wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-28 16:20:24 +08:00
Code Issues Packages Projects Releases Wiki Activity
475 Commits 3 Branches 26 Tags
156ccaecc104f18fa4815eadd520681faab46c38
Commit Graph

39 Commits

Author SHA1 Message Date
Matt Wright d87765fc3b PEP8 polish 2013-07-22 12:37:44 -04:00
Matt Wright 78903fa2e5 Make password length message configurable. 2013-07-02 10:36:22 -04:00
Matt Wright c24af5ca6e Whitespace! 2013-05-28 11:11:37 -04:00
Matt Wright 8708fd8514 Update form messaging to be more flexible. Fixes #80 2013-03-13 13:40:35 -04:00
Luca Invernizzi 48dd3fa5bf NextFormMixin security bug fixed: open redirect 
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
 2013-03-05 21:20:45 +00:00
Matt Wright f1f621d178 Merge pull request #78 from eskil/change_password_form 
Change password form
 2013-02-01 15:16:45 -08:00
Matt Wright c49d9b57ed Make login form messages configurable 2013-02-01 17:32:54 -05:00
Matt Wright 34b3bf9e80 Fix CSRF functionality for LoginForm 
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
 2013-02-01 17:23:18 -05:00
Eskil Heyn Olsen cca9298e74 Fix and test redir to configurable view post change 2013-01-12 19:56:50 -08:00
Eskil Heyn Olsen 508f4d1b52 Fix change password form 2013-01-12 15:57:52 -08:00
Eskil Heyn Olsen 9a47ec1ed9 Working on change password form 2013-01-11 22:35:54 -08:00
Eskil Heyn Olsen c5c27768f2 First pieces of change password form 2013-01-11 19:07:07 -08:00
Matt Wright f566f41fb3 Merge pull request #58 from eskil/registerform 
Configurable forms
 2013-01-08 07:10:14 -08:00
Christophe Simonis a89b76d648 do not break API. add a new function to verify and update password 2013-01-08 01:01:02 +01:00
Christophe Simonis d0497fc886 update password automatically 2013-01-08 00:49:20 +01:00
Matt Wright 2a0b582911 Change csrf_enabled parameter in forms to check for incoming JSON data. Fix #63 2013-01-06 20:41:01 -05:00
Eskil Heyn Olsen 1a87a4cd0c Fix to RegisterForm.to_dict. 
Only add fields that are also attributes on the
datastorage.user_model.
 2013-01-03 23:29:50 -08:00
Eskil Heyn Olsen b15736accd RegisterFormMixin can now to_dict all fields. 
It adds a to_dict function that uses inspect to add all wtf Field
to the returned dict. This allows extensions to the register form
to easily add fields that will be passed to the datastore's
create_user function.
 2013-01-03 19:07:00 -08:00
Matt Wright 6b80aae7d1 Fix error 2012-09-26 16:25:22 -04:00
Matt Wright e1dbed816c Simplify login form a bit 2012-09-19 01:22:09 -04:00
Matt Wright e423390050 Simplify login form to only include one relevant error message 2012-09-18 23:49:44 -04:00
Matt Wright f1c52d01aa Even more polish 2012-08-23 20:56:13 -04:00
Matt Wright 6e754ed356 Major refactoring. Got rid of exceptions/errors in favor of using simple return values. Update tests to ensure full coverage according to nose coverage plugin 2012-08-23 17:58:33 -04:00
Matt Wright 57595bbab4 Refactor forms and views a bit. Add more validation to forms 2012-08-23 14:56:35 -04:00
Matt Wright 17416cb535 Always encrypt password when creating a user 2012-08-21 18:55:42 -04:00
Matt Wright 58685f2bb4 Decent clean up. Get rid of AuthProvider class in favor of keeping it simple 2012-08-21 17:04:41 -04:00
Matt Wright 828a973339 Add already confirmed scenario. Let datastore work without a request context 2012-08-21 01:50:40 -04:00
Matt Wright f2d5028d7c Prefer form error messages in some instances 2012-08-21 00:59:46 -04:00
Matt Wright 705b73afc1 Form refactoring 2012-08-20 23:40:20 -04:00
Matt Wright bebaac49e3 Forgo redirecting authentication endpoint so that login form errors can be displayed 2012-08-20 23:35:17 -04:00
Matt Wright adb550a9f2 Improve RegisterUserForm 2012-08-16 19:05:42 -04:00
Matt Wright 704af1011a Fix up forms to grab values in certain cases 2012-08-16 18:31:32 -04:00
Matt Wright 7554a52732 Cleanup and some more messaging additions 2012-08-15 11:56:26 -04:00
Matt Wright 318cb3dc6e First commit of passwordless login 2012-08-14 19:01:49 -04:00
Matt Wright f170cb434c Use a stateful object instead of arbitrary assignment of extension on app object 2012-07-16 19:07:19 -04:00
Matt Wright da031b8d15 Simplify routing a tiny bit 2012-07-12 11:29:42 -04:00
Matt Wright b9a6a9c5a8 Use itsdangerous for activation and password reset tokens so they do not need to be stored in the database 2012-07-11 15:06:54 -04:00
Matt Wright a902530773 Refactor forms and import other commonly used functions into package 2012-06-19 11:55:23 -04:00
Matt Wright c20f244d66 Big code cleanup 2012-06-18 16:51:43 -04:00