wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
702 Commits 3 Branches 26 Tags
develop
Commit Graph

46 Commits

Author SHA1 Message Date
Alejandro Villanueva 7e8551763e Changing is_authenticated from function to property & updating Flask-Login>=0.3.0 2015-09-11 10:31:01 -05:00
Derek Rushing 17a79ed6a3 Merge branch 'develop' of https://github.com/mattupstate/flask-security into develop 2015-07-06 06:51:20 -05:00
Matt Wright 8a14abaa1e Fix failing test 2015-05-02 14:57:34 -04:00
Nuno Santos 10fd1844d8 Allow overriding of unauthorized callback. 
Related to issue #255.
 2015-05-02 20:17:38 +02:00
Matt Wright 8a62b5f193 Merge pull request #361 from nfvs/add_headers_to_auth_required 
Include WWW-Authenticate headers in @auth_required.
 2015-05-02 13:50:23 -04:00
Matt Wright f2a5e4b614 Normalize import paths. Fixes #313 2015-05-02 13:25:26 -04:00
Derek Rushing 4debc8d102 Modified check_token function to account for multiple objects being posted via JSON. Resolves issue with it throwing an error when it encounters a list instead of a dict type. 2015-02-18 10:20:22 -06:00
Nuno Santos 3681823fcf Include WWW-Authenticate headers in @auth_required. 
When using @http_auth_required, the WWW-Authenticate header is included,
but when using @auth_required('basic'), it is not. This change includes
that header in every @auth_required call that contains the 'basic'
method.
 2015-01-30 11:27:53 +01:00
Matt Wright f3014d01df Convert all tests to use pytest. Phew! 2014-03-13 18:28:25 -04:00
Srijan Choudhary e1c7ec303f Use get_json instead of json 
The `request.json` method now calls `get_json`, which raises `BadRequest` if there is no json data or some error with it. So, it cannot be directly used as a check for presence of json data. This code currently returns a bad request if content type is `application/json` but json data is empty.

https://github.com/mitsuhiko/flask/blob/master/flask/wrappers.py#L110
 2013-10-31 10:19:12 +05:30
Eric Butler d3cfddfcac Use token_callback for checking tokens. 
Fixes error if user is not found.
 2013-07-23 15:37:28 -07:00
Matt Wright e8b0c62818 Update CHANGES and a little polish 2013-04-04 10:23:51 -04:00
Rodrigue Cloutier 3575a2df18 Fixed http_auth when authorization is not provided in header 2013-04-03 21:29:04 -04:00
Matt Wright 8ecc3b9a78 Add user to request context for http basic and token auth 2013-03-13 12:09:28 -04:00
apahomov 3f9ca423bd Calling auth methods 2013-01-14 16:11:09 +04:00
apahomov bbed019ca5 Add auth_required decorator that allows multiple auth mechanisms 2013-01-14 15:45:18 +04:00
apahomov 1a0ddff82b Get auth token from JSON request. 2013-01-14 10:54:48 +04:00
Christophe Simonis a89b76d648 do not break API. add a new function to verify and update password 2013-01-08 01:01:02 +01:00
Christophe Simonis d0497fc886 update password automatically 2013-01-08 00:49:20 +01:00
Matt Wright 96f2be056d Move anonymous_user_required to decorators 2012-09-16 16:05:24 -04:00
Matt Wright 6322b4cbe1 Clean up 2012-08-23 20:37:27 -04:00
Matt Wright 6e754ed356 Major refactoring. Got rid of exceptions/errors in favor of using simple return values. Update tests to ensure full coverage according to nose coverage plugin 2012-08-23 17:58:33 -04:00
Matt Wright fa4668aa3f Use default values for encrypt_password and verify_password 2012-08-20 17:44:20 -04:00
Matt Wright a4356d786e More clean up 2012-08-17 15:06:54 -04:00
Matt Wright c36fee7fda Clean up 2012-08-17 15:05:22 -04:00
Matt Wright 009671090f Clean up and bug improvements 2012-08-16 18:20:42 -04:00
Matt Wright 68b0410d1b No need to keep authentication token in DB 2012-08-14 16:21:31 -04:00
Matt Wright e9adf91a27 More and more test coverage 2012-08-14 14:27:58 -04:00
Matt Wright 68dd972bfa Add more secure password storage via salt value and hmac 2012-07-18 13:27:30 -04:00
Matt Wright f170cb434c Use a stateful object instead of arbitrary assignment of extension on app object 2012-07-16 19:07:19 -04:00
Matt Wright 507de82aba Update docs 2012-07-13 16:06:10 -04:00
Matt Wright 0a0b5ecade Get rid of login_required decorator from roles_required and roles_accepted in order to be able to pair http_auth_required with roles_required or roles_accepted. Just be sure to put http_auth_required first. 2012-07-13 13:50:36 -04:00
Matt Wright 1d86d33b0b Add category for messages 2012-07-12 15:39:35 -04:00
Matt Wright 18c7a838b0 Make most messages configurable 2012-07-12 15:24:57 -04:00
Matt Wright aba98a3a03 clean up 2012-07-12 14:25:44 -04:00
Matt Wright e9b49b8e9e clean up 2012-07-12 14:25:10 -04:00
Matt Wright dcdfb4d3e7 Add configurable http auth realm and optional realm specification in http_auth_required decorator 2012-07-12 14:16:54 -04:00
Matt Wright a2d31d1d8d Add configurable default http auth header 2012-07-12 13:24:59 -04:00
Matt Wright 2e9c62b4f8 Refactor decorators a bit 2012-07-12 13:15:58 -04:00
Matt Wright dfcb3cdcc6 Add customizable unauthorized URL. Fixes #23 2012-07-12 12:47:21 -04:00
Matt Wright 5e1d18c9e8 Changed token auth a bit, including the use of itsdangerous. Also added JSON authentication feature 2012-07-11 16:31:21 -04:00
Matt Wright 74e94b2628 Merge branch 'develop' of github.com:mattupstate/flask-security into develop 2012-06-29 13:18:14 -04:00
Matt Wright 2ea835ec9f Add a bunch of doc strings and add some more configuration values 2012-06-29 12:37:22 -04:00
David Ignacio 24cd4938a5 correct roles_* decorator signature expectations 
Having multiple RoleNeed objects in a Permission does not require
all to be satisfied in order to .can(), but will return True if
any are present.  This makes the previous roles_required logic more
elegant for roles_accepted.  roles_required decorator needs to check
all permissions individually and return only if all permissions exist
 2012-06-22 00:15:43 -05:00
Matt Wright c20f244d66 Big code cleanup 2012-06-18 16:51:43 -04:00
Matt Wright c123e32ddc decorators for basic http auth and token auth 2012-06-14 18:04:14 -04:00