From a16a39baaa4ddf4f295c3bed99d2d736e2efcf93f4541fb5de97f92f0aef0ff2 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Thu, 3 Aug 2023 11:53:44 +0000
Subject: [PATCH] - Update to 5.3.0:   * Improvements to recoverability and
 confirmation to align with     OWASP best practices and reduce possible
 exploitation.   * Webauthn Updates to handling of transport.   * Fix MongoDB
 support by eliminating dependency on flask-mongoengine. Improve MongoDB
 quickstart.   * Fix Quickstart for SQLAlchemy with scoped session.   * Login
 no longer, by default, checks for email deliverability.   * Token
 authentication is no longer accepted on endpoints which only allow 'session'
 as authentication-method. (N247S)   * /reset and /confirm and
 GENERIC_RESPONSES and additional form args don't mix.   * Reset password can
 be exploited and other OWASP improvements.   * Confirmation can be exploited
 and other OWASP improvements.   * Convert to pyproject.toml, build, remove
 setup.py/.cfg.   * the tf_validity feature now ONLY sets a cookie - and the
 token is no longer returned as part of a JSON response.   * Fix login/unified
 signin templates to properly send CSRF token. Add more tests.   * Improve
 Social Oauth example code. - 5.2.0:   * Small updates to work with latest
 Flask/Werkzeug.   * Drop support for Python 3.7   * Drop support for older
 versions of dependent packages (such as Flask).   * Remove old Werkzeug
 compatibility check.   * Compatibility with Quart.   * Remove dependence on
 pkg_resources / setuptools (use importlib_resources package)   * Fix tests to
 work with latest Werkzeug/Flask. Update requirements_low to match current
 releases.   * Drop support for Python 3.7 - 5.1.2:   * Hungarian translations
 not working.   * Fix documentation for send_mail. (gg)   * Fix for latest
 mongoengine and mongomock.   * Fix inappropriate use of &thinsp& in French
 translations. (maxdup)   * Improve documentation around subclassing forms.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=31
---
 Flask-Security-Too-5.1.1.tar.gz           |  3 --
 Flask-Security-Too-5.3.0.tar.gz           |  3 ++
 filterwarnings-ignore-pkg_resources.patch | 14 ++---
 python-Flask-Security-Too.changes         | 34 ++++++++++++
 python-Flask-Security-Too.spec            | 66 ++++++++++++-----------
 5 files changed, 79 insertions(+), 41 deletions(-)
 delete mode 100644 Flask-Security-Too-5.1.1.tar.gz
 create mode 100644 Flask-Security-Too-5.3.0.tar.gz

diff --git a/Flask-Security-Too-5.1.1.tar.gz b/Flask-Security-Too-5.1.1.tar.gz
deleted file mode 100644
index 5faebaf..0000000
--- a/Flask-Security-Too-5.1.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a0b653cfd1c5d252994bd87b1f112431cec2d5cacedfa49b36e1740da21c37d
-size 586251
diff --git a/Flask-Security-Too-5.3.0.tar.gz b/Flask-Security-Too-5.3.0.tar.gz
new file mode 100644
index 0000000..a85b432
--- /dev/null
+++ b/Flask-Security-Too-5.3.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f5d830913eac66f18845795ae5f7d044bdd0d836aeabccfebadab6a29f79354
+size 607422
diff --git a/filterwarnings-ignore-pkg_resources.patch b/filterwarnings-ignore-pkg_resources.patch
index 6ddec25..fad7d46 100644
--- a/filterwarnings-ignore-pkg_resources.patch
+++ b/filterwarnings-ignore-pkg_resources.patch
@@ -1,12 +1,12 @@
-Index: Flask-Security-Too-5.1.1/pytest.ini
+Index: Flask-Security-Too-5.3.0/pytest.ini
 ===================================================================
---- Flask-Security-Too-5.1.1.orig/pytest.ini
-+++ Flask-Security-Too-5.1.1/pytest.ini
-@@ -21,6 +21,7 @@ filterwarnings =
-     ignore:.*Setting 'json_encoder'.*:DeprecationWarning:flask:0
-     ignore:.*'JSONEncoder'.*:DeprecationWarning:flask:0
+--- Flask-Security-Too-5.3.0.orig/pytest.ini
++++ Flask-Security-Too-5.3.0/pytest.ini
+@@ -20,6 +20,7 @@ filterwarnings =
+     ignore:.*'locked_cached_property'.*:DeprecationWarning:flask:0
+     ignore:.*'flask.Markup'.*:DeprecationWarning:flask:0
      ignore::DeprecationWarning:mongoengine:
 +    ignore:.*pkg_resources.*:DeprecationWarning::
+     ignore::DeprecationWarning:flask_login:0
      ignore:.*passwordless feature.*:DeprecationWarning:flask_security:0
      ignore:.*passing settings to bcrypt.*:DeprecationWarning:passlib:0
-     ignore:.*'crypt' is deprecated.*:DeprecationWarning:passlib:0
diff --git a/python-Flask-Security-Too.changes b/python-Flask-Security-Too.changes
index 48ea599..0b1ab0c 100644
--- a/python-Flask-Security-Too.changes
+++ b/python-Flask-Security-Too.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Aug  3 11:48:11 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 5.3.0:
+  * Improvements to recoverability and confirmation to align with
+    OWASP best practices and reduce possible exploitation.
+  * Webauthn Updates to handling of transport.
+  * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
+  * Fix Quickstart for SQLAlchemy with scoped session.
+  * Login no longer, by default, checks for email deliverability.
+  * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
+  * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
+  * Reset password can be exploited and other OWASP improvements.
+  * Confirmation can be exploited and other OWASP improvements.
+  * Convert to pyproject.toml, build, remove setup.py/.cfg.
+  * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
+  * Fix login/unified signin templates to properly send CSRF token. Add more tests.
+  * Improve Social Oauth example code.
+- 5.2.0:
+  * Small updates to work with latest Flask/Werkzeug.
+  * Drop support for Python 3.7
+  * Drop support for older versions of dependent packages (such as Flask).
+  * Remove old Werkzeug compatibility check.
+  * Compatibility with Quart.
+  * Remove dependence on pkg_resources / setuptools (use importlib_resources package)
+  * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
+  * Drop support for Python 3.7
+- 5.1.2:
+  * Hungarian translations not working.
+  * Fix documentation for send_mail. (gg)
+  * Fix for latest mongoengine and mongomock.
+  * Fix inappropriate use of &thinsp& in French translations. (maxdup)
+  * Improve documentation around subclassing forms.
+
 -------------------------------------------------------------------
 Tue Apr 11 05:12:22 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-Flask-Security-Too.spec b/python-Flask-Security-Too.spec
index b3b9cba..c3f3c64 100644
--- a/python-Flask-Security-Too.spec
+++ b/python-Flask-Security-Too.spec
@@ -17,7 +17,7 @@
 
 
 Name:           python-Flask-Security-Too
-Version:        5.1.1
+Version:        5.3.0
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@@ -30,54 +30,59 @@ Patch1:         use-pyqrcodeng.patch
 Patch2:         filterwarnings-ignore-pkg_resources.patch
 BuildRequires:  %{python_module Authlib}
 BuildRequires:  %{python_module Babel >= 2.10.0}
-BuildRequires:  %{python_module Flask >= 1.1.1}
-BuildRequires:  %{python_module Flask-Babel >= 2.0.0}
-BuildRequires:  %{python_module Flask-Login >= 0.4.1}
+BuildRequires:  %{python_module Flask >= 2.3.2}
+BuildRequires:  %{python_module Flask-Babel >= 3.1.0}
+BuildRequires:  %{python_module Flask-Login >= 0.6.2}
 BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
-BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.2}
-BuildRequires:  %{python_module Flask-WTF >= 0.14.3}
+BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.3}
+BuildRequires:  %{python_module Flask-WTF >= 1.1.1}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
-BuildRequires:  %{python_module SQLAlchemy >= 1.4.35}
+BuildRequires:  %{python_module SQLAlchemy}
 BuildRequires:  %{python_module WTForms-lang}
 BuildRequires:  %{python_module WTForms}
-BuildRequires:  %{python_module Werkzeug >= 0.14.1}
-BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
+BuildRequires:  %{python_module Werkzeug >= 2.3.3}
+BuildRequires:  %{python_module argon2_cffi >= 21.3.0}
 BuildRequires:  %{python_module bcrypt >= 4.0.1}
-BuildRequires:  %{python_module bleach >= 5.0.0}
+BuildRequires:  %{python_module bleach >= 6.0.0}
 BuildRequires:  %{python_module blinker >= 1.4}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
-BuildRequires:  %{python_module cryptography >= 37.0.4}
+BuildRequires:  %{python_module cryptography >= 40.0.2}
 BuildRequires:  %{python_module dateutil}
 BuildRequires:  %{python_module email-validator >= 1.1.1}
+BuildRequires:  %{python_module importlib_resources >= 5.10.0}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
-BuildRequires:  %{python_module passlib >= 1.7.2}
-BuildRequires:  %{python_module peewee >= 3.7.1}
-BuildRequires:  %{python_module phonenumbers >= 8.12.18}
-BuildRequires:  %{python_module pony}
+BuildRequires:  %{python_module passlib >= 1.7.4}
+BuildRequires:  %{python_module peewee >= 3.16.2}
+BuildRequires:  %{python_module phonenumbers}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pony if %python-base < 3.11}
 BuildRequires:  %{python_module pytest >= 6.2.5}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module zxcvbn >= 4.4.28}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-Flask >= 1.1.1
-Requires:       python-Flask-Babel >= 2.0.0
-Requires:       python-Flask-Login >= 0.4.1
+Requires:       python-Flask >= 2.3.2
+Requires:       python-Flask-Babel >= 3.1.0
+Requires:       python-Flask-Login >= 0.6.2
 Requires:       python-Flask-Principal >= 0.4.0
-Requires:       python-Flask-WTF >= 0.14.3
-Requires:       python-Werkzeug >= 0.14.1
+Requires:       python-Flask-WTF >= 1.1.1
+Requires:       python-WTForms >= 3.0.0
+Requires:       python-Werkzeug >= 2.3.3
 Requires:       python-bcrypt >= 4.0.1
-Requires:       python-bleach >= 5.0.0
+Requires:       python-bleach >= 6.0.0
 Requires:       python-blinker >= 1.4
-Requires:       python-cryptography >= 37.0.4
+Requires:       python-cryptography >= 40.0.2
 Requires:       python-email-validator >= 1.1.1
+Requires:       python-importlib_resources >= 5.10.0
 Requires:       python-itsdangerous >= 1.1.0
-Requires:       python-passlib >= 1.7.2
+Requires:       python-passlib >= 1.7.4
 Recommends:     python-PyQRCode >= 1.2
-Recommends:     python-SQLAlchemy >= 1.4.35
+Recommends:     python-SQLAlchemy
 Recommends:     python-zxcvbn >= 4.4.28
-Suggests:       python-argon2_cffi >= 19.1.0
-Suggests:       python-phonenumbers >= 8.12.18
+Suggests:       python-argon2_cffi >= 21.3.0
+Suggests:       python-phonenumbers
 Conflicts:      python-Flask-Security < 3.2.0
 Obsoletes:      python-Flask-Security < 3.2.0
 Provides:       python-Flask-Security = %{version}
@@ -99,20 +104,19 @@ rm tests/test_trackable.py
 %endif
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-# gh#Flask-Middleware/flask-security#605 for test_two_factor_flag
-%pytest -k 'not test_two_factor_flag'
+%pytest -k 'not test_login_email_whatever'
 
 %files %{python_files}
 %doc AUTHORS CHANGES.rst README.rst
 %license LICENSE
 %{python_sitelib}/flask_security
-%{python_sitelib}/Flask_Security_Too-%{version}-py%{python_version}.egg-info
+%{python_sitelib}/Flask_Security_Too-%{version}*-info
 
 %changelog