8005709997
Fix use of is_active for Flask-Login>=0.3.0
2015-11-11 16:02:41 -05:00
f2a5e4b614
Normalize import paths. Fixes #313
2015-05-02 13:25:26 -04:00
916f5ee012
Use StringField instead of TextField. Fixes #312
2015-05-02 13:05:46 -04:00
2cffb6634d
Fix case sensitivity when searching for users by email address. Fixes #323 .
2014-10-13 13:34:11 -04:00
3d7b97ac31
Forgot password form should not validate if user has not confirmed their email address yet. Fixes #298
2014-09-17 11:21:31 -04:00
577a3a8110
Enable ‘next’ redirection after registration.
2014-07-03 15:21:03 +02:00
510d1356a2
A bunch of adjustments to satisfy existing tests and even some new ones
2014-03-14 15:26:53 -04:00
f3014d01df
Convert all tests to use pytest. Phew!
2014-03-13 18:28:25 -04:00
f1447b2adc
Work in progress
2013-12-19 16:12:29 -05:00
ce439b7fec
Merge pull request #193 from nickretallack/develop
...
Fix attempts to log in without a password, or without confirming your email
2013-12-19 11:39:47 -08:00
be8448a7cf
Merge pull request #197 from kelvinhammond/patch-1
...
Update NextFormMixin.validate_next to check if next was even specified
2013-12-19 10:46:45 -08:00
fe170e6eb3
Fixes #196
2013-12-19 13:45:14 -05:00
986a48c5e0
Update forms.py
...
Fixed: If login.next is not passed form throws error
2013-12-14 13:01:41 -06:00
292f89c204
Prevent it from exploding if you try to log in with a user who has no password in the database.
2013-12-11 03:08:58 -08:00
1ae6bc3cf1
Add the ability to specify additional fields on the user model that can be used for logging in.
2013-10-16 14:00:36 -04:00
9999325ffb
Show an error if a user tries to change their password and its the same as before. Fixes #160
2013-10-16 11:15:17 -04:00
6f68f1d540
Fix imports from Flask-WTF
2013-08-15 12:46:09 +04:00
7c906de427
When logging in user lookups on email should be case insensitive
2013-08-01 16:22:28 -04:00
d87765fc3b
PEP8 polish
2013-07-22 12:37:44 -04:00
78903fa2e5
Make password length message configurable.
2013-07-02 10:36:22 -04:00
c24af5ca6e
Whitespace!
2013-05-28 11:11:37 -04:00
8708fd8514
Update form messaging to be more flexible. Fixes #80
2013-03-13 13:40:35 -04:00
48dd3fa5bf
NextFormMixin security bug fixed: open redirect
...
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
2013-03-05 21:20:45 +00:00
f1f621d178
Merge pull request #78 from eskil/change_password_form
...
Change password form
2013-02-01 15:16:45 -08:00
c49d9b57ed
Make login form messages configurable
2013-02-01 17:32:54 -05:00
34b3bf9e80
Fix CSRF functionality for LoginForm
...
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
2013-02-01 17:23:18 -05:00
cca9298e74
Fix and test redir to configurable view post change
2013-01-12 19:56:50 -08:00
508f4d1b52
Fix change password form
2013-01-12 15:57:52 -08:00
9a47ec1ed9
Working on change password form
2013-01-11 22:35:54 -08:00
c5c27768f2
First pieces of change password form
2013-01-11 19:07:07 -08:00
f566f41fb3
Merge pull request #58 from eskil/registerform
...
Configurable forms
2013-01-08 07:10:14 -08:00
a89b76d648
do not break API. add a new function to verify and update password
2013-01-08 01:01:02 +01:00
d0497fc886
update password automatically
2013-01-08 00:49:20 +01:00
2a0b582911
Change csrf_enabled parameter in forms to check for incoming JSON data. Fix #63
2013-01-06 20:41:01 -05:00
1a87a4cd0c
Fix to RegisterForm.to_dict.
...
Only add fields that are also attributes on the
datastorage.user_model.
2013-01-03 23:29:50 -08:00
b15736accd
RegisterFormMixin can now to_dict all fields.
...
It adds a to_dict function that uses inspect to add all wtf Field
to the returned dict. This allows extensions to the register form
to easily add fields that will be passed to the datastore's
create_user function.
2013-01-03 19:07:00 -08:00
6b80aae7d1
Fix error
2012-09-26 16:25:22 -04:00
e1dbed816c
Simplify login form a bit
2012-09-19 01:22:09 -04:00
e423390050
Simplify login form to only include one relevant error message
2012-09-18 23:49:44 -04:00
f1c52d01aa
Even more polish
2012-08-23 20:56:13 -04:00
6e754ed356
Major refactoring. Got rid of exceptions/errors in favor of using simple return values. Update tests to ensure full coverage according to nose coverage plugin
2012-08-23 17:58:33 -04:00
57595bbab4
Refactor forms and views a bit. Add more validation to forms
2012-08-23 14:56:35 -04:00
17416cb535
Always encrypt password when creating a user
2012-08-21 18:55:42 -04:00
58685f2bb4
Decent clean up. Get rid of AuthProvider class in favor of keeping it simple
2012-08-21 17:04:41 -04:00
828a973339
Add already confirmed scenario. Let datastore work without a request context
2012-08-21 01:50:40 -04:00
f2d5028d7c
Prefer form error messages in some instances
2012-08-21 00:59:46 -04:00
705b73afc1
Form refactoring
2012-08-20 23:40:20 -04:00
bebaac49e3
Forgo redirecting authentication endpoint so that login form errors can be displayed
2012-08-20 23:35:17 -04:00
adb550a9f2
Improve RegisterUserForm
2012-08-16 19:05:42 -04:00
704af1011a
Fix up forms to grab values in certain cases
2012-08-16 18:31:32 -04:00
Jon Banafato