wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-27 16:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
690 Commits 3 Branches 26 Tags
7e8551763eb6f3cdff1622d41be2b2d855655b92
Commit Graph

690 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alejandro Villanueva 7e8551763e Changing is_authenticated from function to property & updating Flask-Login>=0.3.0 2015-09-11 10:31:01 -05:00
Matt Wright 4049c06203 Merge pull request #366 from covertgeek/develop 
Modified check_token function to handle list-type JSON post
 2015-07-10 14:11:15 -04:00
Matt Wright 3b678b872f Merge pull request #400 from feliciaan/patch-1 
Fixes a small spelling error
 2015-07-10 14:07:15 -04:00
Derek Rushing 17a79ed6a3 Merge branch 'develop' of https://github.com/mattupstate/flask-security into develop 2015-07-06 06:51:20 -05:00
Derek Rushing d65c3cadcd Merge branch 'master' of https://github.com/mattupstate/flask-security into develop 2015-07-06 06:47:23 -05:00
Feliciaan De Palmenaer bf01ad0727 Fixes a small spelling error 2015-06-28 20:17:23 +02:00
Matt Wright cbd0db7c39 Merge pull request #398 from jonafato/bcrypt-hotfix 
Restrict bcrypt to <2.0.0
 2015-06-24 22:23:36 -05:00
Jon Banafato 398f5c920b Restrict bcrypt to <2.0.0 
As of 2.0.0, passlib no longer correctly identifies bcrypt as bcrypt
(instead, it mistakenly applies pybcrypt logic to bcrypt). This results
in all Python 3 logic involving bcrypt failing. As a hotfix, we should
require users to be on a version of bcrypt that passlib can handle a fix
can be pushed into passlib.
 2015-06-23 13:23:07 -04:00
Matt Wright 33252ae178 Merge pull request #389 from nickretallack/develop 
Reset Password Fixes
 2015-05-26 14:59:30 -04:00
Nick Retallack c10c9050c7 test: reset password on a user who has no password 
The user may have been invited via a social network or an invitation
system.
 2015-05-11 23:22:30 -07:00
Nick Retallack 5697ff80c3 ignore the eggs readme 2015-05-11 23:16:04 -07:00
Nick Retallack 4411470202 test: invalidate used password reset tokens 
Also pep8 compliance and suggested changes.
 2015-05-11 23:12:05 -07:00
Nick Retallack a0e2037747 invalidate password reset tokens when the passwords changes 
Check that the previous password is the same as it was when this
password reset request was generated.
 2015-05-11 21:52:57 -07:00
Nick Retallack 7884d637c5 prevent password reset from breaking if you have no password 
If you've just been invited, or are using social auth, you have no
password set, so the reset password feature causes a crash.  This
doesn't need to happen.
 2015-05-11 21:52:57 -07:00
Matt Wright 8a14abaa1e Fix failing test 2015-05-02 14:57:34 -04:00
Matt Wright 6b55e9613a Merge pull request #255 from nfvs/unauthorized_override 
Allow overriding of an unauthorized callback.
 2015-05-02 14:45:57 -04:00
Matt Wright d08aac6d35 Fix pymongo version issue 2015-05-02 14:34:31 -04:00
Nuno Santos 10fd1844d8 Allow overriding of unauthorized callback. 
Related to issue #255.
 2015-05-02 20:17:38 +02:00
Matt Wright 72d3a4b5e3 Merge branch 'develop' of github.com:mattupstate/flask-security into develop 2015-05-02 13:57:29 -04:00
Matt Wright 6541640ee8 Merge pull request #373 from lnielsen/anonymoususer 
Add support for custom AnonymousUser class.
 2015-05-02 13:57:20 -04:00
Matt Wright 9cda8baff3 Fix #367 2015-05-02 13:55:05 -04:00
Matt Wright d907e5b890 Merge pull request #363 from jeffwidman/patch-1 
"overrided" --> "overriden"
 2015-05-02 13:50:39 -04:00
Matt Wright 8a62b5f193 Merge pull request #361 from nfvs/add_headers_to_auth_required 
Include WWW-Authenticate headers in @auth_required.
 2015-05-02 13:50:23 -04:00
Matt Wright 2e08ec87a6 Merge pull request #352 from fuhrysteve/develop 
X-Forwarded-For can contain multiple IP addresses
 2015-05-02 13:46:21 -04:00
Matt Wright 79fe821c80 Merge pull request #351 from denizdogan/master 
Add documentation about SECURITY_MSG configuration variables.
 2015-05-02 13:45:13 -04:00
Matt Wright 4d3c1c0bdc Merge pull request #347 from Jaza/slash-url-suffix 
re #343: Add slash before or after token in flask-security URLs correctly
 2015-05-02 13:43:36 -04:00
Matt Wright cd8982fa65 Merge pull request #342 from alexef/patch-1 
Fail silently for get_user(None)
 2015-05-02 13:30:01 -04:00
Matt Wright c8a3549e2d Merge pull request #331 from Diaoul/patch-2 
Fix ActivateUserCommand docstring
 2015-05-02 13:29:21 -04:00
Matt Wright 03d9cf2f0d Merge pull request #330 from Diaoul/patch-1 
Fix RemoveRoleCommand docstring
 2015-05-02 13:29:07 -04:00
Matt Wright e4d9d3ad17 Merge pull request #322 from waltaskew/develop 
Add configuration for token expiration
 2015-05-02 13:27:11 -04:00
Matt Wright f2a5e4b614 Normalize import paths. Fixes #313 2015-05-02 13:25:26 -04:00
Matt Wright 916f5ee012 Use StringField instead of TextField. Fixes #312 2015-05-02 13:05:46 -04:00
Matt Wright bc1f5dd7f9 Stricter tests for signals and a small docs update. Fixes #308 2015-05-02 12:59:02 -04:00
Matt Wright 4659d10c5c forgot password endpoint should be for anonymous users only. Fixes #291 2015-05-02 12:11:05 -04:00
Lars Holm Nielsen a4581681e5 Fix PEP8 error. 2015-03-06 13:09:05 +01:00
Lars Holm Nielsen 248ea5d272 Custom AnonymousUser support. 
(addresses #362)
 2015-03-06 12:45:17 +01:00
Derek Rushing 4debc8d102 Modified check_token function to account for multiple objects being posted via JSON. Resolves issue with it throwing an error when it encounters a list instead of a dict type. 2015-02-18 10:20:22 -06:00
Jeff Widman fccaccd282 "overrided" --> "overriden" 
Per http://english.stackexchange.com/questions/75786/overrode-vs-overridden
 2015-02-02 23:34:52 -08:00
Nuno Santos 3681823fcf Include WWW-Authenticate headers in @auth_required. 
When using @http_auth_required, the WWW-Authenticate header is included,
but when using @auth_required('basic'), it is not. This change includes
that header in every @auth_required call that contains the 'basic'
method.
 2015-01-30 11:27:53 +01:00
Stephen J. Fuhry 923ad720a1 X-Forwarded-For can contain multiple IP addresses 
From the nginx docs:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
> $proxy_add_x_forwarded_for
> the “X-Forwarded-For” client request header field with the $remote_addr
> variable appended to it, separated by a comma. If the “X-Forwarded-For”
> field is not present in the client request header, the
> $proxy_add_x_forwarded_for variable is equal to the $remote_addr
> variable.

Use the last IP address in X-Forwarded-For. For this to work properly
behind a trusted proxy, you must be using ProxyFix as described in the
flask & werkzeug documentation.
 2014-12-29 08:31:19 -05:00
Deniz Dogan f4d758f561 Add documentation about SECURITY_MSG configuration variables. 2014-12-21 15:20:48 +01:00
Jeremy Epstein 665b164618 split docstring into multiple lines to make travis CI happy 2014-11-28 13:50:25 +11:00
Jeremy Epstein 4d70f016ad re #343: Add slash before or after token in flask-security URLs correctly 2014-11-28 10:36:31 +11:00
Alex Eftimie 7e4fc94601 Fail silently for get_user(None) 
get_user(identifier) checks if the identifier is a number by trying to convert it to int. This works for strings, but in a particular case, when identifier is None, it fails. Checking for both TypeError and ValueError fixes it.
 2014-11-19 14:11:58 +02:00
Antoine Bertin 6cfe662dc6 Fix ActivateUserCommand docstring 2014-10-21 11:26:17 +02:00
Antoine Bertin 8c45271bf9 Fix RemoveRoleCommand docstring 2014-10-21 10:27:17 +02:00
Matt Wright c7d0ea9cce Add additional item to CHANGES 1.7.4 2014-10-13 13:47:35 -04:00
Matt Wright 94c7c09dc2 Bump version number to 1.7.4 2014-10-13 13:38:44 -04:00
Matt Wright f6405797f1 Update CHANGES 2014-10-13 13:38:16 -04:00
Matt Wright 2cffb6634d Fix case sensitivity when searching for users by email address. Fixes #323. 2014-10-13 13:34:11 -04:00