7e8551763e
Changing is_authenticated from function to property & updating Flask-Login>=0.3.0
2015-09-11 10:31:01 -05:00
c10c9050c7
test: reset password on a user who has no password
...
The user may have been invited via a social network or an invitation
system.
2015-05-11 23:22:30 -07:00
4411470202
test: invalidate used password reset tokens
...
Also pep8 compliance and suggested changes.
2015-05-11 23:12:05 -07:00
10fd1844d8
Allow overriding of unauthorized callback.
...
Related to issue #255 .
2015-05-02 20:17:38 +02:00
8a62b5f193
Merge pull request #361 from nfvs/add_headers_to_auth_required
...
Include WWW-Authenticate headers in @auth_required.
2015-05-02 13:50:23 -04:00
2e08ec87a6
Merge pull request #352 from fuhrysteve/develop
...
X-Forwarded-For can contain multiple IP addresses
2015-05-02 13:46:21 -04:00
916f5ee012
Use StringField instead of TextField. Fixes #312
2015-05-02 13:05:46 -04:00
bc1f5dd7f9
Stricter tests for signals and a small docs update. Fixes #308
2015-05-02 12:59:02 -04:00
4659d10c5c
forgot password endpoint should be for anonymous users only. Fixes #291
2015-05-02 12:11:05 -04:00
3681823fcf
Include WWW-Authenticate headers in @auth_required.
...
When using @http_auth_required, the WWW-Authenticate header is included,
but when using @auth_required('basic'), it is not. This change includes
that header in every @auth_required call that contains the 'basic'
method.
2015-01-30 11:27:53 +01:00
923ad720a1
X-Forwarded-For can contain multiple IP addresses
...
From the nginx docs:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
> $proxy_add_x_forwarded_for
> the “X-Forwarded-For” client request header field with the $remote_addr
> variable appended to it, separated by a comma. If the “X-Forwarded-For”
> field is not present in the client request header, the
> $proxy_add_x_forwarded_for variable is equal to the $remote_addr
> variable.
Use the last IP address in X-Forwarded-For. For this to work properly
behind a trusted proxy, you must be using ProxyFix as described in the
flask & werkzeug documentation.
2014-12-29 08:31:19 -05:00
2cffb6634d
Fix case sensitivity when searching for users by email address. Fixes #323 .
2014-10-13 13:34:11 -04:00
824a52b883
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-10-13 13:25:08 -04:00
fe7e4c4afc
Add additional steps to the test_change_hash_type and make change to verify_and_update_password to make the test pass. Fixes #328 .
2014-10-13 13:25:01 -04:00
8b036f2a3e
Prevent open redirects when a malformed URL is passed to ?next=
...
Example: "/login?next=http:///google.com " (note 3rd slash)
2014-09-26 11:08:58 -07:00
76ad77a233
Compare a string (not bytes) for PY3 support
2014-09-17 11:39:19 -04:00
679cee7969
Add default/global context processor. Fixes #306
2014-09-17 11:27:44 -04:00
3d7b97ac31
Forgot password form should not validate if user has not confirmed their email address yet. Fixes #298
2014-09-17 11:21:31 -04:00
15c9ef1d07
Attempt to fix tests.
2014-07-03 15:48:55 +02:00
76cf3eaf6a
Do not expose user info in /reset responses. Fixes #249
2014-06-10 12:24:19 -04:00
0a48997fdd
Improve encoding of strings. Addresses #231 and #253
2014-06-10 11:47:35 -04:00
96f1b3e0d1
Fix tests to pass python 3
2014-06-10 11:12:40 -04:00
9cadf855a4
Adjust POST_LOGIN_VIEW and POST_LOGOUT_VIEW test
2014-06-10 10:42:28 -04:00
d185407ac4
Add mock X-Forwarded-For header in trackable tests
2014-05-06 13:14:14 -04:00
b08d7c2085
Clean up tests with some pytest marking
2014-05-06 11:58:39 -04:00
546680a94b
Polish
2014-03-14 15:33:25 -04:00
00e121c869
Remove duplicated line
2014-03-14 15:32:39 -04:00
e5111dbb0c
Add moar tests!
2014-03-14 15:26:20 -04:00
f3014d01df
Convert all tests to use pytest. Phew!
2014-03-13 18:28:25 -04:00
bc60c021a3
Fix password_changed signal to behave like the other signals. Fixes #222
2014-03-13 09:35:54 -04:00
1395df334e
Changing verify_password so it works like verify_and_update_password. Currently verify_password was not only creating a hmac hash but also encrypting (encrypt_password is first hmac-signing and then encrypting).
...
Removed unneccessary and wrong tests.
2014-02-20 16:46:49 +02:00
668b4ee651
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-01-24 10:32:09 -05:00
f854c24094
Merge pull request #205 from HereLabsInc/catch_decoding_errors
...
catch possible TypeError and ValueError from serializer
2014-01-24 07:31:51 -08:00
2e57734d1f
Add @anonymous_user_required to register endpoint. Fixes #212
2014-01-24 10:23:42 -05:00
b4d1a7c921
update to make test run red
2014-01-23 23:33:11 +00:00
f47fce9365
add test to show TypeError can occur
2014-01-23 23:26:18 +00:00
35fd08772b
Add configured password hash test back and fix bug with checking passwords
2014-01-14 10:34:57 -05:00
850b0e714b
Additional test fixes
2014-01-07 16:31:26 -05:00
8d2815798f
WIP
2013-12-24 12:38:05 -05:00
f7b645005e
work in progress
2013-12-20 13:39:41 -05:00
afaf6c7d62
Polish
2013-12-20 13:38:44 -05:00
f1447b2adc
Work in progress
2013-12-19 16:12:29 -05:00
d88299fc9b
Add test to check SECURITY_LOGIN_WITHOUT_CONFIRMATION feature
2013-12-19 14:40:43 -05:00
1ae6bc3cf1
Add the ability to specify additional fields on the user model that can be used for logging in.
2013-10-16 14:00:36 -04:00
9999325ffb
Show an error if a user tries to change their password and its the same as before. Fixes #160
2013-10-16 11:15:17 -04:00
55ffe2563e
Update test names and add docstring.
2013-10-02 08:24:27 -06:00
20c16107e8
Add test for 'SECURITY_SEND_PASSWORD_CHANGE_EMAIL' configuration
2013-09-22 09:55:07 -06:00
6b3d65d6d6
Fix flask-login test setting
2013-09-03 12:20:56 -04:00
1e958115e1
Fix tests
2013-09-03 11:55:13 -04:00
7c906de427
When logging in user lookups on email should be case insensitive
2013-08-01 16:22:28 -04:00
Alejandro Villanueva