2018-01-09T17:32:42Z

The Flask Mega-Tutorial Part VI: Profile Page and Avatars

This is the sixth installment of the Flask Mega-Tutorial series, in which I'm going to tell you how to create the user profile page.

For your reference, below is a list of the articles in this series.

This chapter is going to be dedicated to adding user profile pages to the application. A user profile page is a page in which information about a user is presented, often with information entered by the users themselves. I will show you how to generate profile pages for all users dynamically, and then I'll add a small profile editor that users can use to enter their information.

The GitHub links for this chapter are: Browse, Zip, Diff.

User Profile Page

To create a user profile page, let's add a /user/<username> route to the application.

app/routes.py: User profile view function

@app.route('/user/<username>')
@login_required
def user(username):
    user = User.query.filter_by(username=username).first_or_404()
    posts = [
        {'author': user, 'body': 'Test post #1'},
        {'author': user, 'body': 'Test post #2'}
    ]
    return render_template('user.html', user=user, posts=posts)

The @app.route decorator that I used to declare this view function looks a little bit different than the previous ones. In this case I have a dynamic component in it, which is indicated as the <username> URL component that is surrounded by < and >. When a route has a dynamic component, Flask will accept any text in that portion of the URL, and will invoke the view function with the actual text as an argument. For example, if the client browser requests URL /user/susan, the view function is going to be called with the argument username set to 'susan'. This view function is only going to be accessible to logged in users, so I have added the @login_required decorator from Flask-Login.

The implementation of this view function is fairly simple. I first try to load the user from the database using a query by the username. You have seen before that a database query can be executed by calling all() if you want to get all results, or first() if you want to get just the first result or None if there are zero results. In this view function I'm using a variant of first() called first_or_404(), which works exactly like first() when there are results, but in the case that there are no results automatically sends a 404 error back to the client. Executing the query in this way I save myself from checking if the query returned a user, because when the username does not exist in the database the function will not return and instead a 404 exception will be raised.

If the database query does not trigger a 404 error, then that means that a user with the given username was found. Next I initialize a fake list of posts for this user, finally render a new user.html template to which I pass the user object and the list of posts.

The user.html template is shown below:

app/templates/user.html: User profile template

{% extends "base.html" %}

{% block content %}
    <h1>User: {{ user.username }}</h1>
    <hr>
    {% for post in posts %}
    <p>
    {{ post.author.username }} says: <b>{{ post.body }}</b>
    </p>
    {% endfor %}
{% endblock %}

The profile page is now complete, but a link to it does not exist anywhere in the web site. To make it a bit more easy for users to check their own profile, I'm going to add a link to it in the navigation bar at the top:

app/templates/base.html: User profile template

    <div>
      Microblog:
      <a href="{{ url_for('index') }}">Home</a>
      {% if current_user.is_anonymous %}
      <a href="{{ url_for('login') }}">Login</a>
      {% else %}
      <a href="{{ url_for('user', username=current_user.username) }}">Profile</a>
      <a href="{{ url_for('logout') }}">Logout</a>
      {% endif %}
    </div>

The only interesting change here is the url_for() call that is used to generate the link to the profile page. Since the user profile view function takes a dynamic argument, the url_for() function receives a value for it as a keyword argument. Since this is a link that points to the logged in's user profile, I can use Flask-Login's current_user to generate the correct URL.

User Profile Page

Give the application a try now. Clicking on the Profile link at the top should take you to your own user page. At this point there are no links that will take to the profile page of other users, but if you want to access those pages you can type the URL by hand in the browser's address bar. For example, if you have a user named "john" registered on your application, you can view the corresponding user profile by typing http://localhost:5000/user/john in the address bar.

Avatars

I'm sure you agree that the profile pages that I just built are pretty boring. To make them a bit more interesting, I'm going to add user avatars, but instead of having to deal with a possibly large collection of uploaded images in the server, I'm going to use the Gravatar service to provide images for all users.

The Gravatar service is very simple to use. To request an image for a given user, a URL with the format https://www.gravatar.com/avatar/<hash>, where <hash> is the MD5 hash of the user's email address. Below you can see how to obtain the Gravatar URL for a user with email john@example.com:

>>> from hashlib import md5
>>> 'https://www.gravatar.com/avatar/' + md5(b'john@example.com').hexdigest()
'https://www.gravatar.com/avatar/d4c74594d841139328695756648b6bd6'

If you want to see an actual example, my own Gravatar URL is:

https://www.gravatar.com/avatar/729e26a2a2c7ff24a71958d4aa4e5f35

Here is what Gravatar returns for this URL:

Miguel's Gravatar

By default the image size returned is 80x80 pixels, but a different size can be requested by adding a s argument to the URL's query string. For example, to obtain my own avatar as a 128x128 pixel image, the URL is \linebreak https://www.gravatar.com/avatar/729e26a2a2c7ff24a71958d4aa4e5f35?s=128.

Another interesting argument that can be passed to Gravatar as a query string argument is d, which determines what image Gravatar provides for users that do not have an avatar registered with the service. My favorite is called "identicon", which returns a nice geometric design that is different for every email. For example:

Identicon Gravatar

Note that some web browser extensions such as Ghostery block Gravatar images, as they consider that Automattic (the owners of the Gravatar service) can determine what sites you visit based on the requests they get for your avatar. If you don't see avatars in your browser, consider that the problem may be due to an extension that you have installed in your browser.

Since avatars are associated with users, it makes sense to add the logic that generates the avatar URLs to the user model.

app/models.py: User avatar URLs

from hashlib import md5
# ...

class User(UserMixin, db.Model):
    # ...
    def avatar(self, size):
        digest = md5(self.email.lower().encode('utf-8')).hexdigest()
        return 'https://www.gravatar.com/avatar/{}?d=identicon&s={}'.format(
            digest, size)

The new avatar() method of the User class returns the URL of the user's avatar image, scaled to the requested size in pixels. For users that don't have an avatar registered, an "identicon" image will be generated. To generate the MD5 hash, I first convert the email to lower case, as this is required by the Gravatar service. Then, because the MD5 support in Python works on bytes and not on strings, I encode the string as bytes before passing it on to the hash function.

If you are interested in learning about other options offered by the Gravatar service, visit their documentation website.

The next step is to insert the avatar images in the user profile template:

app/templates/user.html: User avatar in template

{% extends "base.html" %}

{% block content %}
    <table>
        <tr valign="top">
            <td><img src="{{ user.avatar(128) }}"></td>
            <td><h1>User: {{ user.username }}</h1></td>
        </tr>
    </table>
    <hr>
    {% for post in posts %}
    <p>
    {{ post.author.username }} says: <b>{{ post.body }}</b>
    </p>
    {% endfor %}
{% endblock %}

The nice thing about making the User class responsible for returning avatar URLs is that if some day I decide Gravatar avatars are not what I want, I can just rewrite the avatar() method to return different URLs, and all the templates will start showing the new avatars automatically.

I have a nice big avatar at the top of the user profile page, but really there is no reason to stop there. I have some posts from the user at the bottom that could each have a little avatar as well. For the user profile page of course all posts will have the same avatar, but then I can implement the same functionality on the main page, and then each post will be decorated with the author's avatar, and that will look really nice.

To show avatars for the individual posts I just need to make one more small change in the template:

app/templates/user.html: User avatars in posts

{% extends "base.html" %}

{% block content %}
    <table>
        <tr valign="top">
            <td><img src="{{ user.avatar(128) }}"></td>
            <td><h1>User: {{ user.username }}</h1></td>
        </tr>
    </table>
    <hr>
    {% for post in posts %}
    <table>
        <tr valign="top">
            <td><img src="{{ post.author.avatar(36) }}"></td>
            <td>{{ post.author.username }} says:<br>{{ post.body }}</td>
        </tr>
    </table>
    {% endfor %}
{% endblock %}

Avatars

Using Jinja2 Sub-Templates

I designed the user profile page so that it displays the posts written by the user, along with their avatars. Now I want the index page to also display posts with a similar layout. I could just copy/paste the portion of the template that deals with the rendering of a post, but that is really not ideal because later if I decide to make changes to this layout I'm going to have to remember to update both templates.

Instead, I'm going to make a sub-template that just renders one post, and then I'm going to reference it from both the user.html and index.html templates. To begin, I can create the sub-template, with just the HTML markup for a single post. I'm going to name this template app/templates/_post.html. The _ prefix is just a naming convention to help me recognize which template files are sub-templates.

app/templates/_post.html: Post sub-template

    <table>
        <tr valign="top">
            <td><img src="{{ post.author.avatar(36) }}"></td>
            <td>{{ post.author.username }} says:<br>{{ post.body }}</td>
        </tr>
    </table>

To invoke this sub-template from the user.html template I use Jinja2's include statement:

app/templates/user.html: User avatars in posts

{% extends "base.html" %}

{% block content %}
    <table>
        <tr valign="top">
            <td><img src="{{ user.avatar(128) }}"></td>
            <td><h1>User: {{ user.username }}</h1></td>
        </tr>
    </table>
    <hr>
    {% for post in posts %}
        {% include '_post.html' %}
    {% endfor %}
{% endblock %}

The index page of the application isn't really fleshed out yet, so I'm not going to add this functionality there yet.

More Interesting Profiles

One problem the new user profile pages have is that they don't really show much on them. Users like to tell a bit about them on these pages, so I'm going to let them write something about themselves to show here. I'm also going to keep track of what was the last time each user accessed the site and also show display it on their profile page.

The first I need to do to support all this extra information is to extend the users table in the database with two new fields:

app/models.py: New fields in user model

class User(UserMixin, db.Model):
    # ...
    about_me = db.Column(db.String(140))
    last_seen = db.Column(db.DateTime, default=datetime.utcnow)

Every time the database is modified it is necessary to generate a database migration. In Chapter 4 I showed you how to set up the application to track database changes through migration scripts. Now I have two new fields that I want to add to the database, so the first step is to generate the migration script:

(venv) $ flask db migrate -m "new fields in user model"
INFO  [alembic.runtime.migration] Context impl SQLiteImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.autogenerate.compare] Detected added column 'user.about_me'
INFO  [alembic.autogenerate.compare] Detected added column 'user.last_seen'
  Generating migrations/versions/37f06a334dbf_new_fields_in_user_model.py ... done

The output of the migrate command looks good, as it shows that the two new fields in the User class were detected. Now I can apply this change to the database:

(venv) $ flask db upgrade
INFO  [alembic.runtime.migration] Context impl SQLiteImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade 780739b227a7 -> 37f06a334dbf, new fields in user model

I hope you realize how useful it is to work with a migration framework. Any users that were in the database are still there, the migration framework surgically applies the changes in the migration script without destroying any data.

For the next step, I'm going to add these two new fields to the user profile template:

app/templates/user.html: Show user information in user profile template

{% extends "base.html" %}

{% block content %}
    <table>
        <tr valign="top">
            <td><img src="{{ user.avatar(128) }}"></td>
            <td>
                <h1>User: {{ user.username }}</h1>
                {% if user.about_me %}<p>{{ user.about_me }}</p>{% endif %}
                {% if user.last_seen %}<p>Last seen on: {{ user.last_seen }}</p>{% endif %}
            </td>
        </tr>
    </table>
    ...
{% endblock %}

Note that I'm wrapping these two fields in Jinja2's conditionals, because I only want them to be visible if they are set. At this point these two new fields are empty for all users, so you are not going to see these fields if you run the application now.

Recording The Last Visit Time For a User

Let's start with the last_seen field, which is the easier of the two. What I want to do is write the current time on this field for a given user whenever that user sends a request to the server.

Adding the login to set this field on every possible view function that can be requested from the browser is obviously impractical, but executing a bit of generic logic ahead of a request being dispatched to a view function is such a common task in web applications that Flask offers it as a native feature. Take a look at the solution:

app/routes.py: Record time of last visit

from datetime import datetime

@app.before_request
def before_request():
    if current_user.is_authenticated:
        current_user.last_seen = datetime.utcnow()
        db.session.commit()

The @before_request decorator from Flask register the decorated function to be executed right before the view function. This is extremely useful because now I can insert code that I want to execute before any view function in the application, and I can have it in a single place. The implementation simply checks if the current_user is logged in, and in that case sets the last_seen field to the current time. I mentioned this before, a server application needs to work in consistent time units, and the standard practice is to use the UTC time zone. Using the local time of the system is not a good idea, because then what goes in the database is dependent on your location. The last step is to commit the database session, so that the change made above is written to the database. If you are wondering why there is no db.session.add() before the commit, consider that when you reference current_user, Flask-Login will invoke the user loader callback function, which will run a database query that will put the target user in the database session. So you can add the user again in this function, but it is not necessary because it is already there.

If you view your profile page after you make this change, you will see the "Last seen on" line with a time that is very close to the current time. And if you navigate away from the profile page and then return, you will see that the time is constantly updated.

The fact that I'm storing these timestamps in the UTC timezone makes the time displayed on the profile page also be in UTC. In addition to that, the format of the time is not what you would expect, since it is actually the internal representation of the Python datetime object. For now, I'm not going to worry about these two issues, since I'm going to address the topic of handling dates and times in a web application in a later chapter.

Last Seen Time

Profile Editor

I also need to give users a form in which they can enter some information about themselves. The form is going to let users change their username, and also write something about themselves, to be stored in the new about_me field. Let's start writing a form class for it:

app/forms.py: Profile editor form

from wtforms import StringField, TextAreaField, SubmitField
from wtforms.validators import DataRequired, Length

# ...

class EditProfileForm(FlaskForm):
    username = StringField('Username', validators=[DataRequired()])
    about_me = TextAreaField('About me', validators=[Length(min=0, max=140)])
    submit = SubmitField('Submit')

I'm using a new field type and a new validator in this form. For the "About" field I'm using a TextAreaField, which is a multi-line box in which the user can enter text. To validate this field I'm using Length, which will make sure that the text entered is between 0 and 140 characters, which is the space I have allocated for the corresponding field in the database.

The template that renders this form is shown below:

app/templates/edit_profile.html: Profile editor form

{% extends "base.html" %}

{% block content %}
    <h1>Edit Profile</h1>
    <form action="" method="post">
        {{ form.hidden_tag() }}
        <p>
            {{ form.username.label }}<br>
            {{ form.username(size=32) }}<br>
            {% for error in form.username.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>
            {{ form.about_me.label }}<br>
            {{ form.about_me(cols=50, rows=4) }}<br>
            {% for error in form.about_me.errors %}
            <span style="color: red;">[{{ error }}]</span>
            {% endfor %}
        </p>
        <p>{{ form.submit() }}</p>
    </form>
{% endblock %}

And finally, here is the view function that ties everything together:

app/routes.py: Edit profile view function

from app.forms import EditProfileForm

@app.route('/edit_profile', methods=['GET', 'POST'])
@login_required
def edit_profile():
    form = EditProfileForm()
    if form.validate_on_submit():
        current_user.username = form.username.data
        current_user.about_me = form.about_me.data
        db.session.commit()
        flash('Your changes have been saved.')
        return redirect(url_for('edit_profile'))
    elif request.method == 'GET':
        form.username.data = current_user.username
        form.about_me.data = current_user.about_me
    return render_template('edit_profile.html', title='Edit Profile',
                           form=form)

This view function processes the form in a slightly different way. If validate_on_submit() returns True I copy the data from the form into the user object and then write the object to the database. But when validate_on_submit() returns False it can be due to two different reasons. First, it can be because the browser just sent a GET request, which I need to respond by providing an initial version of the form template. It can also be when the browser sends a POST request with form data, but something in that data is invalid. For this form, I need to treat these two cases separately. When the form is being requested for the first time with a GET request, I want to pre-populate the fields with the data that is stored in the database, so I need to do the reverse of what I did on the submission case and move the data stored in the user fields to the form, as this will ensure that those form fields have the current data stored for the user. But in the case of a validation error I do not want to write anything to the form fields, because those were already populated by WTForms. To distinguish between these two cases, I check request.method, which will be GET for the initial request, and POST for a submission that failed validation.

User Profile Editor

To make it easy for users to access the profile editor page, I can add a link in their profile page:

app/templates/user.html: Edit profile link

                {% if user == current_user %}
                <p><a href="{{ url_for('edit_profile') }}">Edit your profile</a></p>
                {% endif %}

Pay attention to the clever conditional I'm using to make sure that the Edit link appears when you are viewing your own profile, but not when you are viewing the profile of someone else.

User Profile Page with Edit Link

213 comments

  • #126 Vivek Varma said 2019-11-12T11:33:22Z

    Hey Michael ,

    I'm getting this error after adding the view for username : jinja2.exceptions.UndefinedError: 'user' is undefined

    Any idea how I can go about solving it?

  • #127 Miguel Grinberg said 2019-11-12T11:41:48Z

    @Vivek: you need to pass a user keyword argument in the call to render_template.

  • #128 jin said 2019-12-07T07:05:18Z

    Hi,

    First of all, great tutorial. I'm learning a lot with it.

    While going through chapter6 I ran into an issue I'm not able to solve and I was hoping you could give me a hint on how to deal with it.

    jinja2.exceptions.TemplateSyntaxError: unexpected char '"' at 79

  • #129 Miguel Grinberg said 2019-12-07T11:30:16Z

    @jin: you have an error in one of your template files. You did not include the full error, so I don't know which, but it appears that on this file you have an unexpected quote in line 79. You need to figure out which template file is this from the error message and then compare that line against my version to fix it.

  • #130 Gabor Maghera said 2019-12-30T19:50:46Z

    In the User class inside models.py, I notice that a function reference is passed instead of making a function call:

    last_seen = db.Column(db.DateTime, default=datetime.utcnow)

    vs.

    current_user.last_seen = datetime.utcnow() in routes.py.

    How would you write a default which calls a function with an argument?

  • #131 Miguel Grinberg said 2019-12-31T08:14:58Z

    @Gabor: You can use functools.partial from the Python standard library to create a callable with predefined arguments. Example:

    from functools import partial def my_function(arg): ... print(arg) ... f = partial(my_function, 123) f() 123

  • #132 tcpzix said 2020-01-08T12:41:20Z

    hi there and tnx so much for your good tutorial i cant find why my last_seen function not work!!! i have the the last seen column in database but its empty and i think below function never run for me

    @app.before_request def before_request(): if current_user.is_authenticated: current_user.last_seen = datetime.utcnow() db.session.commit()

    where should i add it to get run and save the last seen for client??

  • #133 Miguel Grinberg said 2020-01-08T17:27:33Z

    @tcpzix: the function can be in any file really, the important thing is that it is imported, because the decorator registers it with Flask. If the file in which the function is located is not imported then Flask will not see it.

  • #134 Brandon said 2020-01-15T03:57:46Z

    Thanks so much for what you've done. I just bought your book as well. Looks pretty similar, but I'm still going to read through and follow along to see the differences and similarities. Looking forward to that. I do have a question, though... The code below is for the profile editor. Once the profile has been edited, the page is redirected to the same page (edit_profile).

    @app.route('/edit_profile', methods=['GET', 'POST']) @login_required def edit_profile(): form = EditProfileForm() if form.validate_on_submit(): current_user.username = form.username.data current_user.about_me = form.about_me.data db.session.commit() flash('Your changes have been saved.') return redirect(url_for('edit_profile')) elif request.method == 'GET': form.username.data = current_user.username form.about_me.data = current_user.about_me return render_template('edit_profile.html', title='Edit Profile', form=form)

    I attempted to change it to the user profile page by changing the following:

    flash('Your changes have been saved.') return redirect(url_for('user'))

    as was defined by the @app.route ('/user/'), but I continue to receive an error:

    werkzeug.routing.BuildError werkzeug.routing.BuildError: Could not build url for endpoint 'user'. Did you forget to specify values ['username']?

    Your help is greatly appreciated!

    Thanks!!

  • #135 Miguel Grinberg said 2020-01-15T08:07:36Z

    @Brandon: the user route takes an argument, the username. The redirect should be to url_for('user', username=current_user.username).

  • #136 Rémy Ntshaykolo said 2020-01-29T14:06:45Z

    I love this blog. Thank you for this tutorial

  • #137 kacper said 2020-02-21T23:07:13Z

    Hello, I have a small but quite deavestating problem: "db is not defined" in routes.py, I have looked through all of the code for misstypes to be sure, I have even copy-pasted it, yet still I get the same error.

    Thank you for this whole tutorial it is absolutely great.

  • #138 Miguel Grinberg said 2020-02-21T23:53:26Z

    @kacper: have you imported it in the place that you are using? You can download the fully working code for each chapter from the GitHub links at the top each article. That should allow you to find the mistake.

  • #139 Kinga said 2020-02-24T02:55:36Z

    Hi Miguel,

    I've been trying to solve a bit of a problem with my code, fruitlessly: when I try to access my user page, already registered and logged in, all I get is the 404 error page. I tried to look at my routing but nothing seems out of order there

    @bp.route('/user/') @login_required def user(username): user = User.query.filter_by(username=current_user.username).first_or_404() page = request.args.get('page', 1, type=int) posts = user.posts.order_by(Post.timestamp.desc()).paginate( page, current_app.config['POSTS_PER_PAGE'], False) next_url = url_for('main.user', username=user.username, page=posts.next_num) if posts.has_next else None prev_url = url_for('main.user', username=user.username, page=posts.prev_num) if posts.has_prev else None return render_template('user.html', user=user, posts=posts.items, next_url=next_url, prev_url=prev_url)

    Since trying to pass 'username' as an argument to build the url for the page didn't work, I passed in userID which was my version of the username column in my database. {{ _('Profile') }}

    The link in the navbar supposedly works, but the url does not include the actual userame and the template doesn't load. http://127.0.0.1:5000/user/

    Now I can't figure out where the issue could be, the link, the route, the template or the form...

    Your help is greatly appreciated, thanks for the great tutorial!

  • #140 Miguel Grinberg said 2020-02-24T10:53:44Z

    @Kinga: the key to debug this is to look at the URL in the link that you click that gives you a 404. See what that link says in the page. If it isn't the expected http://localhost:5000/user/, then you need to look at the template, to see why you are generating a broken link there. I think that's the most likely problem. If the link is correct, and yet you get a 404, then you need to look at why your user() view function isn't being imported by Flask.

  • #141 Oliver said 2020-03-04T20:49:47Z

    Hi, this is great! I was wondering why wtf-flask's helper validate_on_submit only works with POST requests? I can find no answer anywhere, but in my mind it would make more sense to allow any of the "state changing" HTTP method, esp. PUT, PATCH, DELETE, in order to be able to implement a REST-API. Am I missing anything or is it just an oversight because in the end, HTTP methods matter much less than they were intended to? Thanks for any insight! Oliver

  • #142 Miguel Grinberg said 2020-03-05T10:53:32Z

    @Oliver: you can pass any dictionary with form variables as an argument when you create your form class. If your variables do not come in request.form which is the default, just pass the dictionary and the form will work.

  • #143 boris said 2020-03-14T19:17:51Z

    Thank you for your fantastic Flask tutorials! Can you please give some more info (or a separate tutorial page) for flask-login's current_user functionality and how this actually works?

  • #144 Miguel Grinberg said 2020-03-14T19:48:11Z

    @boris: Have you read the Flask-Login documentation? There isn't really much more to say about current_user.

  • #145 elohin said 2020-04-02T10:35:06Z

    Hi there Is it possible to add pics instead of avatars?

  • #146 Miguel Grinberg said 2020-04-02T14:35:05Z

    @elohin: an avatar is also a picture, there is no difference. If you want to add pictures that you host yourself then you need to add support for users to upload those pictures, so there is an additional complication, but other than that you can certainly serve your own pictures as avatars.

  • #147 Ankit Singh said 2020-04-25T19:59:23Z

    Hello Miguel, Its a great tutorial.

    why does the" form.validate_on_submit()" returns false , if i dont include "form.hidden_tag()" in "edit_profile.html" .

    Thank you for this tutorial Ankit

  • #148 Miguel Grinberg said 2020-04-25T22:02:12Z

    @Ankit: with the default settings, Flask-WTF will validate that the client submitted a CSRF token. If you don't put the hidden_tag in your template there will be no CSRF token in the form, so the validation will think the client did not send it.

  • #149 Astrix said 2020-05-10T06:12:36Z

    When i click on Edit profile i get "TypeError: 'NoneType' object is not callable" and points to "edit_profile.html's" 16th line which is:

    {{ form.about_me(cols=50, rows=4) }}

  • #150 Miguel Grinberg said 2020-05-10T13:55:28Z

    @Astrix: the about_me attribute in your form class must be defined incorrectly. Compare against my code to find the mistake.

Leave a Comment