flask-security/CHANGES

Flask-Security Changelog
========================

Here you can see the full list of changes between each Flask-Security release.

Version 1.7.2
-------------

Released May 6th 2014

- Updated IP tracking to check for `X-Forwarded-For` header
- Fixed a bug regarding the re-hashing of passwords with a new algorithm
- Fixed a bug regarding the `password_changed` signal.


Version 1.7.1
-------------

Released January 14th 2014

- Fixed a bug where passwords would fail to verify when specifying a password hash algorithm


Version 1.7.0
-------------

Released January 10th 2014

- Python 3.3 support!
- Dependency updates
- Fixed a bug when `SECURITY_LOGIN_WITHOUT_CONFIRMATION = True` did not allow users to log in
- Added `SECURITY_SEND_PASSWORD_RESET_NOTICE_EMAIL` configuraiton option to optionally send password reset notice emails
- Add documentation for `@security.send_mail_task`
- Move to `request.get_json` as `request.json` is now deprecated in Flask
- Fixed a bug when using AJAX to change a user's password
- Added documentation for select functions in the `flask_security.utils` module
- Fixed a bug in `flask_security.forms.NextFormMixin`
- Added `CHANGE_PASSWORD_TEMPLATE` configuration option to optionally specify a different change password template
- Added the ability to specify addtional fields on the user model to be used for identifying the user via the `USER_IDENTITY_ATTRIBUTES` configuration option
- An error is now shown if a user tries to change their password and the password is the same as before. The message can be customed with the `SECURITY_MSG_PASSWORD_IS_SAME` configuration option
- Fixed a bug in `MongoEngineUserDatastore` where user model would not be updated when using the `add_role_to_user` method
- Added `SECURITY_SEND_PASSWORD_CHANGE_EMAIL` configuration option to optionally disable password change email from being sent
- Fixed a bug in the `find_or_create_role` method of the PeeWee datastore
- Removed pypy tests
- Fixed some tests
- Include CHANGES and LICENSE in MANIFEST.in
- A bit of documentation cleanup
- A bit of code cleanup including removal of unnecessary utcnow call and simplification of get_max_age method


Version 1.6.9
-------------

Released August 20th 2013

- Fix bug in SQLAlchemy datastore's `get_user` function
- Fix bug in PeeWee datastore's `remove_role_from_user` function
- Fixed import error caused by new Flask-WTF release


Version 1.6.8
-------------

Released August 1st 2013

- Fixed bug with case sensitivity of email address during login
- Code cleanup regarding token_callback
- Ignore validation errors in find_user function for MongoEngineUserDatastore


Version 1.6.7
-------------

Released July 11th 2013

- Made password length form error message configurable
- Fixed email confirmation bug that prevented logged in users from confirming their email


Version 1.6.6
-------------

Released June 28th 2013

- Fixed dependency versions


Version 1.6.5
-------------

Released June 20th 2013

- Fixed bug in `flask.ext.security.confirmable.generate_confirmation_link`


Version 1.6.4
-------------

Released June 18th 2013

- Added `SECURITY_DEFAULT_REMEMBER_ME` configuration value to unify behavior between endpoints
- Fixed Flask-Login dependency problem
- Added optional `next` parameter to registration endpoint, similar to that of login


Version 1.6.3
-------------

Released May 8th 2013

- Fixed bug in regards to imports with latest version of MongoEngine


Version 1.6.2
-------------

Released April 4th 2013

- Fixed bug with http basic auth


Version 1.6.1
-------------

Released April 3rd 2013

- Fixed bug with signals


Version 1.6.0
-------------

Released March 13th 2013

- Added Flask-Pewee support
- Password hashing is now more flexible and can be changed to a different type at will
- Flask-Login messages are configurable
- AJAX requests must now send a CSRF token for security reasons
- Form messages are now configurable
- Forms can now be extended with more fields
- Added change password endpoint
- Added the user to the request context when successfully authenticated via http basic and token auth
- The Flask-Security blueprint subdomain is now configurable
- Redirects to other domains are now not allowed during requests that may redirect
- Template paths can be configured
- The welcome/register email can now optionally be sent to the user
- Passwords can now contain non-latin characters
- Fixed a bug when confirming an account but the account has been deleted


Version 1.5.4
-------------

Released January 6th 2013

- Fix bug in forms with `csrf_enabled` parameter not accounting attempts to login using JSON data


Version 1.5.3
-------------

Released December 23rd 2012

- Change dependency requirement

Version 1.5.2
-------------

Released December 11th 2012

- Fix a small bug in `flask_security.utils.login_user` method

Version 1.5.1
-------------

Released November 26th 2012

- Fixed bug with `next` form variable
- Added better documentation regarding Flask-Mail configuration
- Added ability to configure email subjects

Version 1.5.0
-------------

Released October 11th 2012

- Major release. Upgrading from previous versions will require a bit of work to
  accomodate API changes. See documentation for a list of new features and for
  help on how to upgrade.

Version 1.2.3
-------------

Released June 12th 2012

- Fixed a bug in the RoleMixin eq/ne functions

Version 1.2.2
-------------

Released April 27th 2012

- Fixed bug where `roles_required` and `roles_accepted` did not pass the next
  argument to the login view

Version 1.2.1
-------------

Released March 28th 2012

- Added optional user model mixin parameter for datastores
- Added CreateRoleCommand to available Flask-Script commands

Version 1.2.0
-------------

Released March 12th 2012

- Added configuration option `SECURITY_FLASH_MESSAGES` which can be set to a
  boolean value to specify if Flask-Security should flash messages or not.

Version 1.1.0
-------------

Initial release