Matt Wright
cbd0db7c39
Merge pull request #398 from jonafato/bcrypt-hotfix
...
Restrict bcrypt to <2.0.0
2015-06-24 22:23:36 -05:00
Jon Banafato
398f5c920b
Restrict bcrypt to <2.0.0
...
As of 2.0.0, passlib no longer correctly identifies bcrypt as bcrypt
(instead, it mistakenly applies pybcrypt logic to bcrypt). This results
in all Python 3 logic involving bcrypt failing. As a hotfix, we should
require users to be on a version of bcrypt that passlib can handle a fix
can be pushed into passlib.
2015-06-23 13:23:07 -04:00
Matt Wright
33252ae178
Merge pull request #389 from nickretallack/develop
...
Reset Password Fixes
2015-05-26 14:59:30 -04:00
Nick Retallack
c10c9050c7
test: reset password on a user who has no password
...
The user may have been invited via a social network or an invitation
system.
2015-05-11 23:22:30 -07:00
Nick Retallack
5697ff80c3
ignore the eggs readme
2015-05-11 23:16:04 -07:00
Nick Retallack
4411470202
test: invalidate used password reset tokens
...
Also pep8 compliance and suggested changes.
2015-05-11 23:12:05 -07:00
Nick Retallack
a0e2037747
invalidate password reset tokens when the passwords changes
...
Check that the previous password is the same as it was when this
password reset request was generated.
2015-05-11 21:52:57 -07:00
Nick Retallack
7884d637c5
prevent password reset from breaking if you have no password
...
If you've just been invited, or are using social auth, you have no
password set, so the reset password feature causes a crash. This
doesn't need to happen.
2015-05-11 21:52:57 -07:00
Matt Wright
8a14abaa1e
Fix failing test
2015-05-02 14:57:34 -04:00
Matt Wright
6b55e9613a
Merge pull request #255 from nfvs/unauthorized_override
...
Allow overriding of an unauthorized callback.
2015-05-02 14:45:57 -04:00
Matt Wright
d08aac6d35
Fix pymongo version issue
2015-05-02 14:34:31 -04:00
Nuno Santos
10fd1844d8
Allow overriding of unauthorized callback.
...
Related to issue #255 .
2015-05-02 20:17:38 +02:00
Matt Wright
72d3a4b5e3
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2015-05-02 13:57:29 -04:00
Matt Wright
6541640ee8
Merge pull request #373 from lnielsen/anonymoususer
...
Add support for custom AnonymousUser class.
2015-05-02 13:57:20 -04:00
Matt Wright
9cda8baff3
Fix #367
2015-05-02 13:55:05 -04:00
Matt Wright
8a62b5f193
Merge pull request #361 from nfvs/add_headers_to_auth_required
...
Include WWW-Authenticate headers in @auth_required.
2015-05-02 13:50:23 -04:00
Matt Wright
2e08ec87a6
Merge pull request #352 from fuhrysteve/develop
...
X-Forwarded-For can contain multiple IP addresses
2015-05-02 13:46:21 -04:00
Matt Wright
4d3c1c0bdc
Merge pull request #347 from Jaza/slash-url-suffix
...
re #343 : Add slash before or after token in flask-security URLs correctly
2015-05-02 13:43:36 -04:00
Matt Wright
cd8982fa65
Merge pull request #342 from alexef/patch-1
...
Fail silently for get_user(None)
2015-05-02 13:30:01 -04:00
Matt Wright
c8a3549e2d
Merge pull request #331 from Diaoul/patch-2
...
Fix ActivateUserCommand docstring
2015-05-02 13:29:21 -04:00
Matt Wright
03d9cf2f0d
Merge pull request #330 from Diaoul/patch-1
...
Fix RemoveRoleCommand docstring
2015-05-02 13:29:07 -04:00
Matt Wright
e4d9d3ad17
Merge pull request #322 from waltaskew/develop
...
Add configuration for token expiration
2015-05-02 13:27:11 -04:00
Matt Wright
f2a5e4b614
Normalize import paths. Fixes #313
2015-05-02 13:25:26 -04:00
Matt Wright
916f5ee012
Use StringField instead of TextField. Fixes #312
2015-05-02 13:05:46 -04:00
Matt Wright
bc1f5dd7f9
Stricter tests for signals and a small docs update. Fixes #308
2015-05-02 12:59:02 -04:00
Matt Wright
4659d10c5c
forgot password endpoint should be for anonymous users only. Fixes #291
2015-05-02 12:11:05 -04:00
Lars Holm Nielsen
a4581681e5
Fix PEP8 error.
2015-03-06 13:09:05 +01:00
Lars Holm Nielsen
248ea5d272
Custom AnonymousUser support.
...
(addresses #362 )
2015-03-06 12:45:17 +01:00
Nuno Santos
3681823fcf
Include WWW-Authenticate headers in @auth_required.
...
When using @http_auth_required, the WWW-Authenticate header is included,
but when using @auth_required('basic'), it is not. This change includes
that header in every @auth_required call that contains the 'basic'
method.
2015-01-30 11:27:53 +01:00
Stephen J. Fuhry
923ad720a1
X-Forwarded-For can contain multiple IP addresses
...
From the nginx docs:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
> $proxy_add_x_forwarded_for
> the “X-Forwarded-For” client request header field with the $remote_addr
> variable appended to it, separated by a comma. If the “X-Forwarded-For”
> field is not present in the client request header, the
> $proxy_add_x_forwarded_for variable is equal to the $remote_addr
> variable.
Use the last IP address in X-Forwarded-For. For this to work properly
behind a trusted proxy, you must be using ProxyFix as described in the
flask & werkzeug documentation.
2014-12-29 08:31:19 -05:00
Jeremy Epstein
665b164618
split docstring into multiple lines to make travis CI happy
2014-11-28 13:50:25 +11:00
Jeremy Epstein
4d70f016ad
re #343 : Add slash before or after token in flask-security URLs correctly
2014-11-28 10:36:31 +11:00
Alex Eftimie
7e4fc94601
Fail silently for get_user(None)
...
get_user(identifier) checks if the identifier is a number by trying to convert it to int. This works for strings, but in a particular case, when identifier is None, it fails. Checking for both TypeError and ValueError fixes it.
2014-11-19 14:11:58 +02:00
Antoine Bertin
6cfe662dc6
Fix ActivateUserCommand docstring
2014-10-21 11:26:17 +02:00
Antoine Bertin
8c45271bf9
Fix RemoveRoleCommand docstring
2014-10-21 10:27:17 +02:00
Matt Wright
c7d0ea9cce
Add additional item to CHANGES
1.7.4
2014-10-13 13:47:35 -04:00
Matt Wright
94c7c09dc2
Bump version number to 1.7.4
2014-10-13 13:38:44 -04:00
Matt Wright
f6405797f1
Update CHANGES
2014-10-13 13:38:16 -04:00
Matt Wright
2cffb6634d
Fix case sensitivity when searching for users by email address. Fixes #323 .
2014-10-13 13:34:11 -04:00
Matt Wright
824a52b883
Merge branch 'develop' of github.com:mattupstate/flask-security into develop
2014-10-13 13:25:08 -04:00
Matt Wright
fe7e4c4afc
Add additional steps to the test_change_hash_type and make change to verify_and_update_password to make the test pass. Fixes #328 .
2014-10-13 13:25:01 -04:00
Matt Wright
591bc27a5e
Merge pull request #318 from boydgreenfield/develop
...
Prevent open redirects when a malformed URL is passed to ?next=
2014-10-13 11:54:32 -04:00
waltaskew
897b2fceab
Add configuration for token expiration
2014-10-01 15:59:28 -04:00
Nick Greenfield
5bc37add88
Update to use (url_next.netloc or url_next.scheme) in the validate_redirect_url open redirect patch.
2014-10-01 09:49:00 -07:00
Nick Greenfield
8b036f2a3e
Prevent open redirects when a malformed URL is passed to ?next=
...
Example: "/login?next=http:///google.com " (note 3rd slash)
2014-09-26 11:08:58 -07:00
Matt Wright
76ad77a233
Compare a string (not bytes) for PY3 support
2014-09-17 11:39:19 -04:00
Matt Wright
679cee7969
Add default/global context processor. Fixes #306
2014-09-17 11:27:44 -04:00
Matt Wright
3d7b97ac31
Forgot password form should not validate if user has not confirmed their email address yet. Fixes #298
2014-09-17 11:21:31 -04:00
Matt Wright
3a0af73231
Merge pull request #281 from sjml/patch-1
...
Fixing typo in documentation
2014-09-17 10:03:53 -04:00
Matt Wright
3458391791
Merge pull request #284 from tony/patch-1
...
Typo
2014-09-17 10:02:27 -04:00