flask-security: Enabling Flask Security causes all requests to load significantly slower

We have recently started using flask-security-too in our codebase, and we integrated it similar to the example given here. However, upon integrating flask-security-too, we noticed that general requests (route, static files, etc.) in development have become significantly slower (1000% slower with images). We have not experimented with any authentication yet.

Loading time with Flask-Security-Too image

Loading time without Flask-Security-Too image

Here are some relevant codebits: Register Function:

def register_security(app):
    """Register Flask-Security-Too"""
    user_datastore = SQLAlchemyUserDatastore(db, dashboard.models.User, dashboard.models.Role)
    security.init_app(app, user_datastore)
    return None

Models:

class RolesUsers(SurrogatePK, Model):
    __tablename__ = 'roles_users'
    user_id = Column('user_id', db.Integer(), db.ForeignKey('users.id'))
    role_id = Column('role_id', db.Integer(), db.ForeignKey('roles.id'))


class Role(RoleMixin, SurrogatePK, Model):
    __tablename__ = 'roles'
    name = Column(db.String(80), unique=True)
    description = Column(db.String(255))


class User(UserMixin, SurrogatePK, Model):
    """A user of the app."""

    __tablename__ = "users"
    email = Column(db.String(255), unique=True, nullable=False)
    #: Randomly generated uuid
    uuid = Column(db.String(32), unique=True, nullable=False)
    #: The hashed password
    password = Column(db.LargeBinary(255), nullable=False)
    last_login_at = Column(db.DateTime())
    current_login_at = Column(db.DateTime())
    last_login_ip = Column(db.String(100))
    current_login_ip = Column(db.String(100))
    login_count = Column(db.Integer())
    active = Column(db.Boolean(), nullable=False, default=False)
    fs_uniquifier = Column(db.String(255))
    confirmed_at = Column(db.DateTime())
    roles = relationship('Role', secondary='roles_users',
                         backref=backref('users', lazy='dynamic'))
    created_at = Column(db.DateTime, nullable=False, default=dt.datetime.utcnow)
    first_name = Column(db.String(30), nullable=True)
    last_name = Column(db.String(30), nullable=True)
    verified = Column(db.Boolean(), nullable=False, default=False)

This is all we have done with the library so far, and we were able to narrow it down to this library by commenting out the register_security() function and testing. We would love to use flask-security-too, is there a reason we are facing this issue?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 1
  • Comments: 19 (19 by maintainers)

Most upvoted comments

Thanks for the update.Not really clear what was going on - Flask-Login generates the session cookie when necessary. I don’t know if there was an issue that 2 different user_loaders were being called or different user id in the session cookie. But glad things are working now.

+1
jwag956 on Apr 14, 2020
Read more comments on GitHub
← flask-admin: Using standard app factory pattern problematic with Flask-Admin's way of using blueprints
flask-restful: Bad Request on GET with header Content-Type →