Matt Wright
6f9869e9c2
import auth_required into top level package
2013-03-27 17:20:31 -04:00
Matt Wright
ba1758e5c7
Bump version number to 1.6.0
2013-03-13 14:06:34 -04:00
Matt Wright
8708fd8514
Update form messaging to be more flexible. Fixes #80
2013-03-13 13:40:35 -04:00
Matt Wright
520b8ecef4
Show an invalid confirmation token message if a user attempts to confirm their account after it has been deleted. Fixes #93
2013-03-13 12:27:26 -04:00
Matt Wright
34aa43ead3
Merge pull request #100 from chrishaines/develop
...
Make subdomain configurable
2013-03-13 09:10:16 -07:00
Matt Wright
8ecc3b9a78
Add user to request context for http basic and token auth
2013-03-13 12:09:28 -04:00
Chris Haines
c0d1d0566f
Make subdomain configurable
2013-03-13 00:13:54 -04:00
Matt Wright
bbe99b5436
Fixes #98
2013-03-07 15:38:34 -05:00
Luca Invernizzi
48dd3fa5bf
NextFormMixin security bug fixed: open redirect
...
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
2013-03-05 21:20:45 +00:00
Matt Wright
38a1dfa336
Merge pull request #85 from chrishaines/template_list
...
Template paths can be specified in config
2013-03-03 18:38:35 -08:00
rumori
ae64370478
added option to disable register email
2013-02-20 17:04:47 +01:00
Artem Andreev
8085e0031e
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
2013-02-03 22:14:32 +04:00
Chris Haines
4f414cf70f
Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list
...
Conflicts:
requirements.txt
2013-02-01 19:40:01 -05:00
Matt Wright
adb2680289
Add change password endpoint
2013-02-01 18:21:43 -05:00
Matt Wright
f1f621d178
Merge pull request #78 from eskil/change_password_form
...
Change password form
2013-02-01 15:16:45 -08:00
Matt Wright
840f72a589
Merge pull request #82 from maebert/flask-peewee
...
Flask-Peewee support
2013-02-01 14:44:52 -08:00
Matt Wright
c49d9b57ed
Make login form messages configurable
2013-02-01 17:32:54 -05:00
Matt Wright
34b3bf9e80
Fix CSRF functionality for LoginForm
...
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
2013-02-01 17:23:18 -05:00
Chris Haines
02c49ee423
Paths for templates are now configurable
2013-01-29 22:24:11 -05:00
Manuel Ebert
51e06bdbb0
Fixes typo in find_or_create_role
2013-01-29 15:46:59 -08:00
Manuel Ebert
462fb1ae7e
Convenience method for finding or creating a role
...
`datastore. find_or_create_role("admin")` will now always return a role
with the name admin; useful for initialisation,
2013-01-28 18:58:11 -08:00
Manuel Ebert
aea5b91649
Method stub parameters and docs for find_role didn't match implementations.
2013-01-28 18:57:19 -08:00
Manuel Ebert
5687f2f5a9
Adds support for flask-peewee
2013-01-25 16:52:50 -08:00
Matt Wright
84759b5dbd
Merge pull request #73 from apahomov/multiple-auth-mechanisms
...
Multiple auth mechanisms
2013-01-16 19:37:55 -08:00
apahomov
3f9ca423bd
Calling auth methods
2013-01-14 16:11:09 +04:00
apahomov
bbed019ca5
Add auth_required decorator that allows multiple auth mechanisms
2013-01-14 15:45:18 +04:00
Eskil Heyn Olsen
3081d76787
Fix passing category to login required message
2013-01-13 23:25:16 -08:00
apahomov
1a0ddff82b
Get auth token from JSON request.
2013-01-14 10:54:48 +04:00
Matt Wright
e9b40a12c8
Fix for Python 2.6
2013-01-14 00:26:46 -05:00
Eskil Heyn Olsen
3adb4afd60
Minor wording fix
2013-01-12 23:58:47 -08:00
Eskil Heyn Olsen
cca9298e74
Fix and test redir to configurable view post change
2013-01-12 19:56:50 -08:00
Eskil Heyn Olsen
4f9e23e0bc
Fix email forms to have externally available links
2013-01-12 19:34:53 -08:00
Eskil Heyn Olsen
ded62a556b
Add a password-changed signal
2013-01-12 19:03:02 -08:00
Eskil Heyn Olsen
508f4d1b52
Fix change password form
2013-01-12 15:57:52 -08:00
Eskil Heyn Olsen
050ccb847a
Forgot to add form
2013-01-12 14:55:30 -08:00
Eskil Heyn Olsen
b67e61d625
Change password form
2013-01-12 14:40:42 -08:00
Eskil Heyn Olsen
9a47ec1ed9
Working on change password form
2013-01-11 22:35:54 -08:00
Eskil Heyn Olsen
c5c27768f2
First pieces of change password form
2013-01-11 19:07:07 -08:00
Matt Wright
6adc26a897
Get rid of strftime in favor of total_seconds. Fixes #67
2013-01-09 14:02:42 -05:00
Matt Wright
f566f41fb3
Merge pull request #58 from eskil/registerform
...
Configurable forms
2013-01-08 07:10:14 -08:00
Eskil Heyn Olsen
e4190a0315
Add kwargs for configurable forms.
...
Specifically list out the kwargs so we'll get an interpreter error
on a bad name.
2013-01-07 21:43:33 -08:00
Christophe Simonis
a89b76d648
do not break API. add a new function to verify and update password
2013-01-08 01:01:02 +01:00
Christophe Simonis
d0497fc886
update password automatically
2013-01-08 00:49:20 +01:00
Christophe Simonis
a1c007599f
allow change of hash scheme
2013-01-08 00:15:21 +01:00
Eskil Heyn Olsen
81040a57a6
Views get forms from _security
2013-01-06 20:20:06 -08:00
Matt Wright
d760aa41c5
Merge branch 'master' into develop
2013-01-06 21:01:53 -05:00
Matt Wright
53576c6013
Set Flask-Login messages
2013-01-06 21:01:35 -05:00
Matt Wright
029466830d
Bump version number to 1.5.4
2013-01-06 20:43:02 -05:00
Matt Wright
2a0b582911
Change csrf_enabled parameter in forms to check for incoming JSON data. Fix #63
2013-01-06 20:41:01 -05:00
Eskil Heyn Olsen
675b29b4fe
Minor style fixes
2013-01-06 14:40:09 -08:00