python-Flask-Security-Too/no-mongodb.patch

Index: Flask-Security-Too-4.1.2/tests/conftest.py
===================================================================
--- Flask-Security-Too-4.1.2.orig/tests/conftest.py
+++ Flask-Security-Too-4.1.2/tests/conftest.py
@@ -683,7 +683,7 @@ def client_nc(request, sqlalchemy_app):
     return app.test_client(use_cookies=False)
 
 
-@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-mongo", "cl-peewee"])
+@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-peewee"])
 def clients(request, app, tmpdir, realdburl):
     if request.param == "cl-sqlalchemy":
         ds = sqlalchemy_setup(request, app, tmpdir, realdburl)
@@ -729,7 +729,7 @@ def get_message_local(app):
 
 
 @pytest.fixture(
-    params=["sqlalchemy", "sqlalchemy-session", "mongoengine", "peewee", "pony"]
+    params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"]
 )
 def datastore(request, app, tmpdir, realdburl):
     if request.param == "sqlalchemy":
- Update to 4.1.2: * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX * Add public API and CLI command to change a user's password. * Add type hints. Please note that many of the packages that flask-security * Add first-class support for using username for signing in. * Possible open redirect vulnerability. * Improve cookie handling and default ``samesite`` to ``Strict``. * Email validation confusion - added documentation. * Add documentation on how to override specific error messages. * Don't install global-scope tests. * Add Blinker as explicit dependency, improve/fix celery usage docs, don't require pyqrcode unless authenticator configured, improve SMS configuration variables documentation. * Your UserModel must contain ``fs_uniquifier`` * Removal of python 2.7 and <3.6 support * Remove two-factor `/tf-confirm` endpoint and use generic `freshness` mechanism. * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In addition to not making sense - the documentation has never been correct. * Add 2FA Validity Window so an application can configure how often the second factor has to be entered. * Add HTML5 Email input types to email fields. - Refresh no-mongodb.patch - Drop patches: * no-setup-dependencies.patch * fix-dependencies.patch * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch - Add patch use-pyqrcodeng.patch: * Use pyqrcodeng rather than pyqrcode. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14 2022-02-28 06:21:54 +00:00			`Index: Flask-Security-Too-4.1.2/tests/conftest.py`
- Update to 3.4.0: * (:pr:`257`) Support a unified sign in feature. Please see :ref:`unified-sign-in`. * (:pr:`265`) Add phone number validation class. This is used in both unified sign in as well as two-factor when using sms. * (:pr:`274`) Add support for 'freshness' of caller's authentication. This permits endpoints to be additionally protected by ensuring a recent authentication. * (:issue:`99`, :issue:`195`) Support pluggable password validators. Provide a default validator that offers complexity and breached support. * (:issue:`266`) Provide interface to two-factor send_token so that applications can provide error mitigation. Defaults to returning errors if can't send the verification code. * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add fields necessary for the new unified sign in feature and changed 'username' to be unique (but not required). * (:pr:`245`) Use fs_uniquifier as the default Flask-Login 'alternative token'. Basically this means that changing the fs_uniquifier will cause outstanding auth tokens, session and remember me cookies to be invalidated. So if an account gets compromised, an admin can easily stop access. Prior to this cookies were storing the 'id' which is the user's primary key - difficult to change! (kishi85) - Enable the testing - Add patch to not require mongodb during testing: * no-mongodb.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=3 2020-04-05 08:37:47 +00:00			`===================================================================`
- Update to 4.1.2: * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX * Add public API and CLI command to change a user's password. * Add type hints. Please note that many of the packages that flask-security * Add first-class support for using username for signing in. * Possible open redirect vulnerability. * Improve cookie handling and default ``samesite`` to ``Strict``. * Email validation confusion - added documentation. * Add documentation on how to override specific error messages. * Don't install global-scope tests. * Add Blinker as explicit dependency, improve/fix celery usage docs, don't require pyqrcode unless authenticator configured, improve SMS configuration variables documentation. * Your UserModel must contain ``fs_uniquifier`` * Removal of python 2.7 and <3.6 support * Remove two-factor `/tf-confirm` endpoint and use generic `freshness` mechanism. * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In addition to not making sense - the documentation has never been correct. * Add 2FA Validity Window so an application can configure how often the second factor has to be entered. * Add HTML5 Email input types to email fields. - Refresh no-mongodb.patch - Drop patches: * no-setup-dependencies.patch * fix-dependencies.patch * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch - Add patch use-pyqrcodeng.patch: * Use pyqrcodeng rather than pyqrcode. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14 2022-02-28 06:21:54 +00:00			`--- Flask-Security-Too-4.1.2.orig/tests/conftest.py`
			`+++ Flask-Security-Too-4.1.2/tests/conftest.py`
			`@@ -683,7 +683,7 @@ def client_nc(request, sqlalchemy_app):`
Accepting request 900215 from home:alarrosa:branches:devel:languages:python:flask - Update to 3.4.5 * Security Vulnerability Fix. Two CSRF vulnerabilities were reported: qrcode and login. This release fixes the more severe of the 2 - the /login vulnerability. The QRcode issue has a much smaller risk profile since a) it is only for two-factor authentication using an authenticator app b) the qrcode is only available during the time the user is first setting up their authentication app. The QRcode issue has been fixed in 4.0. * Fixed - GET on /login and /change could return the callers authentication_token. This is a security concern since GETs don't have CSRF protection. This bug was introduced in 3.3.0. * Backwards Compatibility Concerns. Fix CSRF vulnerability on /login and /change that could return the callers authentication token. Now, callers can only get the authentication token on successful POST calls. - Update to 3.4.4 * Fix 3 regressions and a couple other bugs * Fixed - Basic Auth broken. When the unauthenticated handler was changed to provide a more uniform/consistent response - it broke using Basic Auth from a browser, since it always redirected rather than returning 401. Now, if the response headers contain WWW-Authenticate (which is set if basic @auth_required method is used), a 401 is returned. See below for backwards compatibility concerns. - As part of figuring out issue 359 - a redirect loop was found. In release 3.3.0 code was put in to redirect to :py:data:`SECURITY_POST_LOGIN_VIEW` when GET or POST was called and the caller was already authenticated. The method OBS-URL: https://build.opensuse.org/request/show/900215 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=12 2021-07-08 06:18:37 +00:00			`return app.test_client(use_cookies=False)`


			`-@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-mongo", "cl-peewee"])`
			`+@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-peewee"])`
			`def clients(request, app, tmpdir, realdburl):`
			`if request.param == "cl-sqlalchemy":`
			`ds = sqlalchemy_setup(request, app, tmpdir, realdburl)`
- Update to 4.1.2: * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX * Add public API and CLI command to change a user's password. * Add type hints. Please note that many of the packages that flask-security * Add first-class support for using username for signing in. * Possible open redirect vulnerability. * Improve cookie handling and default ``samesite`` to ``Strict``. * Email validation confusion - added documentation. * Add documentation on how to override specific error messages. * Don't install global-scope tests. * Add Blinker as explicit dependency, improve/fix celery usage docs, don't require pyqrcode unless authenticator configured, improve SMS configuration variables documentation. * Your UserModel must contain ``fs_uniquifier`` * Removal of python 2.7 and <3.6 support * Remove two-factor `/tf-confirm` endpoint and use generic `freshness` mechanism. * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In addition to not making sense - the documentation has never been correct. * Add 2FA Validity Window so an application can configure how often the second factor has to be entered. * Add HTML5 Email input types to email fields. - Refresh no-mongodb.patch - Drop patches: * no-setup-dependencies.patch * fix-dependencies.patch * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch - Add patch use-pyqrcodeng.patch: * Use pyqrcodeng rather than pyqrcode. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14 2022-02-28 06:21:54 +00:00			`@@ -729,7 +729,7 @@ def get_message_local(app):`
- Update to 3.4.0: * (:pr:`257`) Support a unified sign in feature. Please see :ref:`unified-sign-in`. * (:pr:`265`) Add phone number validation class. This is used in both unified sign in as well as two-factor when using sms. * (:pr:`274`) Add support for 'freshness' of caller's authentication. This permits endpoints to be additionally protected by ensuring a recent authentication. * (:issue:`99`, :issue:`195`) Support pluggable password validators. Provide a default validator that offers complexity and breached support. * (:issue:`266`) Provide interface to two-factor send_token so that applications can provide error mitigation. Defaults to returning errors if can't send the verification code. * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add fields necessary for the new unified sign in feature and changed 'username' to be unique (but not required). * (:pr:`245`) Use fs_uniquifier as the default Flask-Login 'alternative token'. Basically this means that changing the fs_uniquifier will cause outstanding auth tokens, session and remember me cookies to be invalidated. So if an account gets compromised, an admin can easily stop access. Prior to this cookies were storing the 'id' which is the user's primary key - difficult to change! (kishi85) - Enable the testing - Add patch to not require mongodb during testing: * no-mongodb.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=3 2020-04-05 08:37:47 +00:00

			`@pytest.fixture(`
			`- params=["sqlalchemy", "sqlalchemy-session", "mongoengine", "peewee", "pony"]`
			`+ params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"]`
			`)`
			`def datastore(request, app, tmpdir, realdburl):`
			`if request.param == "sqlalchemy":`