Revisions of python-Flask-Security-Too
Ana Guerrero (anag+factory)
accepted
request 1146065
from
Steve Kowalik (StevenK)
(revision 22)
- Add patch support-python-312.patch: * Support Python 3.12 changes.
Dominique Leuenberger (dimstar_suse)
accepted
request 1137307
from
Matej Cepl (mcepl)
(revision 21)
- Update to 5.3.3: Fix for CVE-2023-49438 (bsc#1218412). - Refresh patches: - no-mongodb.patch - use-pyqrcodeng.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 1137163
from
Antonio Larrosa (alarrosa)
(revision 20)
Ana Guerrero (anag+factory)
accepted
request 1131006
from
Markéta Machová (mcalabkova)
(revision 19)
Ana Guerrero (anag+factory)
accepted
request 1129021
from
Steve Kowalik (StevenK)
(revision 18)
- Update to 5.3.2: * Update Quickstart to show how to properly handle SQLAlchemy connections. * Auth Token not returned from /tf-validate. * Fix for latest email_validator deprecation - bump minimum to 2.0.0 * Deprecate passing in the anonymous_user class * Compatability with Flask 3.0 * Revert change in 5.3.0 that added a Referrer-Policy header. * Fix 'next' propagation when passed as form.next - Drop patch filterwarnings-ignore-pkg_resources.patch, no longer needed
Ana Guerrero (anag+factory)
accepted
request 1114897
from
Daniel Garcia (dgarcia)
(revision 17)
- Add required python-requests build dependency to fix tests.
Dominique Leuenberger (dimstar_suse)
accepted
request 1102263
from
Daniel Garcia (dgarcia)
(revision 16)
- Update to 5.3.0:
* Improvements to recoverability and confirmation to align with
OWASP best practices and reduce possible exploitation.
* Webauthn Updates to handling of transport.
* Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
* Fix Quickstart for SQLAlchemy with scoped session.
* Login no longer, by default, checks for email deliverability.
* Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
* /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
* Reset password can be exploited and other OWASP improvements.
* Confirmation can be exploited and other OWASP improvements.
* Convert to pyproject.toml, build, remove setup.py/.cfg.
* the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
* Fix login/unified signin templates to properly send CSRF token. Add more tests.
* Improve Social Oauth example code.
- 5.2.0:
* Small updates to work with latest Flask/Werkzeug.
* Drop support for Python 3.7
* Drop support for older versions of dependent packages (such as Flask).
* Remove old Werkzeug compatibility check.
* Compatibility with Quart.
* Remove dependence on pkg_resources / setuptools (use importlib_resources package)
* Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
* Drop support for Python 3.7
- 5.1.2:
* Hungarian translations not working.
* Fix documentation for send_mail. (gg)
* Fix for latest mongoengine and mongomock.
* Fix inappropriate use of &thinsp& in French translations. (maxdup)
* Improve documentation around subclassing forms.
Dominique Leuenberger (dimstar_suse)
accepted
request 1078318
from
Steve Kowalik (StevenK)
(revision 15)
- Add patch filterwarnings-ignore-pkg_resources.patch: * Filter out DeprecationWarning for pkg_resources. - Add Authlib to BuildRequires.
Dominique Leuenberger (dimstar_suse)
accepted
request 1069082
from
Steve Kowalik (StevenK)
(revision 14)
- Update to 5.1.1:
* Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a
too aggressive config check.
* Fix json/flask backwards compatibility hack.
* Fix unified signup when two-factor not enabled. (sebdroid)
* Add dependency on setuptools (pkg_resources). (hroncok)
* Option to encrypt recovery codes.
* Support for authentication via 'social' oauth.
* Support for Python 3.11
* Fixes for Flask-SQLAlchemy 3.0.0. (jrast)
* Fixes for sqlalchemy 2.0.0 (jrast)
* Webauthn and Unified signin features now properly take into account
blueprint prefixes.
* Properly propagate ?next=/xx - the verify, webauthn, and unified signin
endpoints, that had multiple redirects, needed fixes.
* Two factor redirects ignored url_prefix. Added a
SECURITY_TWO_FACTOR_ERROR_VIEW configuration option.
* Add configurations for static folder/URL and make sure templates
reference blueprint relative static folder.
* Send entire context to MailUtil::send_mail (patrickyan)
* Support for Flask-Babel 3.0.0
* Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is
redirected to upon successful change of a two factor method.
* The ability to pass in a LoginManager instance which was deprecated in
5.0 has been removed.
- Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream.
- Refresh all other patches.
Dominique Leuenberger (dimstar_suse)
accepted
request 1056308
from
Steve Kowalik (StevenK)
(revision 13)
- Add patch support-Flask-SQLAlchemy-3.0.patch: * Support Flask-SQLAlchemy >= 3.0
Dominique Leuenberger (dimstar_suse)
accepted
request 1007165
from
Steve Kowalik (StevenK)
(revision 12)
- Upate to 5.0.2:
* Role permissions backwards compatibility bug.
* Fix Change Password regression.
* Support for WebAuthn.
* Support Two-factor recovery codes.
* Provide option to prevent user enumeration (i.e. Generic Responses).
* Support for Python 3.10.
* Support for Flask >= 2.2.
* Add custom HTML attributes to improve user experience.
* Make the required zxcvbn complexity score configurable.
* Get rid of Flask-Mail. Flask-Mailman is now the default preferred email
package.
* A delete option has been added to us-setup (form and view).
* Improve username support - the LoginForm now has a separate field for
username.
* Fix test and other failures with newer Flask-Login/Werkzeug versions.
* Fix test failures with newer Flask versions.
- Drop patch endswith-assert.patch:
* Included upstream.
- Rebase patches no-mongodb.patch and use-pyqrcodeng.patch
- Update {Build,}Requires versions.
Dominique Leuenberger (dimstar_suse)
accepted
request 1001868
from
Steve Kowalik (StevenK)
(revision 11)
- Use email-validator, not email_validator package name.
Dominique Leuenberger (dimstar_suse)
accepted
request 957960
from
Steve Kowalik (StevenK)
(revision 7)
- Update to 4.1.2:
* default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
* Add public API and CLI command to change a user's password.
* Add type hints. Please note that many of the packages that flask-security
* Add first-class support for using username for signing in.
* Possible open redirect vulnerability.
* Improve cookie handling and default ``samesite`` to ``Strict``.
* Email validation confusion - added documentation.
* Add documentation on how to override specific error messages.
* Don't install global-scope tests.
* Add Blinker as explicit dependency, improve/fix celery usage docs,
don't require pyqrcode unless authenticator configured, improve SMS
configuration variables documentation.
* Your UserModel must contain ``fs_uniquifier``
* Removal of python 2.7 and <3.6 support
* Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
mechanism.
* Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
addition to not making sense - the documentation has never been correct.
* Add 2FA Validity Window so an application can configure how often the
second factor has to be entered.
* Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
* no-setup-dependencies.patch
* fix-dependencies.patch
* 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
* Use pyqrcodeng rather than pyqrcode.
Dominique Leuenberger (dimstar_suse)
accepted
request 904704
from
Factory Maintainer (factory-maintainer)
(revision 6)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 819755
from
Ondřej Súkup (mimi_vx)
(revision 5)
Dominique Leuenberger (dimstar_suse)
accepted
request 805566
from
Tomáš Chvátal (scarabeus_iv)
(revision 4)
Displaying revisions 1 - 20 of 23
