Accepting request 801217 from home:alarrosa:branches:devel:languages:python:flask

- Update to 3.4.2: * The flask-security repo was moved to a github organization Flask-Middleware. - Update to 3.4.1: * Fix a bunch of bugs in new unified sign in along with a couple other major issues. * (:issue:`298`) Alternative ID feature ran afoul of postgres/psycopg2 finickiness. * (:issue:`300`) JSON 401 responses had WWW-Authenticate Header attached - that caused browsers to pop up their own login/password form. Not what applications want. * (:issue:`280`) Allow admin/api to setup TFA (and unified sign in) out of band. Please see :meth:`.UserDatastore.tf_set`, :meth:`.UserDatastore.tf_reset`, :meth:`.UserDatastore.us_set`, :meth:`.UserDatastore.us_reset` and :meth:`.UserDatastore.reset_user_access`. * (:pr:`305`) We used form._errors which wasn't very pythonic, and it was removed in WTForms 2.3.0. * (:pr:`310`) WTForms 2.3.0 made email_validator optional, we need it. - Added Requires python-bcrypt and python-email_validator, Recommends python-PyQRCode, python-SQLAlchemy, python-zxcvbn and Suggests python-argon2_cffi and python-phonenumbers * (:pr:`257`) Support a unified sign in feature. Please see :ref:`unified-sign-in`. * (:pr:`265`) Add phone number validation class. This is used in both unified sign in as well as two-factor when using sms. * (:pr:`274`) Add support for 'freshness' of caller's authentication. This permits endpoints to be additionally protected by ensuring a OBS-URL: https://build.opensuse.org/request/show/801217 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=5
2020-05-07 17:13:58 +00:00 · 2020-05-07 17:13:58 +00:00 · dacbbc37bb
commit dacbbc37bb
parent f09a0096d0
4 changed files with 65 additions and 13 deletions
--- a/Flask-Security-Too-3.4.0.tar.gz
+++ b/Flask-Security-Too-3.4.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5ee18ae940468f5981046aea57daefc5d3b2b91937a824e10d2cf95ce1987383
-size 334036
--- a/Flask-Security-Too-3.4.2.tar.gz
+++ b/Flask-Security-Too-3.4.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a258e70a7a4e842978ca7b5a3a52a7490b5ff78b71a56e98152fec5677dde306
+size 337602
--- a/python-Flask-Security-Too.changes
+++ b/python-Flask-Security-Too.changes
@ -1,14 +1,58 @@
+-------------------------------------------------------------------
+Thu May  7 10:42:20 UTC 2020 - Antonio Larrosa <alarrosa@suse.com>
+
+- Update to 3.4.2:
+  * The flask-security repo was moved to a github organization
+    Flask-Middleware.
+
+- Update to 3.4.1:
+  * Fix a bunch of bugs in new unified sign in along with a couple
+    other major issues.
+  * (:issue:`298`) Alternative ID feature ran afoul of
+    postgres/psycopg2 finickiness.
+  * (:issue:`300`) JSON 401 responses had WWW-Authenticate Header
+    attached - that caused browsers to pop up their own login/password
+    form. Not what applications want.
+  * (:issue:`280`) Allow admin/api to setup TFA (and unified sign in)
+    out of band. Please see :meth:`.UserDatastore.tf_set`,
+    :meth:`.UserDatastore.tf_reset`, :meth:`.UserDatastore.us_set`,
+    :meth:`.UserDatastore.us_reset` and
+    :meth:`.UserDatastore.reset_user_access`.
+  * (:pr:`305`) We used form._errors which wasn't very pythonic,
+    and it was removed in WTForms 2.3.0.
+  * (:pr:`310`) WTForms 2.3.0 made email_validator optional,
+    we need it.
+
+- Added Requires python-bcrypt and python-email_validator,
+  Recommends python-PyQRCode, python-SQLAlchemy, python-zxcvbn
+  and Suggests python-argon2_cffi and python-phonenumbers
+
 -------------------------------------------------------------------
 Sun Apr  5 07:58:15 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>

 - Update to 3.4.0:
-  * (:pr:`257`) Support a unified sign in feature. Please see :ref:`unified-sign-in`.
-  * (:pr:`265`) Add phone number validation class. This is used in both unified sign in as well as two-factor when using sms.
-  * (:pr:`274`) Add support for 'freshness' of caller's authentication. This permits endpoints to be additionally protected by ensuring a recent authentication.
-  * (:issue:`99`, :issue:`195`) Support pluggable password validators. Provide a default validator that offers complexity and breached support.
-  * (:issue:`266`) Provide interface to two-factor send_token so that applications can provide error mitigation. Defaults to returning errors if can't send the verification code.
-  * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add fields necessary for the new unified sign in feature and changed 'username' to be unique (but not required).
-  * (:pr:`245`) Use fs_uniquifier as the default Flask-Login 'alternative token'. Basically this means that changing the fs_uniquifier will cause outstanding auth tokens, session and remember me cookies to be invalidated. So if an account gets compromised, an admin can easily stop access. Prior to this cookies were storing the 'id' which is the user's primary key - difficult to change! (kishi85)
+  * (:pr:`257`) Support a unified sign in feature.
+    Please see :ref:`unified-sign-in`.
+  * (:pr:`265`) Add phone number validation class. This is used in
+    both unified sign in as well as two-factor when using sms.
+  * (:pr:`274`) Add support for 'freshness' of caller's authentication.
+    This permits endpoints to be additionally protected by ensuring a
+    recent authentication.
+  * (:issue:`99`, :issue:`195`) Support pluggable password validators.
+    Provide a default validator that offers complexity and breached support.
+  * (:issue:`266`) Provide interface to two-factor send_token so that
+    applications can provide error mitigation. Defaults to returning
+    errors if can't send the verification code.
+  * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add
+    fields necessary for the new unified sign in feature and changed
+    'username' to be unique (but not required).
+  * (:pr:`245`) Use fs_uniquifier as the default Flask-Login
+    'alternative token'. Basically this means that changing the
+    fs_uniquifier will cause outstanding auth tokens, session and
+    remember me cookies to be invalidated. So if an account gets
+    compromised, an admin can easily stop access. Prior to this cookies
+    were storing the 'id' which is the user's primary key - difficult
+    to change! (kishi85)
 - Enable the testing
 - Add patch to not require mongodb during testing:
  * no-mongodb.patch
--- a/python-Flask-Security-Too.spec
+++ b/python-Flask-Security-Too.spec
@ -19,7 +19,7 @@
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Flask-Security-Too
-Version:        3.4.0
+Version:        3.4.2
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@ -33,15 +33,16 @@ BuildRequires:  %{python_module Flask-Login >= 0.4.1}
 BuildRequires:  %{python_module Flask-Mail >= 0.9.1}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
 BuildRequires:  %{python_module Flask-SQLAlchemy >= 2.3}
-BuildRequires:  %{python_module Flask-WTF >= 0.14.0}
+BuildRequires:  %{python_module Flask-WTF >= 0.14.2}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
 BuildRequires:  %{python_module SQLAlchemy >= 1.2.6}
 BuildRequires:  %{python_module Werkzeug >= 0.15.5}
 BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
 BuildRequires:  %{python_module bcrypt >= 3.1.5}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
+BuildRequires:  %{python_module email_validator >= 1.0.5}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
-BuildRequires:  %{python_module mock}
+BuildRequires:  %{python_module mock >= 1.3.0}
 BuildRequires:  %{python_module passlib >= 1.7.1}
 BuildRequires:  %{python_module peewee >= 3.11.2}
 BuildRequires:  %{python_module phonenumbers >= 8.11.1}
@ -60,8 +61,15 @@ Requires:       python-Flask-Mail >= 0.9.1
 Requires:       python-Flask-Principal >= 0.4.0
 Requires:       python-Flask-WTF >= 0.14.2
 Requires:       python-Werkzeug >= 0.15.5
+Requires:       python-bcrypt >= 3.1.5
+Requires:       python-email_validator >= 1.0.5
 Requires:       python-itsdangerous >= 1.1.0
 Requires:       python-passlib >= 1.7.1
+Recommends:     python-PyQRCode >= 1.2
+Recommends:     python-SQLAlchemy >= 1.2.6
+Recommends:     python-zxcvbn >= 4.4.28
+Suggests:       python-argon2_cffi >= 19.1.0
+Suggests:       python-phonenumbers >= 8.11.1
 Conflicts:      python-Flask-Security < 3.2.0
 Obsoletes:      python-Flask-Security < 3.2.0
 Provides:       python-Flask-Security = %{version}