From 9d11dd0787b5b6da2379f7ea9a3d3390c5473e74 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 23 Dec 2012 16:47:14 -0500
Subject: [PATCH 1/6] Update dependency rules

---
 CHANGES  |  7 +++++++
 setup.py | 12 ++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index bac56db..81f5c3d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,13 @@ Flask-Security Changelog
 
 Here you can see the full list of changes between each Flask-Security release.
 
+Version 1.5.3
+-------------
+
+Released December 23rd 2012
+
+- Change dependency requirement
+
 Version 1.5.2
 -------------
 
diff --git a/setup.py b/setup.py
index 20dede4..5d8a289 100644
--- a/setup.py
+++ b/setup.py
@@ -35,12 +35,12 @@ setup(
     platforms='any',
     install_requires=[
         'Flask>=0.8',
-        'Flask-Login==0.1.3',
-        'Flask-Mail==0.7.3',
-        'Flask-Principal==0.3.3',
-        'Flask-WTF==0.8',
-        'itsdangerous==0.17',
-        'passlib==1.6.1',
+        'Flask-Login>=0.1.3',
+        'Flask-Mail>=0.7.3',
+        'Flask-Principal>=0.3.3',
+        'Flask-WTF>=0.8',
+        'itsdangerous>=0.17',
+        'passlib>=1.6.1',
     ],
     test_suite='nose.collector',
     tests_require=[

From f8fbd6cec849807dc6ef9f6e5d6a7959ddb7fd18 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 23 Dec 2012 16:47:20 -0500
Subject: [PATCH 2/6] Bump version number to 1.5.3

---
 docs/conf.py               | 2 +-
 flask_security/__init__.py | 2 +-
 setup.py                   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/conf.py b/docs/conf.py
index ece196b..f2b3688 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -49,7 +49,7 @@ copyright = u'2012, Matt Wright'
 # built documents.
 #
 # The short X.Y version.
-version = '1.5.2'
+version = '1.5.3'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/flask_security/__init__.py b/flask_security/__init__.py
index d25cdac..f112731 100644
--- a/flask_security/__init__.py
+++ b/flask_security/__init__.py
@@ -10,7 +10,7 @@
     :license: MIT, see LICENSE for more details.
 """
 
-__version__ = '1.5.2'
+__version__ = '1.5.3'
 
 from .core import Security, RoleMixin, UserMixin, AnonymousUser, current_user
 from .datastore import SQLAlchemyUserDatastore, MongoEngineUserDatastore
diff --git a/setup.py b/setup.py
index 5d8a289..2d33019 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup
 
 setup(
     name='Flask-Security',
-    version='1.5.2',
+    version='1.5.3',
     url='https://github.com/mattupstate/flask-security',
     license='MIT',
     author='Matt Wright',

From 2a0b582911078e930f533b8acde7d0c3078647a1 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 6 Jan 2013 20:41:01 -0500
Subject: [PATCH 3/6] Change `csrf_enabled` parameter in forms to check for
 incoming JSON data. Fix #63

---
 flask_security/forms.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/flask_security/forms.py b/flask_security/forms.py
index 373debc..dc99118 100644
--- a/flask_security/forms.py
+++ b/flask_security/forms.py
@@ -42,7 +42,11 @@ def valid_user_email(form, field):
 
 class Form(BaseForm):
     def __init__(self, *args, **kwargs):
-        kwargs.setdefault('csrf_enabled', not current_app.testing)
+        if current_app.testing:
+            csrf_enabled = False
+        else:
+            csrf_enabled = request.json is None
+        kwargs.setdefault('csrf_enabled', csrf_enabled)
         super(Form, self).__init__(*args, **kwargs)
 
 

From 31595196fccad991146aa81e627aa9cca2b9e3cd Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 6 Jan 2013 20:42:51 -0500
Subject: [PATCH 4/6] Update CHANGES

---
 CHANGES | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGES b/CHANGES
index 81f5c3d..d4dba59 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,15 @@ Flask-Security Changelog
 
 Here you can see the full list of changes between each Flask-Security release.
 
+
+Version 1.5.4
+-------------
+
+Released January 6th 2013
+
+- Fix bug in forms with `csrf_enabled` parameter not accounting attempts to login using JSON data
+
+
 Version 1.5.3
 -------------
 

From 029466830d0e50381b2067ae6b8bfe78e957e2d1 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 6 Jan 2013 20:43:02 -0500
Subject: [PATCH 5/6] Bump version number to 1.5.4

---
 docs/conf.py               | 2 +-
 flask_security/__init__.py | 2 +-
 setup.py                   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/conf.py b/docs/conf.py
index f2b3688..b132fc2 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -49,7 +49,7 @@ copyright = u'2012, Matt Wright'
 # built documents.
 #
 # The short X.Y version.
-version = '1.5.3'
+version = '1.5.4'
 # The full version, including alpha/beta/rc tags.
 release = version
 
diff --git a/flask_security/__init__.py b/flask_security/__init__.py
index f112731..f665380 100644
--- a/flask_security/__init__.py
+++ b/flask_security/__init__.py
@@ -10,7 +10,7 @@
     :license: MIT, see LICENSE for more details.
 """
 
-__version__ = '1.5.3'
+__version__ = '1.5.4'
 
 from .core import Security, RoleMixin, UserMixin, AnonymousUser, current_user
 from .datastore import SQLAlchemyUserDatastore, MongoEngineUserDatastore
diff --git a/setup.py b/setup.py
index 2d33019..cfead93 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup
 
 setup(
     name='Flask-Security',
-    version='1.5.3',
+    version='1.5.4',
     url='https://github.com/mattupstate/flask-security',
     license='MIT',
     author='Matt Wright',

From 53576c6013b4154628abbc83195014d9c394f386 Mon Sep 17 00:00:00 2001
From: Matt Wright <matt@nobien.net>
Date: Sun, 6 Jan 2013 21:01:35 -0500
Subject: [PATCH 6/6] Set Flask-Login messages

---
 flask_security/core.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/flask_security/core.py b/flask_security/core.py
index 94d60c8..c29de69 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -89,7 +89,9 @@ _default_messages = {
     'INVALID_LOGIN_TOKEN': ('Invalid login token.', 'error'),
     'DISABLED_ACCOUNT': ('Account is disabled.', 'error'),
     'PASSWORDLESS_LOGIN_SUCCESSFUL': ('You have successfuly logged in.', 'success'),
-    'PASSWORD_RESET': ('You successfully reset your password and you have been logged in automatically.', 'success')
+    'PASSWORD_RESET': ('You successfully reset your password and you have been logged in automatically.', 'success'),
+    'LOGIN': ('Please log in to access this page.', 'info'),
+    'REFRESH': ('Please reauthenticate to access this page.', 'info')
 }
 
 
@@ -131,6 +133,10 @@ def _get_login_manager(app):
     lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
     lm.user_loader(_user_loader)
     lm.token_loader(_token_loader)
+    lm.login_message = cv('MSG_LOGIN', app=app)
+    lm.login_message_category = 'info'
+    lm.needs_refresh_message = cv('MSG_REFRESH', app=app)
+    lm.needs_refresh_message_category = 'info'
     lm.init_app(app)
     return lm