How to disable all auth_required decorators?

[Wasabi-Bobby]

Hello all,
I was curious if there was a way to disable all auth_required decorators. I know flask-login has LOGIN_DISABLED = True when you want to disable all login requirements and was hoping there was a simple way to do this in flask security. I read the API and didn't see any app.config changes that would disable auth_required. I have thought of a few possible solutions, but wanted to know if there were any built-in solutions before continuing with my solutions.

Motive:
I have two different environments I am developing for and need to be able to toggle flask security on and off easily.

[jwag956]

Simple answer is no - there is no simple config that will disable the authn decorators.
Note that without any authentication there won't be a 'user' defined so none of the flask-security endpoints will work - so you should probably make sure FS doesn't register its blueprints.

Not having any identifiable caller seems risky - one quick though I had was to define your own LoginManager (subclass the one in Flask-Login) and provide a user_loader that just sets a pre-configured user. Then everything should just work as long as you are just using sessions for authn (not Basic or tokens).

[Wasabi-Bobby]

Marking as answer since this answered the general question and provided a possible solution. Thank you for the quick reply!

[jennydale]

We had a similar issue: we wanted automated tests to call our auth-protected api routes as if a test user was logged in (without going through actual login every time first). The way we've hacked around it is by manually setting _user_id on the session transaction as part of the test setup. It seems like there must be a better way (and this may not apply to your use case at all), but maybe it'll help someone who finds this thread later.

   with app.session_transaction() as st:
       st["_user_id"] = fs_uniquifier