Accepting request 1102263 from devel:languages:python:flask

- Update to 5.3.0: * Improvements to recoverability and confirmation to align with OWASP best practices and reduce possible exploitation. * Webauthn Updates to handling of transport. * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart. * Fix Quickstart for SQLAlchemy with scoped session. * Login no longer, by default, checks for email deliverability. * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S) * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix. * Reset password can be exploited and other OWASP improvements. * Confirmation can be exploited and other OWASP improvements. * Convert to pyproject.toml, build, remove setup.py/.cfg. * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response. * Fix login/unified signin templates to properly send CSRF token. Add more tests. * Improve Social Oauth example code. - 5.2.0: * Small updates to work with latest Flask/Werkzeug. * Drop support for Python 3.7 * Drop support for older versions of dependent packages (such as Flask). * Remove old Werkzeug compatibility check. * Compatibility with Quart. * Remove dependence on pkg_resources / setuptools (use importlib_resources package) * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases. * Drop support for Python 3.7 - 5.1.2: * Hungarian translations not working. * Fix documentation for send_mail. (gg) * Fix for latest mongoengine and mongomock. * Fix inappropriate use of &thinsp& in French translations. (maxdup) * Improve documentation around subclassing forms. OBS-URL: https://build.opensuse.org/request/show/1102263 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Flask-Security-Too?expand=0&rev=16
2023-08-15 14:39:54 +00:00 · 2023-08-15 14:39:54 +00:00 · 9aa56626d8
commit 9aa56626d8
parent 1cef12be90 a16a39baaa
5 changed files with 79 additions and 41 deletions
--- a/Flask-Security-Too-5.1.1.tar.gz
+++ b/Flask-Security-Too-5.1.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a0b653cfd1c5d252994bd87b1f112431cec2d5cacedfa49b36e1740da21c37d
-size 586251
--- a/Flask-Security-Too-5.3.0.tar.gz
+++ b/Flask-Security-Too-5.3.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f5d830913eac66f18845795ae5f7d044bdd0d836aeabccfebadab6a29f79354
+size 607422
--- a/filterwarnings-ignore-pkg_resources.patch
+++ b/filterwarnings-ignore-pkg_resources.patch
@ -1,12 +1,12 @@
-Index: Flask-Security-Too-5.1.1/pytest.ini
+Index: Flask-Security-Too-5.3.0/pytest.ini
 ===================================================================
--- Flask-Security-Too-5.1.1.orig/pytest.ini
-+++ Flask-Security-Too-5.1.1/pytest.ini
-@@ -21,6 +21,7 @@ filterwarnings =
-     ignore:.*Setting 'json_encoder'.*:DeprecationWarning:flask:0
-     ignore:.*'JSONEncoder'.*:DeprecationWarning:flask:0
+--- Flask-Security-Too-5.3.0.orig/pytest.ini
+++ Flask-Security-Too-5.3.0/pytest.ini
+@@ -20,6 +20,7 @@ filterwarnings =
+     ignore:.*'locked_cached_property'.*:DeprecationWarning:flask:0
+     ignore:.*'flask.Markup'.*:DeprecationWarning:flask:0
     ignore::DeprecationWarning:mongoengine:
 +    ignore:.*pkg_resources.*:DeprecationWarning::
+     ignore::DeprecationWarning:flask_login:0
     ignore:.*passwordless feature.*:DeprecationWarning:flask_security:0
     ignore:.*passing settings to bcrypt.*:DeprecationWarning:passlib:0
-     ignore:.*'crypt' is deprecated.*:DeprecationWarning:passlib:0
--- a/python-Flask-Security-Too.changes
+++ b/python-Flask-Security-Too.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Aug  3 11:48:11 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 5.3.0:
+  * Improvements to recoverability and confirmation to align with
+    OWASP best practices and reduce possible exploitation.
+  * Webauthn Updates to handling of transport.
+  * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
+  * Fix Quickstart for SQLAlchemy with scoped session.
+  * Login no longer, by default, checks for email deliverability.
+  * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
+  * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
+  * Reset password can be exploited and other OWASP improvements.
+  * Confirmation can be exploited and other OWASP improvements.
+  * Convert to pyproject.toml, build, remove setup.py/.cfg.
+  * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
+  * Fix login/unified signin templates to properly send CSRF token. Add more tests.
+  * Improve Social Oauth example code.
+- 5.2.0:
+  * Small updates to work with latest Flask/Werkzeug.
+  * Drop support for Python 3.7
+  * Drop support for older versions of dependent packages (such as Flask).
+  * Remove old Werkzeug compatibility check.
+  * Compatibility with Quart.
+  * Remove dependence on pkg_resources / setuptools (use importlib_resources package)
+  * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
+  * Drop support for Python 3.7
+- 5.1.2:
+  * Hungarian translations not working.
+  * Fix documentation for send_mail. (gg)
+  * Fix for latest mongoengine and mongomock.
+  * Fix inappropriate use of &thinsp& in French translations. (maxdup)
+  * Improve documentation around subclassing forms.
+
 -------------------------------------------------------------------
 Tue Apr 11 05:12:22 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>

--- a/python-Flask-Security-Too.spec
+++ b/python-Flask-Security-Too.spec
@ -17,7 +17,7 @@


 Name:           python-Flask-Security-Too
-Version:        5.1.1
+Version:        5.3.0
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@ -30,54 +30,59 @@ Patch1:         use-pyqrcodeng.patch
 Patch2:         filterwarnings-ignore-pkg_resources.patch
 BuildRequires:  %{python_module Authlib}
 BuildRequires:  %{python_module Babel >= 2.10.0}
-BuildRequires:  %{python_module Flask >= 1.1.1}
-BuildRequires:  %{python_module Flask-Babel >= 2.0.0}
-BuildRequires:  %{python_module Flask-Login >= 0.4.1}
+BuildRequires:  %{python_module Flask >= 2.3.2}
+BuildRequires:  %{python_module Flask-Babel >= 3.1.0}
+BuildRequires:  %{python_module Flask-Login >= 0.6.2}
 BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
-BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.2}
-BuildRequires:  %{python_module Flask-WTF >= 0.14.3}
+BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.3}
+BuildRequires:  %{python_module Flask-WTF >= 1.1.1}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
-BuildRequires:  %{python_module SQLAlchemy >= 1.4.35}
+BuildRequires:  %{python_module SQLAlchemy}
 BuildRequires:  %{python_module WTForms-lang}
 BuildRequires:  %{python_module WTForms}
-BuildRequires:  %{python_module Werkzeug >= 0.14.1}
-BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
+BuildRequires:  %{python_module Werkzeug >= 2.3.3}
+BuildRequires:  %{python_module argon2_cffi >= 21.3.0}
 BuildRequires:  %{python_module bcrypt >= 4.0.1}
-BuildRequires:  %{python_module bleach >= 5.0.0}
+BuildRequires:  %{python_module bleach >= 6.0.0}
 BuildRequires:  %{python_module blinker >= 1.4}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
-BuildRequires:  %{python_module cryptography >= 37.0.4}
+BuildRequires:  %{python_module cryptography >= 40.0.2}
 BuildRequires:  %{python_module dateutil}
 BuildRequires:  %{python_module email-validator >= 1.1.1}
+BuildRequires:  %{python_module importlib_resources >= 5.10.0}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
-BuildRequires:  %{python_module passlib >= 1.7.2}
-BuildRequires:  %{python_module peewee >= 3.7.1}
-BuildRequires:  %{python_module phonenumbers >= 8.12.18}
-BuildRequires:  %{python_module pony}
+BuildRequires:  %{python_module passlib >= 1.7.4}
+BuildRequires:  %{python_module peewee >= 3.16.2}
+BuildRequires:  %{python_module phonenumbers}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pony if %python-base < 3.11}
 BuildRequires:  %{python_module pytest >= 6.2.5}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module zxcvbn >= 4.4.28}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-Flask >= 1.1.1
-Requires:       python-Flask-Babel >= 2.0.0
-Requires:       python-Flask-Login >= 0.4.1
+Requires:       python-Flask >= 2.3.2
+Requires:       python-Flask-Babel >= 3.1.0
+Requires:       python-Flask-Login >= 0.6.2
 Requires:       python-Flask-Principal >= 0.4.0
-Requires:       python-Flask-WTF >= 0.14.3
-Requires:       python-Werkzeug >= 0.14.1
+Requires:       python-Flask-WTF >= 1.1.1
+Requires:       python-WTForms >= 3.0.0
+Requires:       python-Werkzeug >= 2.3.3
 Requires:       python-bcrypt >= 4.0.1
-Requires:       python-bleach >= 5.0.0
+Requires:       python-bleach >= 6.0.0
 Requires:       python-blinker >= 1.4
-Requires:       python-cryptography >= 37.0.4
+Requires:       python-cryptography >= 40.0.2
 Requires:       python-email-validator >= 1.1.1
+Requires:       python-importlib_resources >= 5.10.0
 Requires:       python-itsdangerous >= 1.1.0
-Requires:       python-passlib >= 1.7.2
+Requires:       python-passlib >= 1.7.4
 Recommends:     python-PyQRCode >= 1.2
-Recommends:     python-SQLAlchemy >= 1.4.35
+Recommends:     python-SQLAlchemy
 Recommends:     python-zxcvbn >= 4.4.28
-Suggests:       python-argon2_cffi >= 19.1.0
-Suggests:       python-phonenumbers >= 8.12.18
+Suggests:       python-argon2_cffi >= 21.3.0
+Suggests:       python-phonenumbers
 Conflicts:      python-Flask-Security < 3.2.0
 Obsoletes:      python-Flask-Security < 3.2.0
 Provides:       python-Flask-Security = %{version}
@ -99,20 +104,19 @@ rm tests/test_trackable.py
 %endif

 %build
-%python_build
+%pyproject_wheel

 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}

 %check
-# gh#Flask-Middleware/flask-security#605 for test_two_factor_flag
-%pytest -k 'not test_two_factor_flag'
+%pytest -k 'not test_login_email_whatever'

 %files %{python_files}
 %doc AUTHORS CHANGES.rst README.rst
 %license LICENSE
 %{python_sitelib}/flask_security
-%{python_sitelib}/Flask_Security_Too-%{version}-py%{python_version}.egg-info
+%{python_sitelib}/Flask_Security_Too-%{version}*-info

 %changelog