Matt Wright
76cf3eaf6a
Do not expose user info in /reset responses. Fixes #249
2014-06-10 12:24:19 -04:00
Matt Wright
a6b5d3053c
Use safe_str_cmp when evaluating tokens. Fixes #252
2014-06-10 12:14:58 -04:00
Matt Wright
0a48997fdd
Improve encoding of strings. Addresses #231 and #253
2014-06-10 11:47:35 -04:00
Matt Wright
96f1b3e0d1
Fix tests to pass python 3
2014-06-10 11:12:40 -04:00
Matt Wright
0facdaacd9
Make validate_redirect_url smarter. Fixes #261 .
2014-06-10 10:48:56 -04:00
Matt Wright
3d5b37cef2
Polish for static analysis
2014-05-06 13:14:25 -04:00
Matt Wright
58b7fa8e2e
Check X-Forwarded-For header value when tracking IP addresses. Fixes #234
2014-05-06 12:35:50 -04:00
Matt Wright
fff71e3e04
Polish
2014-05-06 07:57:00 -04:00
Matt Wright
510d1356a2
A bunch of adjustments to satisfy existing tests and even some new ones
2014-03-14 15:26:53 -04:00
Matt Wright
f3014d01df
Convert all tests to use pytest. Phew!
2014-03-13 18:28:25 -04:00
Matt Wright
ed645b51f2
Fix confirmation endpoint to flash an "already confirmed" message if user attempts to confirm after already being confirmed
2014-03-13 17:18:39 -04:00
Matt Wright
bc60c021a3
Fix password_changed signal to behave like the other signals. Fixes #222
2014-03-13 09:35:54 -04:00
Ahti Kitsik
1395df334e
Changing verify_password so it works like verify_and_update_password. Currently verify_password was not only creating a hmac hash but also encrypting (encrypt_password is first hmac-signing and then encrypting).
...
Removed unneccessary and wrong tests.
2014-02-20 16:46:49 +02:00
Anton Barkovsky
09f6f64e5b
Make logout view do nothing if the user is already logged out
2014-02-04 16:51:00 +03:00
Bruno Rocha
922a038d28
Merge https://github.com/mattupstate/flask-security into develop
2014-01-24 14:06:03 -02:00
Matt Wright
668b4ee651
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-01-24 10:32:09 -05:00
Matt Wright
f854c24094
Merge pull request #205 from HereLabsInc/catch_decoding_errors
...
catch possible TypeError and ValueError from serializer
2014-01-24 07:31:51 -08:00
Matt Wright
d314e54680
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-01-24 10:25:01 -05:00
Matt Wright
2e57734d1f
Add @anonymous_user_required to register endpoint. Fixes #212
2014-01-24 10:23:42 -05:00
Klaus Klein
c658ee4500
Update script.py for Python 2's print statement vs. Python 3's function.
2014-01-24 10:21:41 +01:00
Jameson
45c8951877
passes tests
2014-01-24 04:41:41 +00:00
Jameson
b4d1a7c921
update to make test run red
2014-01-23 23:33:11 +00:00
Jameson
b2174bf035
catch possible TypeError and ValueError from serializer
2014-01-23 23:26:18 +00:00
Matt Wright
316d945d96
Bump version number to 1.7.1
2014-01-14 10:41:53 -05:00
Matt Wright
35fd08772b
Add configured password hash test back and fix bug with checking passwords
2014-01-14 10:34:57 -05:00
Matt Wright
76fc578cf5
Bump version number to 1.7.0
2014-01-10 14:40:24 -05:00
Matt Wright
8d2815798f
WIP
2013-12-24 12:38:05 -05:00
Bruno Rocha
01a4199a16
Merge https://github.com/mattupstate/flask-security into develop
...
Conflicts:
flask_security/views.py
2013-12-23 13:55:13 -02:00
Matt Wright
f1447b2adc
Work in progress
2013-12-19 16:12:29 -05:00
Matt Wright
ce439b7fec
Merge pull request #193 from nickretallack/develop
...
Fix attempts to log in without a password, or without confirming your email
2013-12-19 11:39:47 -08:00
Matt Wright
af8e9f7ca5
Render auth token when registering a use with JSON
2013-12-19 14:26:47 -05:00
Matt Wright
d7d090afc6
Polish
2013-12-19 14:00:44 -05:00
Matt Wright
11b8222ec5
Add SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL config option to optionally send password reset notice emails. Addresses #199
2013-12-19 13:56:34 -05:00
Matt Wright
be8448a7cf
Merge pull request #197 from kelvinhammond/patch-1
...
Update NextFormMixin.validate_next to check if next was even specified
2013-12-19 10:46:45 -08:00
Matt Wright
fe170e6eb3
Fixes #196
2013-12-19 13:45:14 -05:00
Matt Wright
f0e60dd2d1
Merge pull request #177 from srijan/patch-1
...
Use get_json instead of json
2013-12-19 10:09:20 -08:00
Matt Wright
095ade8bbc
Merge pull request #176 from lojack/develop
...
this fixes #175
2013-12-19 10:08:51 -08:00
Matt Wright
615bc00c26
Add flask_security.utils documentation for selected functions. Addressed #169
2013-12-19 12:57:11 -05:00
Matt Wright
be9af2e107
Merge branch 'develop' into configurable_login_fields
2013-12-19 12:16:02 -05:00
Matt Wright
2f21523d47
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2013-12-19 12:10:09 -05:00
kelvinhammond
986a48c5e0
Update forms.py
...
Fixed: If login.next is not passed form throws error
2013-12-14 13:01:41 -06:00
Nick Retallack
1596ef75d4
login_without_confirmation should allow you to log in without confirmation
2013-12-11 03:12:29 -08:00
Nick Retallack
292f89c204
Prevent it from exploding if you try to log in with a user who has no password in the database.
2013-12-11 03:08:58 -08:00
sanek
e0881ed6a0
Added a config parameter for change password template
2013-11-22 18:02:35 +04:00
Bruno Rocha
23b128bcbd
Allow overwritten on render_template to use Flask-Themes based app
2013-11-07 04:57:54 -02:00
Srijan Choudhary
e1c7ec303f
Use get_json instead of json
...
The `request.json` method now calls `get_json`, which raises `BadRequest` if there is no json data or some error with it. So, it cannot be directly used as a check for presence of json data. This code currently returns a bad request if content type is `application/json` but json data is empty.
https://github.com/mitsuhiko/flask/blob/master/flask/wrappers.py#L110
2013-10-31 10:19:12 +05:30
Robert Clark
b6007cb515
this fixes #175
2013-10-30 18:04:42 -04:00
Matt Wright
1ae6bc3cf1
Add the ability to specify additional fields on the user model that can be used for logging in.
2013-10-16 14:00:36 -04:00
Matt Wright
80f5fa8dbb
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2013-10-16 11:16:17 -04:00
Matt Wright
75794d5527
Merge pull request #158 from kleschenko/patch-2
...
removed unnecessary utcnow call
2013-10-16 08:16:09 -07:00