Accepting request 1069082 from devel:languages:python:flask

- Update to 5.1.1: * Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a too aggressive config check. * Fix json/flask backwards compatibility hack. * Fix unified signup when two-factor not enabled. (sebdroid) * Add dependency on setuptools (pkg_resources). (hroncok) * Option to encrypt recovery codes. * Support for authentication via 'social' oauth. * Support for Python 3.11 * Fixes for Flask-SQLAlchemy 3.0.0. (jrast) * Fixes for sqlalchemy 2.0.0 (jrast) * Webauthn and Unified signin features now properly take into account blueprint prefixes. * Properly propagate ?next=/xx - the verify, webauthn, and unified signin endpoints, that had multiple redirects, needed fixes. * Two factor redirects ignored url_prefix. Added a SECURITY_TWO_FACTOR_ERROR_VIEW configuration option. * Add configurations for static folder/URL and make sure templates reference blueprint relative static folder. * Send entire context to MailUtil::send_mail (patrickyan) * Support for Flask-Babel 3.0.0 * Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is redirected to upon successful change of a two factor method. * The ability to pass in a LoginManager instance which was deprecated in 5.0 has been removed. - Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream. - Refresh all other patches. OBS-URL: https://build.opensuse.org/request/show/1069082 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Flask-Security-Too?expand=0&rev=14
2023-03-03 21:28:27 +00:00 · 2023-03-03 21:28:27 +00:00 · acdff0d753
commit acdff0d753
parent 460a2083f3 e9860f1d83
7 changed files with 57 additions and 80 deletions
--- a/Flask-Security-Too-5.0.2.tar.gz
+++ b/Flask-Security-Too-5.0.2.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:36fee0da5d1b3d211caf274553b7753478c208997c624abb84ebba4261de65c2
 size 556637
--- a/Flask-Security-Too-5.1.1.tar.gz
+++ b/Flask-Security-Too-5.1.1.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0a0b653cfd1c5d252994bd87b1f112431cec2d5cacedfa49b36e1740da21c37d
 size 586251
--- a/no-mongodb.patch
+++ b/no-mongodb.patch
@ -1,8 +1,8 @@
-Index: Flask-Security-Too-5.0.2/tests/conftest.py
+Index: Flask-Security-Too-5.1.1/tests/conftest.py
 ===================================================================
--- Flask-Security-Too-5.0.2.orig/tests/conftest.py
+--- Flask-Security-Too-5.1.1.orig/tests/conftest.py
-+++ Flask-Security-Too-5.0.2/tests/conftest.py
+++ Flask-Security-Too-5.1.1/tests/conftest.py
-@@ -862,7 +862,7 @@ def client_nc(request, sqlalchemy_app):
+@@ -879,7 +879,7 @@ def client_nc(request, sqlalchemy_app):
     return app.test_client(use_cookies=False)
@ -11,7 +11,7 @@ Index: Flask-Security-Too-5.0.2/tests/conftest.py
 def clients(request, app, tmpdir, realdburl, realmongodburl):
     if request.param == "cl-sqlalchemy":
         ds = sqlalchemy_setup(request, app, tmpdir, realdburl)
-@@ -908,7 +908,7 @@ def get_message_local(app):
+@@ -925,7 +925,7 @@ def get_message_local(app):
 @pytest.fixture(
--- a/python-Flask-Security-Too.changes
+++ b/python-Flask-Security-Too.changes
@ -1,3 +1,34 @@
 -------------------------------------------------------------------
 Fri Mar  3 06:08:25 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
 - Update to 5.1.1:
  * Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a
    too aggressive config check.
  * Fix json/flask backwards compatibility hack.
  * Fix unified signup when two-factor not enabled. (sebdroid)
  * Add dependency on setuptools (pkg_resources). (hroncok)
  * Option to encrypt recovery codes.
  * Support for authentication via 'social' oauth.
  * Support for Python 3.11
  * Fixes for Flask-SQLAlchemy 3.0.0. (jrast)
  * Fixes for sqlalchemy 2.0.0 (jrast)
  * Webauthn and Unified signin features now properly take into account
    blueprint prefixes.
  * Properly propagate ?next=/xx - the verify, webauthn, and unified signin
    endpoints, that had multiple redirects, needed fixes.
  * Two factor redirects ignored url_prefix. Added a
    SECURITY_TWO_FACTOR_ERROR_VIEW configuration option.
  * Add configurations for static folder/URL and make sure templates
    reference blueprint relative static folder.
  * Send entire context to MailUtil::send_mail (patrickyan)
  * Support for Flask-Babel 3.0.0
  * Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is
    redirected to upon successful change of a two factor method.
  * The ability to pass in a LoginManager instance which was deprecated in
    5.0 has been removed.
 - Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream.
 - Refresh all other patches.
 -------------------------------------------------------------------
 Fri Jan  6 03:54:08 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python-Flask-Security-Too.spec
+++ b/python-Flask-Security-Too.spec
@ -16,10 +16,8 @@
 #
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Flask-Security-Too
-Version:        5.0.2
+Version:        5.1.1
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@ -28,27 +26,25 @@ Source:         https://files.pythonhosted.org/packages/source/F/Flask-Security-
 Patch0:         no-mongodb.patch
 # PATCH-FIX-OPENSUSE Use pyqrcodeng, we do not ship qrcode in OpenSUSE.
 Patch1:         use-pyqrcodeng.patch
-# PATCH-FIX-UPSTREAM gh#Flask-Middleware/flask-security#9632a0eab5d3be4280c185e7e934a57fc24057a2
+BuildRequires:  %{python_module Babel >= 2.10.0}
 Patch2:         support-Flask-SQLAlchemy-3.0.patch
 BuildRequires:  %{python_module Babel >= 2.9.1}
 BuildRequires:  %{python_module Flask >= 1.1.1}
 BuildRequires:  %{python_module Flask-Babel >= 2.0.0}
 BuildRequires:  %{python_module Flask-Login >= 0.4.1}
 BuildRequires:  %{python_module Flask-Mailman >= 0.3.0}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
-BuildRequires:  %{python_module Flask-SQLAlchemy >= 2.5.1}
+BuildRequires:  %{python_module Flask-SQLAlchemy >= 3.0.2}
 BuildRequires:  %{python_module Flask-WTF >= 0.14.3}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
-BuildRequires:  %{python_module SQLAlchemy >= 1.3.24}
+BuildRequires:  %{python_module SQLAlchemy >= 1.4.35}
 BuildRequires:  %{python_module WTForms-lang}
 BuildRequires:  %{python_module WTForms}
 BuildRequires:  %{python_module Werkzeug >= 0.14.1}
 BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
-BuildRequires:  %{python_module bcrypt >= 3.1.4}
+BuildRequires:  %{python_module bcrypt >= 4.0.1}
-BuildRequires:  %{python_module bleach >= 3.3.1}
+BuildRequires:  %{python_module bleach >= 5.0.0}
 BuildRequires:  %{python_module blinker >= 1.4}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
-BuildRequires:  %{python_module cryptography >= 3.4.8}
+BuildRequires:  %{python_module cryptography >= 37.0.4}
 BuildRequires:  %{python_module dateutil}
 BuildRequires:  %{python_module email-validator >= 1.1.1}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
@ -67,15 +63,15 @@ Requires:       python-Flask-Login >= 0.4.1
 Requires:       python-Flask-Principal >= 0.4.0
 Requires:       python-Flask-WTF >= 0.14.3
 Requires:       python-Werkzeug >= 0.14.1
-Requires:       python-bcrypt >= 3.1.4
+Requires:       python-bcrypt >= 4.0.1
-Requires:       python-bleach >= 3.3.1
+Requires:       python-bleach >= 5.0.0
 Requires:       python-blinker >= 1.4
-Requires:       python-cryptography >= 3.4.8
+Requires:       python-cryptography >= 37.0.4
 Requires:       python-email-validator >= 1.1.1
 Requires:       python-itsdangerous >= 1.1.0
 Requires:       python-passlib >= 1.7.2
 Recommends:     python-PyQRCode >= 1.2
-Recommends:     python-SQLAlchemy >= 1.3.24
+Recommends:     python-SQLAlchemy >= 1.4.35
 Recommends:     python-zxcvbn >= 4.4.28
 Suggests:       python-argon2_cffi >= 19.1.0
 Suggests:       python-phonenumbers >= 8.12.18
--- a/support-Flask-SQLAlchemy-3.0.patch
+++ b/support-Flask-SQLAlchemy-3.0.patch
@ -1,50 +0,0 @@
 From 9632a0eab5d3be4280c185e7e934a57fc24057a2 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?J=C3=BCrg=20Rast?= <juergr@gmail.com>
 Date: Mon, 26 Sep 2022 16:35:31 +0200
 Subject: [PATCH] Fixed issues related to upcomming flask-sqlalchemy 3.0.0
 release (#678)
 - rename of get_debug_queries to get_recorded_queries (and move to to new module)
 - SQLALCHEMY_RECORD_QUERIES must be set explicit
 ---
 tests/conftest.py   |  4 ++++
 tests/test_utils.py | 11 ++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)
 diff --git a/tests/conftest.py b/tests/conftest.py
 index b9076413..f5e41a43 100644
 --- a/tests/conftest.py
 +++ b/tests/conftest.py
@@ -410,6 +410,10 @@ def sqlalchemy_setup(request, app, tmpdir, realdburl):
     else:
         app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
 +    # In Flask-SQLAlchemy >= 3.0.0 queries are no longer logged automatically,
 +    # even in debug or testing mode.
 +    app.config["SQLALCHEMY_RECORD_QUERIES"] = True
 +
     db = SQLAlchemy(app)
     fsqla.FsModels.set_db_info(db)
 diff --git a/tests/test_utils.py b/tests/test_utils.py
 index df569a74..5c63dc55 100644
 --- a/tests/test_utils.py
 +++ b/tests/test_utils.py
@@ -201,9 +201,14 @@ def get_num_queries(datastore):
     return None if datastore doesn't support this.
     """
     if is_sqlalchemy(datastore):
 -        from flask_sqlalchemy import get_debug_queries
 -
 -        return len(get_debug_queries())
 +        try:
 +            # Flask-SQLAlachemy >= 3.0.0
 +            from flask_sqlalchemy.record_queries import get_recorded_queries
 +        except ImportError:
 +            # Flask-SQLAlchemy < 3.0.0
 +            from flask_sqlalchemy import get_debug_queries as get_recorded_queries
 +
 +        return len(get_recorded_queries())
     return None
--- a/use-pyqrcodeng.patch
+++ b/use-pyqrcodeng.patch
@ -1,8 +1,8 @@
-Index: Flask-Security-Too-5.0.2/flask_security/core.py
+Index: Flask-Security-Too-5.1.1/flask_security/core.py
 ===================================================================
--- Flask-Security-Too-5.0.2.orig/flask_security/core.py
+--- Flask-Security-Too-5.1.1.orig/flask_security/core.py
-+++ Flask-Security-Too-5.0.2/flask_security/core.py
+++ Flask-Security-Too-5.1.1/flask_security/core.py
-@@ -1523,7 +1523,7 @@ class Security:
+@@ -1579,7 +1579,7 @@ class Security:
                 and "authenticator" in cv("TWO_FACTOR_ENABLED_METHODS", app=app)
             )
             if need_qrcode:
@ -11,10 +11,10 @@ Index: Flask-Security-Too-5.0.2/flask_security/core.py
             need_sms = (
                 cv("UNIFIED_SIGNIN", app=app)
-Index: Flask-Security-Too-5.0.2/flask_security/totp.py
+Index: Flask-Security-Too-5.1.1/flask_security/totp.py
 ===================================================================
--- Flask-Security-Too-5.0.2.orig/flask_security/totp.py
+--- Flask-Security-Too-5.1.1.orig/flask_security/totp.py
-+++ Flask-Security-Too-5.0.2/flask_security/totp.py
+++ Flask-Security-Too-5.1.1/flask_security/totp.py
@@ -140,15 +140,11 @@ class Totp:
         .. versionadded:: 4.0.0
         """