From d19bb98abd38940a5f258c5005c983e65475d3bc Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Tue, 18 Jun 2013 14:56:12 -0400
Subject: [PATCH] Version 1.6.4 changes. Refer to CHANGES for updates. Fixes
 #123 #121 #120 $119

---
 CHANGES                   |  4 +++-
 flask_security/core.py    | 11 +++++------
 flask_security/utils.py   |  5 ++++-
 flask_security/views.py   |  6 +++---
 setup.py                  | 10 +++++-----
 tests/functional_tests.py |  2 +-
 tests/signals_tests.py    | 17 ++++++++++++-----
 7 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7cf2674..9d0125b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,8 +7,10 @@ Here you can see the full list of changes between each Flask-Security release.
 Version 1.6.4
 -------------
 
-Not yet released
+Released June 18th 2013
 
+- Added `SECURITY_DEFAULT_REMEMBER_ME` configuration value to unify behavior between endpoints
+- Fixed Flask-Login dependency problem
 - Added optional `next` parameter to registration endpoint, similar to that of login
 
 
diff --git a/flask_security/core.py b/flask_security/core.py
index aa32324..be736a0 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -10,8 +10,8 @@
 """
 
 from flask import current_app
-from flask.ext.login import AnonymousUser as AnonymousUserBase, \
-    UserMixin as BaseUserMixin, LoginManager, current_user
+from flask.ext.login import AnonymousUserMixin, UserMixin as BaseUserMixin, \
+    LoginManager, current_user
 from flask.ext.principal import Principal, RoleNeed, UserNeed, Identity, \
     identity_loaded
 from itsdangerous import URLSafeTimedSerializer
@@ -76,6 +76,7 @@ _default_config = {
     'LOGIN_SALT': 'login-salt',
     'CHANGE_SALT': 'change-salt',
     'REMEMBER_SALT': 'remember-salt',
+    'DEFAULT_REMEMBER_ME': False,
     'DEFAULT_HTTP_AUTH_REALM': 'Login Required',
     'EMAIL_SUBJECT_REGISTER': 'Welcome',
     'EMAIL_SUBJECT_CONFIRM': 'Please confirm your email',
@@ -153,8 +154,7 @@ def _token_loader(token):
             return user
     except:
         pass
-
-    return None
+    return AnonymousUser()
 
 
 def _identity_loader():
@@ -272,11 +272,10 @@ class UserMixin(BaseUserMixin):
             return role in self.roles
 
 
-class AnonymousUser(AnonymousUserBase):
+class AnonymousUser(AnonymousUserMixin):
     """AnonymousUser definition"""
 
     def __init__(self):
-        super(AnonymousUser, self).__init__()
         self.roles = ImmutableList()
 
     def has_role(self, *args):
diff --git a/flask_security/utils.py b/flask_security/utils.py
index 6fa29dd..9258a76 100644
--- a/flask_security/utils.py
+++ b/flask_security/utils.py
@@ -38,9 +38,12 @@ _datastore = LocalProxy(lambda: _security.datastore)
 _pwd_context = LocalProxy(lambda: _security.pwd_context)
 
 
-def login_user(user, remember=True):
+def login_user(user, remember=None):
     """Performs the login and sends the appropriate signal."""
 
+    if remember is None:
+        remember = config_value('DEFAULT_REMEMBER_ME')
+
     if not _login_user(user, remember):
         return False
 
diff --git a/flask_security/views.py b/flask_security/views.py
index 89c5342..dc25c46 100644
--- a/flask_security/views.py
+++ b/flask_security/views.py
@@ -170,7 +170,7 @@ def token_login(token):
     if invalid or expired:
         return redirect(url_for('login'))
 
-    login_user(user, True)
+    login_user(user)
     after_this_request(_commit)
     do_flash(*get_message('PASSWORDLESS_LOGIN_SUCCESSFUL'))
 
@@ -218,7 +218,7 @@ def confirm_email(token):
                         url_for('send_confirmation'))
 
     confirm_user(user)
-    login_user(user, True)
+    login_user(user)
     after_this_request(_commit)
     do_flash(*get_message('EMAIL_CONFIRMED'))
 
@@ -269,7 +269,7 @@ def reset_password(token):
         after_this_request(_commit)
         update_password(user, form.password.data)
         do_flash(*get_message('PASSWORD_RESET'))
-        login_user(user, True)
+        login_user(user)
         return redirect(get_url(_security.post_reset_view) or
                         get_url(_security.post_login_view))
 
diff --git a/setup.py b/setup.py
index e0fbbf7..2da51f9 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup
 
 setup(
     name='Flask-Security',
-    version='1.6.3',
+    version='1.6.4',
     url='https://github.com/mattupstate/flask-security',
     license='MIT',
     author='Matt Wright',
@@ -35,10 +35,10 @@ setup(
     platforms='any',
     install_requires=[
         'Flask>=0.9',
-        'Flask-Login>=0.1.3',
-        'Flask-Mail>=0.7.3',
-        'Flask-Principal>=0.3.3',
-        'Flask-WTF>=0.8',
+        'Flask-Login==0.2.3',
+        'Flask-Mail==0.7.3',
+        'Flask-Principal==0.3.3',
+        'Flask-WTF==0.8',
         'itsdangerous>=0.17',
         'passlib>=1.6.1',
     ],
diff --git a/tests/functional_tests.py b/tests/functional_tests.py
index c808d6f..a23ff64 100644
--- a/tests/functional_tests.py
+++ b/tests/functional_tests.py
@@ -60,7 +60,7 @@ class DefaultSecurityTests(SecurityTest):
 
     def test_unauthorized_access(self):
         r = self._get('/profile', follow_redirects=True)
-        self.assertIn('<li class="message">Please log in to access this page.</li>', r.data)
+        self.assertIn('<li class="info">Please log in to access this page.</li>', r.data)
 
     def test_authorized_access(self):
         self.authenticate()
diff --git a/tests/signals_tests.py b/tests/signals_tests.py
index 386f05d..ff045cb 100644
--- a/tests/signals_tests.py
+++ b/tests/signals_tests.py
@@ -15,7 +15,14 @@ def compare_user(a, b):
     return a.id == b.id and a.email == b.email and a.password == b.password
 
 
-class RegisterableSignalsTests(SecurityTest):
+class SignalTest(SecurityTest):
+
+    def _create_app(self, auth_config, **kwargs):
+        from tests.test_app.mongoengine import create_app
+        return create_app(auth_config, **kwargs)
+
+
+class RegisterableSignalsTests(SignalTest):
 
     AUTH_CONFIG = {
         'SECURITY_CONFIRMABLE': True,
@@ -42,7 +49,7 @@ class RegisterableSignalsTests(SecurityTest):
         self.assertEqual(mocks.signals_sent(), set())
 
 
-class ConfirmableSignalsTests(SecurityTest):
+class ConfirmableSignalsTests(SignalTest):
 
     AUTH_CONFIG = {
         'SECURITY_CONFIRMABLE': True,
@@ -103,7 +110,7 @@ class ConfirmableSignalsTests(SecurityTest):
         self.assertEqual(mocks.signals_sent(), set())
 
 
-class RecoverableSignalsTests(SecurityTest):
+class RecoverableSignalsTests(SignalTest):
 
     AUTH_CONFIG = {
         'SECURITY_RECOVERABLE': True,
@@ -153,7 +160,7 @@ class RecoverableSignalsTests(SecurityTest):
         self.assertEqual(mocks.signals_sent(), set())
 
 
-class ChangeableSignalsTests(SecurityTest):
+class ChangeableSignalsTests(SignalTest):
 
     AUTH_CONFIG = {
         'SECURITY_CHANGEABLE': True,
@@ -204,7 +211,7 @@ class ChangeableSignalsTests(SecurityTest):
         self.assertEqual(mocks.signals_sent(), set())
 
 
-class PasswordlessTests(SecurityTest):
+class PasswordlessTests(SignalTest):
 
     AUTH_CONFIG = {
         'SECURITY_PASSWORDLESS': True