pool/python-Flask-Security-Too
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • b2cb55c21a Accepting request 1177933 from devel:languages:python:flask factory Ana Guerrero 2024-06-03 15:41:31 +00:00
  • 1fc62f52ba Accepting request 1177931 from home:alarrosa:branches:devel:languages:python:flask Antonio Larrosa 2024-05-31 12:37:30 +00:00
  • c3b5ffd546 Accepting request 1146065 from devel:languages:python:flask Ana Guerrero 2024-02-13 21:42:06 +00:00
  • e13f1e343f - Add patch support-python-312.patch: * Support Python 3.12 changes. Steve Kowalik 2024-02-12 04:12:14 +00:00
  • 115cc5899a Accepting request 1137307 from devel:languages:python:flask Dominique Leuenberger 2024-01-07 20:39:58 +00:00
  • 3bd00a4f52 - Update to 5.3.3: Fix for CVE-2023-49438 (bsc#1218412). Matej Cepl 2024-01-06 21:36:14 +00:00
  • 16e8f9fb46 Accepting request 1137163 from devel:languages:python:flask Dominique Leuenberger 2024-01-06 16:29:23 +00:00
  • 3edb6fcfc7 Accepting request 1137061 from home:alarrosa:branches:devel:languages:python:flask Antonio Larrosa 2024-01-05 21:58:32 +00:00
  • 80d5ceb0d5 Accepting request 1131006 from devel:languages:python:flask Ana Guerrero 2023-12-06 22:47:19 +00:00
  • 84ca0b6b82 Accepting request 1130288 from home:alarrosa:branches:devel:languages:python:flask Markéta Machová 2023-12-05 14:59:45 +00:00
  • 26f9f0dd2f Accepting request 1129021 from devel:languages:python:flask Ana Guerrero 2023-11-27 21:43:22 +00:00
  • 03cd46358f - Update to 5.3.2: * Update Quickstart to show how to properly handle SQLAlchemy connections. * Auth Token not returned from /tf-validate. * Fix for latest email_validator deprecation - bump minimum to 2.0.0 * Deprecate passing in the anonymous_user class * Compatability with Flask 3.0 * Revert change in 5.3.0 that added a Referrer-Policy header. * Fix 'next' propagation when passed as form.next - Drop patch filterwarnings-ignore-pkg_resources.patch, no longer needed Steve Kowalik 2023-11-27 06:30:26 +00:00
  • 099dd8d92b Accepting request 1114897 from devel:languages:python:flask Ana Guerrero 2023-10-04 20:31:10 +00:00
  • 1cb1b5b729 - Add required python-requests build dependency to fix tests. Daniel Garcia 2023-10-03 06:12:19 +00:00
  • 9aa56626d8 Accepting request 1102263 from devel:languages:python:flask Dominique Leuenberger 2023-08-15 14:39:54 +00:00
  • a16a39baaa - Update to 5.3.0: * Improvements to recoverability and confirmation to align with OWASP best practices and reduce possible exploitation. * Webauthn Updates to handling of transport. * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart. * Fix Quickstart for SQLAlchemy with scoped session. * Login no longer, by default, checks for email deliverability. * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S) * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix. * Reset password can be exploited and other OWASP improvements. * Confirmation can be exploited and other OWASP improvements. * Convert to pyproject.toml, build, remove setup.py/.cfg. * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response. * Fix login/unified signin templates to properly send CSRF token. Add more tests. * Improve Social Oauth example code. - 5.2.0: * Small updates to work with latest Flask/Werkzeug. * Drop support for Python 3.7 * Drop support for older versions of dependent packages (such as Flask). * Remove old Werkzeug compatibility check. * Compatibility with Quart. * Remove dependence on pkg_resources / setuptools (use importlib_resources package) * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases. * Drop support for Python 3.7 - 5.1.2: * Hungarian translations not working. * Fix documentation for send_mail. (gg) * Fix for latest mongoengine and mongomock. * Fix inappropriate use of &thinsp& in French translations. (maxdup) * Improve documentation around subclassing forms. Daniel Garcia 2023-08-03 11:53:44 +00:00
  • 1cef12be90 Accepting request 1078318 from devel:languages:python:flask Dominique Leuenberger 2023-04-11 11:51:03 +00:00
  • 4f393c44e1 - Add patch filterwarnings-ignore-pkg_resources.patch: * Filter out DeprecationWarning for pkg_resources. - Add Authlib to BuildRequires. Steve Kowalik 2023-04-11 05:13:08 +00:00
  • acdff0d753 Accepting request 1069082 from devel:languages:python:flask Dominique Leuenberger 2023-03-03 21:28:27 +00:00
  • e9860f1d83 - Update to 5.1.1: * Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a too aggressive config check. * Fix json/flask backwards compatibility hack. * Fix unified signup when two-factor not enabled. (sebdroid) * Add dependency on setuptools (pkg_resources). (hroncok) * Option to encrypt recovery codes. * Support for authentication via 'social' oauth. * Support for Python 3.11 * Fixes for Flask-SQLAlchemy 3.0.0. (jrast) * Fixes for sqlalchemy 2.0.0 (jrast) * Webauthn and Unified signin features now properly take into account blueprint prefixes. * Properly propagate ?next=/xx - the verify, webauthn, and unified signin endpoints, that had multiple redirects, needed fixes. * Two factor redirects ignored url_prefix. Added a SECURITY_TWO_FACTOR_ERROR_VIEW configuration option. * Add configurations for static folder/URL and make sure templates reference blueprint relative static folder. * Send entire context to MailUtil::send_mail (patrickyan) * Support for Flask-Babel 3.0.0 * Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is redirected to upon successful change of a two factor method. * The ability to pass in a LoginManager instance which was deprecated in 5.0 has been removed. - Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream. - Refresh all other patches. Steve Kowalik 2023-03-03 06:22:07 +00:00
  • 460a2083f3 Accepting request 1056308 from devel:languages:python:flask Dominique Leuenberger 2023-01-06 16:05:52 +00:00
  • 7a1b702abb - Add patch support-Flask-SQLAlchemy-3.0.patch: * Support Flask-SQLAlchemy >= 3.0 Steve Kowalik 2023-01-06 03:54:53 +00:00
  • f90de4f67f Accepting request 1007165 from devel:languages:python:flask Dominique Leuenberger 2022-10-03 13:59:29 +00:00
  • ae8071c5bc - Upate to 5.0.2: * Role permissions backwards compatibility bug. * Fix Change Password regression. * Support for WebAuthn. * Support Two-factor recovery codes. * Provide option to prevent user enumeration (i.e. Generic Responses). * Support for Python 3.10. * Support for Flask >= 2.2. * Add custom HTML attributes to improve user experience. * Make the required zxcvbn complexity score configurable. * Get rid of Flask-Mail. Flask-Mailman is now the default preferred email package. * A delete option has been added to us-setup (form and view). * Improve username support - the LoginForm now has a separate field for username. * Fix test and other failures with newer Flask-Login/Werkzeug versions. * Fix test failures with newer Flask versions. - Drop patch endswith-assert.patch: * Included upstream. - Rebase patches no-mongodb.patch and use-pyqrcodeng.patch - Update {Build,}Requires versions. Steve Kowalik 2022-09-30 06:53:24 +00:00
  • 5999476e73 Accepting request 1001868 from devel:languages:python:flask Dominique Leuenberger 2022-09-08 12:23:35 +00:00
  • a4cc480bc8 - Use email-validator, not email_validator package name. Steve Kowalik 2022-09-08 06:45:39 +00:00
  • 339e037ab3 Accepting request 970480 from devel:languages:python:flask Dominique Leuenberger 2022-04-17 21:50:45 +00:00
  • 93e24eacdb Accepting request 970479 from home:mcepl:branches:devel:languages:python:flask Matej Cepl 2022-04-16 23:06:35 +00:00
  • b3022aab9e Accepting request 963734 from devel:languages:python:flask Dominique Leuenberger 2022-03-21 19:13:18 +00:00
  • 5810889e65 Accepting request 963529 from home:pgajdos:python Matej Cepl 2022-03-21 15:11:50 +00:00
  • 5a9500f268 Accepting request 959706 from devel:languages:python:flask Dominique Leuenberger 2022-03-06 17:15:46 +00:00
  • d69555dcfb Accepting request 959654 from home:apersaud:branches:devel:languages:python:flask Matej Cepl 2022-03-06 07:24:48 +00:00
  • 1556b24eb6 Accepting request 957960 from devel:languages:python:flask Dominique Leuenberger 2022-02-28 18:43:29 +00:00
  • 0d52f70841 - Update to 4.1.2: * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX * Add public API and CLI command to change a user's password. * Add type hints. Please note that many of the packages that flask-security * Add first-class support for using username for signing in. * Possible open redirect vulnerability. * Improve cookie handling and default `samesite to Strict. * Email validation confusion - added documentation. * Add documentation on how to override specific error messages. * Don't install global-scope tests. * Add Blinker as explicit dependency, improve/fix celery usage docs, don't require pyqrcode unless authenticator configured, improve SMS configuration variables documentation. * Your UserModel must contain fs_uniquifier * Removal of python 2.7 and <3.6 support * Remove two-factor /tf-confirm endpoint and use generic freshness mechanism. * Remove SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)`. In addition to not making sense - the documentation has never been correct. * Add 2FA Validity Window so an application can configure how often the second factor has to be entered. * Add HTML5 Email input types to email fields. - Refresh no-mongodb.patch - Drop patches: * no-setup-dependencies.patch * fix-dependencies.patch * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch - Add patch use-pyqrcodeng.patch: * Use pyqrcodeng rather than pyqrcode. Steve Kowalik 2022-02-28 06:21:54 +00:00
  • 1437fae416 Comment on the status of some dependencies Matej Cepl 2021-12-22 08:37:26 +00:00
  • 6986c13b44 Accepting request 904704 from devel:languages:python:flask Dominique Leuenberger 2021-07-08 20:49:16 +00:00
  • 74db06d2d0 Accepting request 900215 from home:alarrosa:branches:devel:languages:python:flask Antonio Larrosa 2021-07-08 06:18:37 +00:00
  • f8aec1f130 Accepting request 819755 from devel:languages:python:flask Dominique Leuenberger 2020-07-10 12:13:07 +00:00
  • 4de1dc57e8 Accepting request 818071 from home:mcalabkova:branches:devel:languages:python:flask Ondřej Súkup 2020-07-09 15:20:13 +00:00
  • 8b0e17cc2f Accepting request 805566 from devel:languages:python:flask Dominique Leuenberger 2020-05-14 21:27:12 +00:00
  • 01ef32b8cc Accepting request 805559 from home:alarrosa:branches:devel:languages:python:flask Tomáš Chvátal 2020-05-14 10:21:18 +00:00
  • 965f2c3a71 - Add patch to not pull in babel/twine/pytest-runner as upstream needs those but we really don't require them during a rpm build: * no-setup-dependencies.patch Tomáš Chvátal 2020-05-14 06:36:28 +00:00
  • cb6be0fa55 Accepting request 801333 from devel:languages:python:flask Dominique Leuenberger 2020-05-13 20:55:55 +00:00
  • dacbbc37bb Accepting request 801217 from home:alarrosa:branches:devel:languages:python:flask Petr Cervinka 2020-05-07 17:13:58 +00:00
  • 39ebdc7c6c Accepting request 791500 from devel:languages:python:flask Dominique Leuenberger 2020-04-05 18:56:58 +00:00
  • f09a0096d0 - Update to 3.4.0: * (:pr:257) Support a unified sign in feature. Please see :ref:unified-sign-in. * (:pr:265) Add phone number validation class. This is used in both unified sign in as well as two-factor when using sms. * (:pr:274) Add support for 'freshness' of caller's authentication. This permits endpoints to be additionally protected by ensuring a recent authentication. * (:issue:99, :issue:195) Support pluggable password validators. Provide a default validator that offers complexity and breached support. * (:issue:266) Provide interface to two-factor send_token so that applications can provide error mitigation. Defaults to returning errors if can't send the verification code. * (:pr:247) Updated all-inclusive data models (fsqlaV2). Add fields necessary for the new unified sign in feature and changed 'username' to be unique (but not required). * (:pr:245) Use fs_uniquifier as the default Flask-Login 'alternative token'. Basically this means that changing the fs_uniquifier will cause outstanding auth tokens, session and remember me cookies to be invalidated. So if an account gets compromised, an admin can easily stop access. Prior to this cookies were storing the 'id' which is the user's primary key - difficult to change! (kishi85) - Enable the testing - Add patch to not require mongodb during testing: * no-mongodb.patch Tomáš Chvátal 2020-04-05 08:37:47 +00:00
  • 74fc384ae9 Accepting request 788172 from devel:languages:python:flask Dominique Leuenberger 2020-03-25 22:46:55 +00:00
  • 8058944e0f Accepting request 788170 from home:alarrosa:branches:devel:languages:python:flask Ondřej Súkup 2020-03-25 12:00:22 +00:00