a0e2037747
invalidate password reset tokens when the passwords changes
...
Check that the previous password is the same as it was when this
password reset request was generated.
2015-05-11 21:52:57 -07:00
2e08ec87a6
Merge pull request #352 from fuhrysteve/develop
...
X-Forwarded-For can contain multiple IP addresses
2015-05-02 13:46:21 -04:00
4d3c1c0bdc
Merge pull request #347 from Jaza/slash-url-suffix
...
re #343 : Add slash before or after token in flask-security URLs correctly
2015-05-02 13:43:36 -04:00
f2a5e4b614
Normalize import paths. Fixes #313
2015-05-02 13:25:26 -04:00
923ad720a1
X-Forwarded-For can contain multiple IP addresses
...
From the nginx docs:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
> $proxy_add_x_forwarded_for
> the “X-Forwarded-For” client request header field with the $remote_addr
> variable appended to it, separated by a comma. If the “X-Forwarded-For”
> field is not present in the client request header, the
> $proxy_add_x_forwarded_for variable is equal to the $remote_addr
> variable.
Use the last IP address in X-Forwarded-For. For this to work properly
behind a trusted proxy, you must be using ProxyFix as described in the
flask & werkzeug documentation.
2014-12-29 08:31:19 -05:00
665b164618
split docstring into multiple lines to make travis CI happy
2014-11-28 13:50:25 +11:00
4d70f016ad
re #343 : Add slash before or after token in flask-security URLs correctly
2014-11-28 10:36:31 +11:00
824a52b883
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-10-13 13:25:08 -04:00
fe7e4c4afc
Add additional steps to the test_change_hash_type and make change to verify_and_update_password to make the test pass. Fixes #328 .
2014-10-13 13:25:01 -04:00
5bc37add88
Update to use (url_next.netloc or url_next.scheme) in the validate_redirect_url open redirect patch.
2014-10-01 09:49:00 -07:00
8b036f2a3e
Prevent open redirects when a malformed URL is passed to ?next=
...
Example: "/login?next=http:///google.com " (note 3rd slash)
2014-09-26 11:08:58 -07:00
2aeee348d4
Fix two typos in docstrings
2014-08-27 23:37:58 -04:00
577a3a8110
Enable ‘next’ redirection after registration.
2014-07-03 15:21:03 +02:00
0a48997fdd
Improve encoding of strings. Addresses #231 and #253
2014-06-10 11:47:35 -04:00
96f1b3e0d1
Fix tests to pass python 3
2014-06-10 11:12:40 -04:00
0facdaacd9
Make validate_redirect_url smarter. Fixes #261 .
2014-06-10 10:48:56 -04:00
58b7fa8e2e
Check X-Forwarded-For header value when tracking IP addresses. Fixes #234
2014-05-06 12:35:50 -04:00
fff71e3e04
Polish
2014-05-06 07:57:00 -04:00
510d1356a2
A bunch of adjustments to satisfy existing tests and even some new ones
2014-03-14 15:26:53 -04:00
f3014d01df
Convert all tests to use pytest. Phew!
2014-03-13 18:28:25 -04:00
1395df334e
Changing verify_password so it works like verify_and_update_password. Currently verify_password was not only creating a hmac hash but also encrypting (encrypt_password is first hmac-signing and then encrypting).
...
Removed unneccessary and wrong tests.
2014-02-20 16:46:49 +02:00
f854c24094
Merge pull request #205 from HereLabsInc/catch_decoding_errors
...
catch possible TypeError and ValueError from serializer
2014-01-24 07:31:51 -08:00
45c8951877
passes tests
2014-01-24 04:41:41 +00:00
b4d1a7c921
update to make test run red
2014-01-23 23:33:11 +00:00
b2174bf035
catch possible TypeError and ValueError from serializer
2014-01-23 23:26:18 +00:00
35fd08772b
Add configured password hash test back and fix bug with checking passwords
2014-01-14 10:34:57 -05:00
f1447b2adc
Work in progress
2013-12-19 16:12:29 -05:00
615bc00c26
Add flask_security.utils documentation for selected functions. Addressed #169
2013-12-19 12:57:11 -05:00
1ae6bc3cf1
Add the ability to specify additional fields on the user model that can be used for logging in.
2013-10-16 14:00:36 -04:00
5a780ce741
simplified get_max_age return value
2013-09-05 18:12:31 +03:00
9ddb909342
removed unnecessary utcnow call
...
is this code required here?
2013-09-03 15:32:49 +03:00
d87765fc3b
PEP8 polish
2013-07-22 12:37:44 -04:00
d19bb98abd
Version 1.6.4 changes. Refer to CHANGES for updates. Fixes #123 #121 #120 $119
2013-06-18 14:56:12 -04:00
c24af5ca6e
Whitespace!
2013-05-28 11:11:37 -04:00
bf260d4b7e
Add optional next parameter to registration endpoint. Fixes #117 .
2013-05-28 11:01:42 -04:00
f1cca43d9c
sending signals fixed
2013-04-03 12:36:53 +02:00
8085e0031e
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
2013-02-03 22:14:32 +04:00
f1f621d178
Merge pull request #78 from eskil/change_password_form
...
Change password form
2013-02-01 15:16:45 -08:00
e9b40a12c8
Fix for Python 2.6
2013-01-14 00:26:46 -05:00
ded62a556b
Add a password-changed signal
2013-01-12 19:03:02 -08:00
6adc26a897
Get rid of strftime in favor of total_seconds. Fixes #67
2013-01-09 14:02:42 -05:00
a89b76d648
do not break API. add a new function to verify and update password
2013-01-08 01:01:02 +01:00
d0497fc886
update password automatically
2013-01-08 00:49:20 +01:00
675b29b4fe
Minor style fixes
2013-01-06 14:40:09 -08:00
ae6f3b6753
Document and unit-test the signals.
...
Adds description of signals to docmentation. Adds unit-tests of
signal behaviour and tests parameters.
2013-01-06 14:12:18 -08:00
ee4c8f2a3f
Fix login_user method to actually return a True or False value as mentioned in mattupstate/flask-social-example#8
2012-12-11 15:10:26 -05:00
1f8fb48727
a bit of code polish and an attempt to speed up the tests
2012-09-16 16:43:28 -04:00
96f2be056d
Move anonymous_user_required to decorators
2012-09-16 16:05:24 -04:00
f928db298d
Refactor datastore implementation
2012-08-24 11:38:25 -04:00
23cc774f96
Add error for bad configuration
2012-08-24 00:27:22 -04:00
Nick Retallack