wassname/flask-security
1
0
Fork 0
mirror of https://github.com/wassname/flask-security.git synced 2026-06-30 16:40:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
434 Commits 3 Branches 26 Tags
f2d5245bd814a59cc6e1ca514aa5a4b2cd94bee2
Commit Graph

434 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Wright f2d5245bd8 Import check to account for new version of MongoEngine 2013-05-03 12:13:58 -04:00
Matt Wright 38874433c7 Add tests for Peewee support 2013-04-04 18:09:55 -04:00
Matt Wright 4eda3e756f PEP8 polish 2013-04-04 16:39:50 -04:00
Matt Wright 4815b1afed Make find_user method for MongoEngineUserDatastore add contraints to query 2013-04-04 15:50:46 -04:00
Matt Wright 99ac732d10 Bump version number to 1.6.2 1.6.2 2013-04-04 10:24:03 -04:00
Matt Wright e8b0c62818 Update CHANGES and a little polish 2013-04-04 10:23:51 -04:00
Matt Wright 1108f1670c Merge pull request #104 from rodcloutier/http_auth_fix 
Fixed http_auth when authorization is not provided in header
 2013-04-04 07:21:27 -07:00
Rodrigue Cloutier 3575a2df18 Fixed http_auth when authorization is not provided in header 2013-04-03 21:29:04 -04:00
Matt Wright c84c485493 Bump version number to 1.6.1 1.6.1 2013-04-03 11:07:36 -04:00
Matt Wright 8298ac461e Update CHANGES 2013-04-03 11:07:16 -04:00
Matt Wright 105d04768e Merge pull request #103 from immon/issue94 
sending signals fixed
 2013-04-03 08:04:49 -07:00
Paweł Krześniak f1cca43d9c sending signals fixed 2013-04-03 12:36:53 +02:00
Matt Wright e8352fa265 Merge pull request #102 from andrewcamenga/develop 
corrected link for Flask-WTF
 2013-03-29 08:53:38 -07:00
Andrew J. Camenga 37d84ddd73 corrected link for Flask-WTF 2013-03-29 08:37:51 -04:00
Matt Wright 6f9869e9c2 import auth_required into top level package 2013-03-27 17:20:31 -04:00
Matt Wright abc061ba46 Change .travis.yml 2013-03-19 14:11:23 -04:00
Matt Wright 95c80e5677 See if pypy works 2013-03-19 13:28:42 -04:00
Matt Wright ba1758e5c7 Bump version number to 1.6.0 1.6.0 2013-03-13 14:06:34 -04:00
Matt Wright 36198c1993 Update CHANGE 2013-03-13 14:06:08 -04:00
Matt Wright 8708fd8514 Update form messaging to be more flexible. Fixes #80 2013-03-13 13:40:35 -04:00
Matt Wright 44a320ee74 Fix a failling test 2013-03-13 12:28:26 -04:00
Matt Wright 520b8ecef4 Show an invalid confirmation token message if a user attempts to confirm their account after it has been deleted. Fixes #93 2013-03-13 12:27:26 -04:00
Matt Wright 34aa43ead3 Merge pull request #100 from chrishaines/develop 
Make subdomain configurable
 2013-03-13 09:10:16 -07:00
Matt Wright 8ecc3b9a78 Add user to request context for http basic and token auth 2013-03-13 12:09:28 -04:00
Chris Haines c0d1d0566f Make subdomain configurable 2013-03-13 00:13:54 -04:00
Matt Wright 2e01cab3f8 polish 2013-03-07 15:38:41 -05:00
Matt Wright bbe99b5436 Fixes #98 2013-03-07 15:38:34 -05:00
Matt Wright 246ab41479 Merge pull request #96 from invernizzi/develop 
NextFormMixin security bug fixed: open redirect
 2013-03-05 13:58:08 -08:00
Luca Invernizzi 48dd3fa5bf NextFormMixin security bug fixed: open redirect 
NextFormMixin was missing validations check on redirection [1]. Only internal redirections
are now allowed.
Attack Example: http://127.0.0.1:5000/login?next=http://google.com (it should not redirect to google.com)
wq
[1] https://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
 2013-03-05 21:20:45 +00:00
Matt Wright 7db5fe32a8 Turn on testing flag for test app 2013-03-04 14:57:29 -05:00
Matt Wright 38a1dfa336 Merge pull request #85 from chrishaines/template_list 
Template paths can be specified in config
 2013-03-03 18:38:35 -08:00
Matt Wright 8b41b531a6 Merge pull request #91 from intonarumori/develop 
added option to disable register email
 2013-02-20 15:06:46 -08:00
rumori 4a048a4918 updated doc with new registration email option 2013-02-20 17:37:30 +01:00
rumori ae64370478 added option to disable register email 2013-02-20 17:04:47 +01:00
Matt Wright b03f355fae Merge pull request #88 from andreev-artem/develop 
Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols
 2013-02-03 12:12:04 -08:00
Artem Andreev 8085e0031e Password should be encoded as 'utf-8' before creating hmac to support passwords with non-latin symbols 2013-02-03 22:14:32 +04:00
Chris Haines dbc2dcc625 Removed flask-script as a dependency in setup.py 2013-02-01 19:43:13 -05:00
Chris Haines ad6227006e Fixed lack of newline in requirements.txt 2013-02-01 19:41:42 -05:00
Chris Haines 4f414cf70f Merge branch 'develop' of git://github.com/mattupstate/flask-security into template_list 
Conflicts:
	requirements.txt
 2013-02-01 19:40:01 -05:00
Matt Wright adb2680289 Add change password endpoint 2013-02-01 18:21:43 -05:00
Matt Wright f1f621d178 Merge pull request #78 from eskil/change_password_form 
Change password form
 2013-02-01 15:16:45 -08:00
Matt Wright 996e162d11 Merge pull request #70 from eskil/formsdocs 
Clarify user model/register form interaction in docs.
 2013-02-01 14:59:40 -08:00
Matt Wright 840f72a589 Merge pull request #82 from maebert/flask-peewee 
Flask-Peewee support
 2013-02-01 14:44:52 -08:00
Matt Wright eca83f83ac Test configured login form messages better 2013-02-01 17:37:03 -05:00
Matt Wright 0f070b494a Merge branch 'feature/login_form_messages' into develop 2013-02-01 17:33:22 -05:00
Matt Wright 0ea1e0c03d Update CHANGES 2013-02-01 17:33:15 -05:00
Matt Wright c49d9b57ed Make login form messages configurable 2013-02-01 17:32:54 -05:00
Matt Wright 8d7e0f5190 Merge branch 'feature/csrf_testing' into develop 2013-02-01 17:25:36 -05:00
Matt Wright 012781103a Update CHANGES 2013-02-01 17:25:30 -05:00
Matt Wright 34b3bf9e80 Fix CSRF functionality for LoginForm 
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
 2013-02-01 17:23:18 -05:00