wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
421 Commits 3 Branches 26 Tags
37d84ddd735cbb3daa7fbee7b178a4e89ca5afc7
Commit Graph

421 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew J. Camenga 37d84ddd73 corrected link for Flask-WTF 2013-03-29 08:37:51 -04:00
Matt Wright 6f9869e9c2 import auth_required into top level package 2013-03-27 17:20:31 -04:00
Matt Wright abc061ba46 Change .travis.yml 2013-03-19 14:11:23 -04:00
Matt Wright 95c80e5677 See if pypy works 2013-03-19 13:28:42 -04:00
Matt Wright ba1758e5c7 Bump version number to 1.6.0 1.6.0 2013-03-13 14:06:34 -04:00
Matt Wright 36198c1993 Update CHANGE 2013-03-13 14:06:08 -04:00
Matt Wright 8708fd8514 Update form messaging to be more flexible. Fixes #80 2013-03-13 13:40:35 -04:00
Matt Wright 44a320ee74 Fix a failling test 2013-03-13 12:28:26 -04:00
Matt Wright 520b8ecef4 Show an invalid confirmation token message if a user attempts to confirm their account after it has been deleted. Fixes #93 2013-03-13 12:27:26 -04:00
Matt Wright 34aa43ead3 Merge pull request #100 from chrishaines/develop 
Make subdomain configurable
 2013-03-13 09:10:16 -07:00
Matt Wright 8ecc3b9a78 Add user to request context for http basic and token auth 2013-03-13 12:09:28 -04:00
Chris Haines c0d1d0566f Make subdomain configurable 2013-03-13 00:13:54 -04:00
Matt Wright 2e01cab3f8 polish 2013-03-07 15:38:41 -05:00
Matt Wright bbe99b5436 Fixes #98 2013-03-07 15:38:34 -05:00
Matt Wright 246ab41479 Merge pull request #96 from invernizzi/develop 
NextFormMixin security bug fixed: open redirect
 2013-03-05 13:58:08 -08:00
Luca Invernizzi 48dd3fa5bf NextFormMixin security bug fixed: open redirect 
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
 2013-03-05 21:20:45 +00:00
Matt Wright 7db5fe32a8 Turn on testing flag for test app 2013-03-04 14:57:29 -05:00
Matt Wright 38a1dfa336 Merge pull request #85 from chrishaines/template_list 
Template paths can be specified in config
 2013-03-03 18:38:35 -08:00
Matt Wright 8b41b531a6 Merge pull request #91 from intonarumori/develop 
added option to disable register email
 2013-02-20 15:06:46 -08:00
rumori 4a048a4918 updated doc with new registration email option 2013-02-20 17:37:30 +01:00
rumori ae64370478 added option to disable register email 2013-02-20 17:04:47 +01:00
Matt Wright b03f355fae Merge pull request #88 from andreev-artem/develop 
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
 2013-02-03 12:12:04 -08:00
Artem Andreev 8085e0031e Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols 2013-02-03 22:14:32 +04:00
Chris Haines dbc2dcc625 Removed flask-script as a dependency in setup.py 2013-02-01 19:43:13 -05:00
Chris Haines ad6227006e Fixed lack of newline in requirements.txt 2013-02-01 19:41:42 -05:00
Chris Haines 4f414cf70f Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list 
Conflicts:
	requirements.txt
 2013-02-01 19:40:01 -05:00
Matt Wright adb2680289 Add change password endpoint 2013-02-01 18:21:43 -05:00
Matt Wright f1f621d178 Merge pull request #78 from eskil/change_password_form 
Change password form
 2013-02-01 15:16:45 -08:00
Matt Wright 996e162d11 Merge pull request #70 from eskil/formsdocs 
Clarify user model/register form interaction in docs.
 2013-02-01 14:59:40 -08:00
Matt Wright 840f72a589 Merge pull request #82 from maebert/flask-peewee 
Flask-Peewee support
 2013-02-01 14:44:52 -08:00
Matt Wright eca83f83ac Test configured login form messages better 2013-02-01 17:37:03 -05:00
Matt Wright 0f070b494a Merge branch 'feature/login_form_messages' into develop 2013-02-01 17:33:22 -05:00
Matt Wright 0ea1e0c03d Update CHANGES 2013-02-01 17:33:15 -05:00
Matt Wright c49d9b57ed Make login form messages configurable 2013-02-01 17:32:54 -05:00
Matt Wright 8d7e0f5190 Merge branch 'feature/csrf_testing' into develop 2013-02-01 17:25:36 -05:00
Matt Wright 012781103a Update CHANGES 2013-02-01 17:25:30 -05:00
Matt Wright 34b3bf9e80 Fix CSRF functionality for LoginForm 
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
 2013-02-01 17:23:18 -05:00
Chris Haines 4c203a4777 Removed extra line. 2013-01-29 22:29:31 -05:00
Chris Haines 02c49ee423 Paths for templates are now configurable 2013-01-29 22:24:11 -05:00
Chris Haines 3f243d1c11 Updated flask version and added flask-script to setup.py. 2013-01-29 19:51:25 -05:00
Chris Haines cf37d59d47 Updated requirements to reflect packages in setup.py 2013-01-29 19:27:05 -05:00
Chris Haines 75c10c75d9 Fixed typo in requirements.txt 2013-01-29 19:13:20 -05:00
Manuel Ebert 51e06bdbb0 Fixes typo in find_or_create_role 2013-01-29 15:46:59 -08:00
Manuel Ebert 462fb1ae7e Convenience method for finding or creating a role 
`datastore. find_or_create_role("admin")` will now always return a role
with the name admin; useful for initialisation,
 2013-01-28 18:58:11 -08:00
Manuel Ebert aea5b91649 Method stub parameters and docs for find_role didn't match implementations. 2013-01-28 18:57:19 -08:00
Manuel Ebert e3e96d546a Another small fix for the peewee docs 2013-01-25 16:59:48 -08:00
Manuel Ebert 46c2355a7e FIxes peewee description on quickstart 2013-01-25 16:58:21 -08:00
Manuel Ebert 423e430e04 Docs for flask-peewee 2013-01-25 16:54:18 -08:00
Manuel Ebert 70b11d9015 Unit-tests for flask-peewee 2013-01-25 16:53:01 -08:00
Manuel Ebert 5687f2f5a9 Adds support for flask-peewee 2013-01-25 16:52:50 -08:00