02-29T06:44:29Z

"Flask At Scale" tutorial at PyCon 2016 in Portland

Pycon 2016 Logo

The tutorial line up for PyCon 2016 in Portland, Oregon has been announced, and I'm excited to be part of it with yet another Flask tutorial. For some odd reason, not all the class information I provided with my proposal was published on the PyCon website, so I want to give you a good overview of the material I plan to cover here, to help you decide if this tutorial is for you.

19 comments

2016-02-10T15:21:43Z

Resolving Database Schema Conflicts

If you work on a project that uses database migrations with other developers, it is likely that you have experienced migration conflicts at some point. These occur when two or more developers are merging unrelated features to the master source control branch at around the same time, with each feature requiring different changes to the database.

In this article, I'm going to describe the problem and its solution in detail, using an actual example based on my Flask-Migrate extension. While I will be using commands that are specific to Flask-Migrate and Alembic, the solution to the problem that I present here can be adapted to other database migration frameworks.

8 comments

2015-11-09T08:10:18Z

Customizing the Flask Response Class

The Flask response class, appropriately called Response, is rarely used directly by Flask applications. Instead, Flask uses it under the covers as a container for the response data returned by application route functions, plus some additional information needed to create an HTTP response.

What's not widely known, is that Flask gives applications the option to replace the stock response class with a custom one, opening the door to some neat tricks. In this article I'm going to show you how to take advantage of this technique to simplify your application code.

10 comments

2015-08-09T18:58:46Z

Flask-SocketIO needs your help!

Posted by Miguel Grinberg under Python, Flask.

Some of you know that for the last few weeks I have been quietly but steadily working on a significant new release of Flask-SocketIO that will be labeled 1.0, and that is practically a complete rewrite. Given that this is a fairly popular extension, I would like to ask existing users to test it and provide feedback before it is officially released.

59 comments

2015-05-16T02:09:49Z

Celery and the Flask Application Factory Pattern

After I published my article on using Celery with Flask, several readers asked how this integration can be done when using a large Flask application organized around the application factory pattern. It's a very good question, as it is non-trivial to make Celery, which does not have a dedicated Flask extension, delay access to the application until the factory function is invoked.

In this article I'm going to describe in detail how I added Celery to Flasky, the application featured in my Flask book.

52 comments

2015-04-12T15:41:11Z

My PyCon 2015 Sessions

In this short blog post I want to share the two presentations I gave at PyCon 2015, which are now available to watch on YouTube.

17 comments

2015-03-02T02:54:40Z

About My "Flask Workshop" Tutorial at PyCon 2015

In case you haven't heard, this year I will, once again, host a Flask class at PyCon in Montreal. The class is titled Flask Workshop, and is scheduled for Wednesday, April 8th from 9am to 12:20pm. For some reason not all the information I provided for this class has been published on the PyCon website, so in case you need some help deciding if this class is for you, I have all the details below.

2015-02-17T01:26:04Z

Two Factor Authentication with Flask

In this article I'm going to introduce an authentication scheme known as two factor authentication. As the name implies, this method requires the user to provide two forms of identification: a regular password and a one-time token. This greatly increases account security, because a compromised password alone is not enough to gain access, an attacker also needs to have the token, which is different every time. You can see me do a short demonstration of this technique in the video above.

As usual, this article includes a complete example that implements this authentication technique in a Flask application. You may think this is going to be an advanced article that needs complex cryptographic techniques, specialized hardware and/or proprietary libraries, but in reality it requires none of the above. The solution is relatively simple to add if you already have username and password authentication in place, and can be done entirely with open standards and open-source software. There are even open-source token generation apps for your Android or iOS smartphone!

23 comments