Commit Graph

264 Commits

Author SHA1 Message Date
Matt Wright 6f9869e9c2 import auth_required into top level package 2013-03-27 17:20:31 -04:00
Matt Wright ba1758e5c7 Bump version number to 1.6.0 2013-03-13 14:06:34 -04:00
Matt Wright 8708fd8514 Update form messaging to be more flexible. Fixes #80 2013-03-13 13:40:35 -04:00
Matt Wright 520b8ecef4 Show an invalid confirmation token message if a user attempts to confirm their account after it has been deleted. Fixes #93 2013-03-13 12:27:26 -04:00
Matt Wright 34aa43ead3 Merge pull request #100 from chrishaines/develop
Make subdomain configurable
2013-03-13 09:10:16 -07:00
Matt Wright 8ecc3b9a78 Add user to request context for http basic and token auth 2013-03-13 12:09:28 -04:00
Chris Haines c0d1d0566f Make subdomain configurable 2013-03-13 00:13:54 -04:00
Matt Wright bbe99b5436 Fixes #98 2013-03-07 15:38:34 -05:00
Luca Invernizzi 48dd3fa5bf NextFormMixin security bug fixed: open redirect
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
2013-03-05 21:20:45 +00:00
Matt Wright 38a1dfa336 Merge pull request #85 from chrishaines/template_list
Template paths can be specified in config
2013-03-03 18:38:35 -08:00
rumori ae64370478 added option to disable register email 2013-02-20 17:04:47 +01:00
Artem Andreev 8085e0031e Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols 2013-02-03 22:14:32 +04:00
Chris Haines 4f414cf70f Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list
Conflicts:
	requirements.txt
2013-02-01 19:40:01 -05:00
Matt Wright adb2680289 Add change password endpoint 2013-02-01 18:21:43 -05:00
Matt Wright f1f621d178 Merge pull request #78 from eskil/change_password_form
Change password form
2013-02-01 15:16:45 -08:00
Matt Wright 840f72a589 Merge pull request #82 from maebert/flask-peewee
Flask-Peewee support
2013-02-01 14:44:52 -08:00
Matt Wright c49d9b57ed Make login form messages configurable 2013-02-01 17:32:54 -05:00
Matt Wright 34b3bf9e80 Fix CSRF functionality for LoginForm
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
2013-02-01 17:23:18 -05:00
Chris Haines 02c49ee423 Paths for templates are now configurable 2013-01-29 22:24:11 -05:00
Manuel Ebert 51e06bdbb0 Fixes typo in find_or_create_role 2013-01-29 15:46:59 -08:00
Manuel Ebert 462fb1ae7e Convenience method for finding or creating a role
`datastore. find_or_create_role("admin")` will now always return a role
with the name admin; useful for initialisation,
2013-01-28 18:58:11 -08:00
Manuel Ebert aea5b91649 Method stub parameters and docs for find_role didn't match implementations. 2013-01-28 18:57:19 -08:00
Manuel Ebert 5687f2f5a9 Adds support for flask-peewee 2013-01-25 16:52:50 -08:00
Matt Wright 84759b5dbd Merge pull request #73 from apahomov/multiple-auth-mechanisms
Multiple auth mechanisms
2013-01-16 19:37:55 -08:00
apahomov 3f9ca423bd Calling auth methods 2013-01-14 16:11:09 +04:00
apahomov bbed019ca5 Add auth_required decorator that allows multiple auth mechanisms 2013-01-14 15:45:18 +04:00
Eskil Heyn Olsen 3081d76787 Fix passing category to login required message 2013-01-13 23:25:16 -08:00
apahomov 1a0ddff82b Get auth token from JSON request. 2013-01-14 10:54:48 +04:00
Matt Wright e9b40a12c8 Fix for Python 2.6 2013-01-14 00:26:46 -05:00
Eskil Heyn Olsen 3adb4afd60 Minor wording fix 2013-01-12 23:58:47 -08:00
Eskil Heyn Olsen cca9298e74 Fix and test redir to configurable view post change 2013-01-12 19:56:50 -08:00
Eskil Heyn Olsen 4f9e23e0bc Fix email forms to have externally available links 2013-01-12 19:34:53 -08:00
Eskil Heyn Olsen ded62a556b Add a password-changed signal 2013-01-12 19:03:02 -08:00
Eskil Heyn Olsen 508f4d1b52 Fix change password form 2013-01-12 15:57:52 -08:00
Eskil Heyn Olsen 050ccb847a Forgot to add form 2013-01-12 14:55:30 -08:00
Eskil Heyn Olsen b67e61d625 Change password form 2013-01-12 14:40:42 -08:00
Eskil Heyn Olsen 9a47ec1ed9 Working on change password form 2013-01-11 22:35:54 -08:00
Eskil Heyn Olsen c5c27768f2 First pieces of change password form 2013-01-11 19:07:07 -08:00
Matt Wright 6adc26a897 Get rid of strftime in favor of total_seconds. Fixes #67 2013-01-09 14:02:42 -05:00
Matt Wright f566f41fb3 Merge pull request #58 from eskil/registerform
Configurable forms
2013-01-08 07:10:14 -08:00
Eskil Heyn Olsen e4190a0315 Add kwargs for configurable forms.
Specifically list out the kwargs so we'll get an interpreter error
on a bad name.
2013-01-07 21:43:33 -08:00
Christophe Simonis a89b76d648 do not break API. add a new function to verify and update password 2013-01-08 01:01:02 +01:00
Christophe Simonis d0497fc886 update password automatically 2013-01-08 00:49:20 +01:00
Christophe Simonis a1c007599f allow change of hash scheme 2013-01-08 00:15:21 +01:00
Eskil Heyn Olsen 81040a57a6 Views get forms from _security 2013-01-06 20:20:06 -08:00
Matt Wright d760aa41c5 Merge branch 'master' into develop 2013-01-06 21:01:53 -05:00
Matt Wright 53576c6013 Set Flask-Login messages 2013-01-06 21:01:35 -05:00
Matt Wright 029466830d Bump version number to 1.5.4 2013-01-06 20:43:02 -05:00
Matt Wright 2a0b582911 Change csrf_enabled parameter in forms to check for incoming JSON data. Fix #63 2013-01-06 20:41:01 -05:00
Eskil Heyn Olsen 675b29b4fe Minor style fixes 2013-01-06 14:40:09 -08:00