python-Flask-Security-Too

pool/python-Flask-Security-Too

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Steve Kowalik	ae8071c5bc	- Upate to 5.0.2: * Role permissions backwards compatibility bug. * Fix Change Password regression. * Support for WebAuthn. * Support Two-factor recovery codes. * Provide option to prevent user enumeration (i.e. Generic Responses). * Support for Python 3.10. * Support for Flask >= 2.2. * Add custom HTML attributes to improve user experience. * Make the required zxcvbn complexity score configurable. * Get rid of Flask-Mail. Flask-Mailman is now the default preferred email package. * A delete option has been added to us-setup (form and view). * Improve username support - the LoginForm now has a separate field for username. * Fix test and other failures with newer Flask-Login/Werkzeug versions. * Fix test failures with newer Flask versions. - Drop patch endswith-assert.patch: * Included upstream. - Rebase patches no-mongodb.patch and use-pyqrcodeng.patch - Update {Build,}Requires versions. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=23	2022-09-30 06:53:24 +00:00
Steve Kowalik	0d52f70841	- Update to 4.1.2: * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX * Add public API and CLI command to change a user's password. * Add type hints. Please note that many of the packages that flask-security * Add first-class support for using username for signing in. * Possible open redirect vulnerability. * Improve cookie handling and default ``samesite`` to ``Strict``. * Email validation confusion - added documentation. * Add documentation on how to override specific error messages. * Don't install global-scope tests. * Add Blinker as explicit dependency, improve/fix celery usage docs, don't require pyqrcode unless authenticator configured, improve SMS configuration variables documentation. * Your UserModel must contain ``fs_uniquifier`` * Removal of python 2.7 and <3.6 support * Remove two-factor `/tf-confirm` endpoint and use generic `freshness` mechanism. * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In addition to not making sense - the documentation has never been correct. * Add 2FA Validity Window so an application can configure how often the second factor has to be entered. * Add HTML5 Email input types to email fields. - Refresh no-mongodb.patch - Drop patches: * no-setup-dependencies.patch * fix-dependencies.patch * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch - Add patch use-pyqrcodeng.patch: * Use pyqrcodeng rather than pyqrcode. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14	2022-02-28 06:21:54 +00:00

Author

SHA256

Message

Date

Steve Kowalik

ae8071c5bc

- Upate to 5.0.2:

* Role permissions backwards compatibility bug.
  * Fix Change Password regression.
  * Support for WebAuthn.
  * Support Two-factor recovery codes.
  * Provide option to prevent user enumeration (i.e. Generic Responses).
  * Support for Python 3.10.
  * Support for Flask >= 2.2.
  * Add custom HTML attributes to improve user experience.
  * Make the required zxcvbn complexity score configurable.
  * Get rid of Flask-Mail. Flask-Mailman is now the default preferred email
    package.
  * A delete option has been added to us-setup (form and view).
  * Improve username support - the LoginForm now has a separate field for
    username.
  * Fix test and other failures with newer Flask-Login/Werkzeug versions.
  * Fix test failures with newer Flask versions.
- Drop patch endswith-assert.patch:
  * Included upstream.
- Rebase patches no-mongodb.patch and use-pyqrcodeng.patch
- Update {Build,}Requires versions.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=23

2022-09-30 06:53:24 +00:00

Steve Kowalik

0d52f70841

- Update to 4.1.2:

* default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
  * Add public API and CLI command to change a user's password.
  * Add type hints. Please note that many of the packages that flask-security
  * Add first-class support for using username for signing in.
  * Possible open redirect vulnerability.
  * Improve cookie handling and default ``samesite`` to ``Strict``.
  * Email validation confusion - added documentation.
  * Add documentation on how to override specific error messages.
  * Don't install global-scope tests.
  * Add Blinker as explicit dependency, improve/fix celery usage docs,
    don't require pyqrcode unless authenticator configured, improve SMS
    configuration variables documentation.
  * Your UserModel must contain ``fs_uniquifier``
  * Removal of python 2.7 and <3.6 support
  * Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
    mechanism.
  * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
    addition to not making sense - the documentation has never been correct.
  * Add 2FA Validity Window so an application can configure how often the
    second factor has to be entered.
  * Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
  * no-setup-dependencies.patch
  * fix-dependencies.patch
  * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
  * Use pyqrcodeng rather than pyqrcode.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14

2022-02-28 06:21:54 +00:00

2 Commits