2e01cab3f8
polish
2013-03-07 15:38:41 -05:00
bbe99b5436
Fixes #98
2013-03-07 15:38:34 -05:00
246ab41479
Merge pull request #96 from invernizzi/develop
...
NextFormMixin security bug fixed: open redirect
2013-03-05 13:58:08 -08:00
48dd3fa5bf
NextFormMixin security bug fixed: open redirect
...
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
2013-03-05 21:20:45 +00:00
7db5fe32a8
Turn on testing flag for test app
2013-03-04 14:57:29 -05:00
38a1dfa336
Merge pull request #85 from chrishaines/template_list
...
Template paths can be specified in config
2013-03-03 18:38:35 -08:00
8b41b531a6
Merge pull request #91 from intonarumori/develop
...
added option to disable register email
2013-02-20 15:06:46 -08:00
4a048a4918
updated doc with new registration email option
2013-02-20 17:37:30 +01:00
ae64370478
added option to disable register email
2013-02-20 17:04:47 +01:00
b03f355fae
Merge pull request #88 from andreev-artem/develop
...
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
2013-02-03 12:12:04 -08:00
8085e0031e
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
2013-02-03 22:14:32 +04:00
dbc2dcc625
Removed flask-script as a dependency in setup.py
2013-02-01 19:43:13 -05:00
ad6227006e
Fixed lack of newline in requirements.txt
2013-02-01 19:41:42 -05:00
4f414cf70f
Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list
...
Conflicts:
requirements.txt
2013-02-01 19:40:01 -05:00
adb2680289
Add change password endpoint
2013-02-01 18:21:43 -05:00
f1f621d178
Merge pull request #78 from eskil/change_password_form
...
Change password form
2013-02-01 15:16:45 -08:00
996e162d11
Merge pull request #70 from eskil/formsdocs
...
Clarify user model/register form interaction in docs.
2013-02-01 14:59:40 -08:00
840f72a589
Merge pull request #82 from maebert/flask-peewee
...
Flask-Peewee support
2013-02-01 14:44:52 -08:00
eca83f83ac
Test configured login form messages better
2013-02-01 17:37:03 -05:00
0f070b494a
Merge branch 'feature/login_form_messages' into develop
2013-02-01 17:33:22 -05:00
0ea1e0c03d
Update CHANGES
2013-02-01 17:33:15 -05:00
c49d9b57ed
Make login form messages configurable
2013-02-01 17:32:54 -05:00
8d7e0f5190
Merge branch 'feature/csrf_testing' into develop
2013-02-01 17:25:36 -05:00
012781103a
Update CHANGES
2013-02-01 17:25:30 -05:00
34b3bf9e80
Fix CSRF functionality for LoginForm
...
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
2013-02-01 17:23:18 -05:00
4c203a4777
Removed extra line.
2013-01-29 22:29:31 -05:00
02c49ee423
Paths for templates are now configurable
2013-01-29 22:24:11 -05:00
3f243d1c11
Updated flask version and added flask-script to setup.py.
2013-01-29 19:51:25 -05:00
cf37d59d47
Updated requirements to reflect packages in setup.py
2013-01-29 19:27:05 -05:00
75c10c75d9
Fixed typo in requirements.txt
2013-01-29 19:13:20 -05:00
51e06bdbb0
Fixes typo in find_or_create_role
2013-01-29 15:46:59 -08:00
462fb1ae7e
Convenience method for finding or creating a role
...
`datastore. find_or_create_role("admin")` will now always return a role
with the name admin; useful for initialisation,
2013-01-28 18:58:11 -08:00
aea5b91649
Method stub parameters and docs for find_role didn't match implementations.
2013-01-28 18:57:19 -08:00
e3e96d546a
Another small fix for the peewee docs
2013-01-25 16:59:48 -08:00
46c2355a7e
FIxes peewee description on quickstart
2013-01-25 16:58:21 -08:00
423e430e04
Docs for flask-peewee
2013-01-25 16:54:18 -08:00
70b11d9015
Unit-tests for flask-peewee
2013-01-25 16:53:01 -08:00
5687f2f5a9
Adds support for flask-peewee
2013-01-25 16:52:50 -08:00
b82a8d681d
Merge pull request #79 from maebert/develop
...
Fixes dependencies
2013-01-25 08:08:05 -08:00
29af22bd6e
Updated requirements.txt to reflect setup.py
...
Also fixes a typo (`passlib=1.5.3` is not a valid line)
2013-01-24 16:24:50 -08:00
68f8127286
Updates dependencies to Flask>=0.9
...
after_this_request was introduced in 0.9-dev
2013-01-24 16:23:48 -08:00
647e1a06d5
Add test to ensure it is disabled
2013-01-17 20:35:23 -08:00
84759b5dbd
Merge pull request #73 from apahomov/multiple-auth-mechanisms
...
Multiple auth mechanisms
2013-01-16 19:37:55 -08:00
39f62374aa
Added tests
2013-01-15 10:30:48 +04:00
4de2cbcf9f
Merge pull request #72 from eskil/please_login_msg
...
Fix passing category to login required message
2013-01-14 07:17:05 -08:00
3f9ca423bd
Calling auth methods
2013-01-14 16:11:09 +04:00
bbed019ca5
Add auth_required decorator that allows multiple auth mechanisms
2013-01-14 15:45:18 +04:00
3081d76787
Fix passing category to login required message
2013-01-13 23:25:16 -08:00
1a0ddff82b
Get auth token from JSON request.
2013-01-14 10:54:48 +04:00
e9b40a12c8
Fix for Python 2.6
2013-01-14 00:26:46 -05:00
Matt Wright