pool/python-Flask-Security-Too
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to 4.1.2:

Browse Source 
* default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
  * Add public API and CLI command to change a user's password.
  * Add type hints. Please note that many of the packages that flask-security
  * Add first-class support for using username for signing in.
  * Possible open redirect vulnerability.
  * Improve cookie handling and default ``samesite`` to ``Strict``.
  * Email validation confusion - added documentation.
  * Add documentation on how to override specific error messages.
  * Don't install global-scope tests.
  * Add Blinker as explicit dependency, improve/fix celery usage docs,
    don't require pyqrcode unless authenticator configured, improve SMS
    configuration variables documentation.
  * Your UserModel must contain ``fs_uniquifier``
  * Removal of python 2.7 and <3.6 support
  * Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
    mechanism.
  * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
    addition to not making sense - the documentation has never been correct.
  * Add 2FA Validity Window so an application can configure how often the
    second factor has to be entered.
  * Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
  * no-setup-dependencies.patch
  * fix-dependencies.patch
  * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
  * Use pyqrcodeng rather than pyqrcode.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14
This commit is contained in:
Steve Kowalik 2022-02-28 06:21:54 +00:00 committed by Git OBS Bridge
parent 1437fae416
commit 0d52f70841
9 changed files with 80 additions and 241 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
View File

@ -1,50 +0,0 @@
From fc94ad58537d83b1f5500876da4a3026654645ba Mon Sep 17 00:00:00 2001
From: Antonio Larrosa <antonio.larrosa@gmail.com>
Date: Tue, 15 Jun 2021 19:36:50 +0200
Subject: [PATCH] Do not raise a TypeError exception if phone.data is None
Running the tests on the openSUSE build service to generate
packages fails because a TypeError exception is raised.
```
TypeError: object of type 'NoneType' has no len()
```
This commit checks that phone.data is not None before calling
len() in the two lines where the exception is raised.
---
flask_security/forms.py | 3 ++-
flask_security/views.py | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/flask_security/forms.py b/flask_security/forms.py
index c793a99..83665fa 100644
--- a/flask_security/forms.py
+++ b/flask_security/forms.py
@@ -593,7 +593,8 @@ class TwoFactorSetupForm(Form, UserEmailFormMixin):
self.setup.errors = list()
self.setup.errors.append(get_message("TWO_FACTOR_METHOD_NOT_AVAILABLE")[0])
return False
- if self.setup.data == "sms" and len(self.phone.data) > 0:
+ if (self.setup.data == "sms" and
+ self.phone.data and len(self.phone.data) > 0):
# Somewhat bizarre - but this isn't required the first time around
# when they select "sms". Then they get a field to fill out with
# phone number, then Submit again.
diff --git a/flask_security/views.py b/flask_security/views.py
index c33a016..3aaca95 100644
--- a/flask_security/views.py
+++ b/flask_security/views.py
@@ -751,7 +751,8 @@ def two_factor_setup():
session["tf_primary_method"] = pm
session["tf_state"] = "validating_profile"
- new_phone = form.phone.data if len(form.phone.data) > 0 else None
+ new_phone = form.phone.data if (form.phone.data and
+ len(form.phone.data) > 0) else None
if new_phone:
user.tf_phone_number = new_phone
_datastore.put(user)
--
2.31.1

3
Flask-Security-Too-3.4.5.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a09d051ed7616a99dcaa604e718792319521820e245758fe1f42f7554c538da5
size 340616

3
Flask-Security-Too-4.1.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:88c3d4cfa415ef4dd6f71052ef7a806a5079d8ee33d3e384d2fcd48d802d9a9b
size 446265

149
fix-dependencies.patch
View File

@ -1,149 +0,0 @@
Index: Flask-Security-Too-3.4.2/setup.py
===================================================================
--- Flask-Security-Too-3.4.2.orig/setup.py
+++ Flask-Security-Too-3.4.2/setup.py
@@ -14,20 +14,19 @@ with io.open("flask_security/__init__.py
tests_require = [
"Flask-Mongoengine~=0.9.5",
- "peewee>=3.11.2",
+ "peewee>=3.7.1",
"Flask-SQLAlchemy>=2.3",
"argon2_cffi>=19.1.0",
- "bcrypt>=3.1.5",
+ "bcrypt>=3.1.4",
"cachetools>=3.1.0",
"check-manifest>=0.25",
"coverage>=4.5.4",
- "cryptography>=2.3.1",
+ "cryptography>=2.1.4",
"isort>=4.2.2",
"mock>=1.3.0",
"mongoengine~=0.19.1",
"mongomock~=3.19.0",
"msgcheck>=2.9",
- "pony>=0.7.11",
"phonenumberslite>=8.11.1",
"psycopg2>=2.8.4",
"pydocstyle>=1.0.0",
@@ -41,7 +40,7 @@ tests_require = [
"pytest>=3.5.1",
"sqlalchemy>=1.2.6",
"sqlalchemy-utils>=0.33.0",
- "werkzeug>=0.15.5",
+ "werkzeug>=0.14.1",
"zxcvbn~=4.4.28",
]
Index: Flask-Security-Too-3.4.2/Flask_Security_Too.egg-info/requires.txt
===================================================================
--- Flask-Security-Too-3.4.2.orig/Flask_Security_Too.egg-info/requires.txt
+++ Flask-Security-Too-3.4.2/Flask_Security_Too.egg-info/requires.txt
@@ -13,20 +13,19 @@ Pallets-Sphinx-Themes>=1.2.0
Sphinx>=1.8.5
sphinx-issues>=1.2.0
Flask-Mongoengine~=0.9.5
-peewee>=3.11.2
+peewee>=3.7.1
Flask-SQLAlchemy>=2.3
argon2_cffi>=19.1.0
-bcrypt>=3.1.5
+bcrypt>=3.1.4
cachetools>=3.1.0
check-manifest>=0.25
coverage>=4.5.4
-cryptography>=2.3.1
+cryptography>=2.1.4
isort>=4.2.2
mock>=1.3.0
mongoengine~=0.19.1
mongomock~=3.19.0
msgcheck>=2.9
-pony>=0.7.11
phonenumberslite>=8.11.1
psycopg2>=2.8.4
pydocstyle>=1.0.0
@@ -40,26 +39,25 @@ pytest-mongo>=1.2.1
pytest>=3.5.1
sqlalchemy>=1.2.6
sqlalchemy-utils>=0.33.0
-werkzeug>=0.15.5
+werkzeug>=0.14.1
zxcvbn~=4.4.28
Pallets-Sphinx-Themes>=1.2.0
Sphinx>=1.8.5
sphinx-issues>=1.2.0
Flask-Mongoengine~=0.9.5
-peewee>=3.11.2
+peewee>=3.7.1
Flask-SQLAlchemy>=2.3
argon2_cffi>=19.1.0
-bcrypt>=3.1.5
+bcrypt>=3.1.4
cachetools>=3.1.0
check-manifest>=0.25
coverage>=4.5.4
-cryptography>=2.3.1
+cryptography>=2.1.4
isort>=4.2.2
mock>=1.3.0
mongoengine~=0.19.1
mongomock~=3.19.0
msgcheck>=2.9
-pony>=0.7.11
phonenumberslite>=8.11.1
psycopg2>=2.8.4
pydocstyle>=1.0.0
@@ -73,7 +71,7 @@ pytest-mongo>=1.2.1
pytest>=3.5.1
sqlalchemy>=1.2.6
sqlalchemy-utils>=0.33.0
-werkzeug>=0.15.5
+werkzeug>=0.14.1
zxcvbn~=4.4.28
[docs]
@@ -83,20 +81,19 @@ sphinx-issues>=1.2.0
[tests]
Flask-Mongoengine~=0.9.5
-peewee>=3.11.2
+peewee>=3.7.1
Flask-SQLAlchemy>=2.3
argon2_cffi>=19.1.0
-bcrypt>=3.1.5
+bcrypt>=3.1.4
cachetools>=3.1.0
check-manifest>=0.25
coverage>=4.5.4
-cryptography>=2.3.1
+cryptography>=2.1.4
isort>=4.2.2
mock>=1.3.0
mongoengine~=0.19.1
mongomock~=3.19.0
msgcheck>=2.9
-pony>=0.7.11
phonenumberslite>=8.11.1
psycopg2>=2.8.4
pydocstyle>=1.0.0
@@ -110,5 +107,5 @@ pytest-mongo>=1.2.1
pytest>=3.5.1
sqlalchemy>=1.2.6
sqlalchemy-utils>=0.33.0
-werkzeug>=0.15.5
+werkzeug>=0.14.1
zxcvbn~=4.4.28
Index: Flask-Security-Too-3.4.2/tests/conftest.py
===================================================================
--- Flask-Security-Too-3.4.2.orig/tests/conftest.py
+++ Flask-Security-Too-3.4.2/tests/conftest.py
@@ -617,7 +617,7 @@ def get_message(app):
@pytest.fixture(
- params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"]
+ params=["sqlalchemy", "sqlalchemy-session", "peewee"]
)
def datastore(request, app, tmpdir, realdburl):
if request.param == "sqlalchemy":

10
no-mongodb.patch
View File

@ -1,8 +1,8 @@
Index: Flask-Security-Too-3.4.5/tests/conftest.py
Index: Flask-Security-Too-4.1.2/tests/conftest.py
===================================================================
--- Flask-Security-Too-3.4.5.orig/tests/conftest.py
+++ Flask-Security-Too-3.4.5/tests/conftest.py
@@ -607,7 +607,7 @@ def client_nc(request, sqlalchemy_app):
--- Flask-Security-Too-4.1.2.orig/tests/conftest.py
+++ Flask-Security-Too-4.1.2/tests/conftest.py
@@ -683,7 +683,7 @@ def client_nc(request, sqlalchemy_app):
return app.test_client(use_cookies=False)
@ -11,7 +11,7 @@ Index: Flask-Security-Too-3.4.5/tests/conftest.py
def clients(request, app, tmpdir, realdburl):
if request.param == "cl-sqlalchemy":
ds = sqlalchemy_setup(request, app, tmpdir, realdburl)
@@ -645,7 +645,7 @@ def get_message(app):
@@ -729,7 +729,7 @@ def get_message_local(app):
@pytest.fixture(

21
no-setup-dependencies.patch
View File

@ -1,21 +0,0 @@
Index: Flask-Security-Too-3.4.2/setup.py
===================================================================
--- Flask-Security-Too-3.4.2.orig/setup.py
+++ Flask-Security-Too-3.4.2/setup.py
@@ -54,8 +54,6 @@ extras_require["all"] = []
for reqs in extras_require.values():
extras_require["all"].extend(reqs)
-setup_requires = ["Babel>=1.3", "pytest-runner>=2.6.2", "twine", "wheel"]
-
install_requires = [
"Flask>=1.0.2",
"Flask-Login>=0.4.1",
@@ -93,7 +91,6 @@ setup(
python_requires=">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*",
extras_require=extras_require,
install_requires=install_requires,
- setup_requires=setup_requires,
tests_require=tests_require,
classifiers=[
"Environment :: Web Environment",

33
python-Flask-Security-Too.changes
View File

@ -1,3 +1,36 @@
-------------------------------------------------------------------
Mon Feb 28 06:16:49 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 4.1.2:
* default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
* Add public API and CLI command to change a user's password.
* Add type hints. Please note that many of the packages that flask-security
* Add first-class support for using username for signing in.
* Possible open redirect vulnerability.
* Improve cookie handling and default ``samesite`` to ``Strict``.
* Email validation confusion - added documentation.
* Add documentation on how to override specific error messages.
* Don't install global-scope tests.
* Add Blinker as explicit dependency, improve/fix celery usage docs,
don't require pyqrcode unless authenticator configured, improve SMS
configuration variables documentation.
* Your UserModel must contain ``fs_uniquifier``
* Removal of python 2.7 and <3.6 support
* Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
mechanism.
* Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
addition to not making sense - the documentation has never been correct.
* Add 2FA Validity Window so an application can configure how often the
second factor has to be entered.
* Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
* no-setup-dependencies.patch
* fix-dependencies.patch
* 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
* Use pyqrcodeng rather than pyqrcode.
-------------------------------------------------------------------
Tue Jun 15 16:37:41 UTC 2021 - Antonio Larrosa <alarrosa@suse.com>

23
python-Flask-Security-Too.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package python-Flask-Security-Too
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,21 +19,18 @@
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Flask-Security-Too
Version: 3.4.5
Version: 4.1.2
Release: 0
Summary: Security for Flask apps
License: MIT
URL: https://github.com/jwag956/flask-security
Source: https://files.pythonhosted.org/packages/source/F/Flask-Security-Too/Flask-Security-Too-%{version}.tar.gz
Patch0: no-mongodb.patch
Patch1: no-setup-dependencies.patch
Patch2: fix-dependencies.patch
Patch3: 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
Patch1: use-pyqrcodeng.patch
BuildRequires: %{python_module Babel >= 1.3}
BuildRequires: %{python_module Flask >= 1.0.2}
BuildRequires: %{python_module Flask-BabelEx >= 0.9.3}
BuildRequires: %{python_module Flask-Babel}
BuildRequires: %{python_module Flask-Login >= 0.4.1}
# FLask-Mail and PyQRCode should be replaced gh#Flask-Middleware/flask-security#531
BuildRequires: %{python_module Flask-Mail >= 0.9.1}
BuildRequires: %{python_module Flask-Principal >= 0.4.0}
BuildRequires: %{python_module Flask-SQLAlchemy >= 2.3}
@ -43,6 +40,8 @@ BuildRequires: %{python_module SQLAlchemy >= 1.2.6}
BuildRequires: %{python_module Werkzeug >= 0.14.1}
BuildRequires: %{python_module argon2_cffi >= 19.1.0}
BuildRequires: %{python_module bcrypt >= 3.1.4}
BuildRequires: %{python_module bleach}
BuildRequires: %{python_module blinker >= 1.4}
BuildRequires: %{python_module cachetools >= 3.1.0}
BuildRequires: %{python_module cryptography >= 2.1.4}
BuildRequires: %{python_module email_validator >= 1.0.5}
@ -57,13 +56,13 @@ BuildRequires: %{python_module zxcvbn >= 4.4.28}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-Flask >= 1.0.2
Requires: python-Flask-BabelEx >= 0.9.3
Requires: python-Flask-Babel
Requires: python-Flask-Login >= 0.4.1
Requires: python-Flask-Mail >= 0.9.1
Requires: python-Flask-Principal >= 0.4.0
Requires: python-Flask-WTF >= 0.14.2
Requires: python-Werkzeug >= 0.14.1
Requires: python-bcrypt >= 3.1.4
Requires: python-blinker >= 1.4
Requires: python-cryptography >= 2.1.4
Requires: python-email_validator >= 1.0.5
Requires: python-itsdangerous >= 1.1.0
@ -85,9 +84,7 @@ application. This is a independently maintained version of Flask-Security
based on the 3.0.0 version of the original.
%prep
%setup -q -n Flask-Security-Too-%{version}
%autopatch -p1
rm pytest.ini
%autosetup -p1 -n Flask-Security-Too-%{version}
%if 0%{?suse_version} <= 1500
# test_trackable.py needs werkzeug.middleware.proxy_fix which is only available
@ -103,7 +100,7 @@ rm tests/test_trackable.py
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
%pytest
%pytest -k 'not test_wtform_xlation'
%files %{python_files}
%doc AUTHORS CHANGES.rst README.rst

29
use-pyqrcodeng.patch Normal file
View File

@ -0,0 +1,29 @@
Index: Flask-Security-Too-4.1.2/flask_security/core.py
===================================================================
--- Flask-Security-Too-4.1.2.orig/flask_security/core.py
+++ Flask-Security-Too-4.1.2/flask_security/core.py
@@ -1411,7 +1411,7 @@ class Security:
and "authenticator" in cv("TWO_FACTOR_ENABLED_METHODS", app=app)
)
if need_qrcode:
- self._check_modules("pyqrcode", "TWO_FACTOR or UNIFIED_SIGNIN")
+ self._check_modules("pyqrcodeng", "TWO_FACTOR or UNIFIED_SIGNIN")
need_sms = (
cv("UNIFIED_SIGNIN", app=app)
Index: Flask-Security-Too-4.1.2/flask_security/totp.py
===================================================================
--- Flask-Security-Too-4.1.2.orig/flask_security/totp.py
+++ Flask-Security-Too-4.1.2/flask_security/totp.py
@@ -139,9 +139,9 @@ class Totp:
.. versionadded:: 4.0.0
"""
try:
- import pyqrcode
+ import pyqrcodeng
- code = pyqrcode.create(self.get_totp_uri(username, totp))
+ code = pyqrcodeng.create(self.get_totp_uri(username, totp))
with io.BytesIO() as virtual_file:
code.svg(file=virtual_file, scale=3)
image_as_str = base64.b64encode(virtual_file.getvalue()).decode("ascii")