* Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a
too aggressive config check.
* Fix json/flask backwards compatibility hack.
* Fix unified signup when two-factor not enabled. (sebdroid)
* Add dependency on setuptools (pkg_resources). (hroncok)
* Option to encrypt recovery codes.
* Support for authentication via 'social' oauth.
* Support for Python 3.11
* Fixes for Flask-SQLAlchemy 3.0.0. (jrast)
* Fixes for sqlalchemy 2.0.0 (jrast)
* Webauthn and Unified signin features now properly take into account
blueprint prefixes.
* Properly propagate ?next=/xx - the verify, webauthn, and unified signin
endpoints, that had multiple redirects, needed fixes.
* Two factor redirects ignored url_prefix. Added a
SECURITY_TWO_FACTOR_ERROR_VIEW configuration option.
* Add configurations for static folder/URL and make sure templates
reference blueprint relative static folder.
* Send entire context to MailUtil::send_mail (patrickyan)
* Support for Flask-Babel 3.0.0
* Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is
redirected to upon successful change of a two factor method.
* The ability to pass in a LoginManager instance which was deprecated in
5.0 has been removed.
- Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream.
- Refresh all other patches.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=27
* Role permissions backwards compatibility bug.
* Fix Change Password regression.
* Support for WebAuthn.
* Support Two-factor recovery codes.
* Provide option to prevent user enumeration (i.e. Generic Responses).
* Support for Python 3.10.
* Support for Flask >= 2.2.
* Add custom HTML attributes to improve user experience.
* Make the required zxcvbn complexity score configurable.
* Get rid of Flask-Mail. Flask-Mailman is now the default preferred email
package.
* A delete option has been added to us-setup (form and view).
* Improve username support - the LoginForm now has a separate field for
username.
* Fix test and other failures with newer Flask-Login/Werkzeug versions.
* Fix test failures with newer Flask versions.
- Drop patch endswith-assert.patch:
* Included upstream.
- Rebase patches no-mongodb.patch and use-pyqrcodeng.patch
- Update {Build,}Requires versions.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=23
* default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
* Add public API and CLI command to change a user's password.
* Add type hints. Please note that many of the packages that flask-security
* Add first-class support for using username for signing in.
* Possible open redirect vulnerability.
* Improve cookie handling and default ``samesite`` to ``Strict``.
* Email validation confusion - added documentation.
* Add documentation on how to override specific error messages.
* Don't install global-scope tests.
* Add Blinker as explicit dependency, improve/fix celery usage docs,
don't require pyqrcode unless authenticator configured, improve SMS
configuration variables documentation.
* Your UserModel must contain ``fs_uniquifier``
* Removal of python 2.7 and <3.6 support
* Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
mechanism.
* Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
addition to not making sense - the documentation has never been correct.
* Add 2FA Validity Window so an application can configure how often the
second factor has to be entered.
* Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
* no-setup-dependencies.patch
* fix-dependencies.patch
* 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
* Use pyqrcodeng rather than pyqrcode.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:flask/python-Flask-Security-Too?expand=0&rev=14
