Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Flask-Security-Too for
openSUSE:Factory checked in at 2022-03-06 18:15:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
and /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Flask-Security-Too"
Sun Mar 6 18:15:46 2022 rev:8 rq:959706 version:4.1.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes
2022-02-28 19:43:53.049948385 +0100
+++
/work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.1958/python-Flask-Security-Too.changes
2022-03-06 18:16:00.923827953 +0100
@@ -1,0 +2,19 @@
+Sat Mar 5 18:01:11 UTC 2022 - Arun Persaud <[email protected]>
+
+- specfile:
+ * updated minimum required version for packages listed in setup.py
+ * request pytest >=6.2.5 (for pytest.FixtureRequest)
+
+- update to version 4.1.3:
+ * Fixes
+ + (:issue:`581`) Fix bug when attempting to disable
+ register_blueprint. (halali)
+ + (:pr:`539`) Fix example documentation re: generating localized
+ messages. (kazuhei2)
+ + (:pr:`546`) Make roles joinedload compatible with SQLAlchemy
+ 2.0. (keats)
+ + (:pr:`586`) Ship py.typed as part of package.
+ + (:issue:`580`) Improve documentation around use of bleach and
+ include in common install extra.
+
+-------------------------------------------------------------------
Old:
----
Flask-Security-Too-4.1.2.tar.gz
New:
----
Flask-Security-Too-4.1.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.hQpWbN/_old 2022-03-06 18:16:01.495828031 +0100
+++ /var/tmp/diff_new_pack.hQpWbN/_new 2022-03-06 18:16:01.499828031 +0100
@@ -19,7 +19,7 @@
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Flask-Security-Too
-Version: 4.1.2
+Version: 4.1.3
Release: 0
Summary: Security for Flask apps
License: MIT
@@ -28,13 +28,13 @@
Patch0: no-mongodb.patch
Patch1: use-pyqrcodeng.patch
BuildRequires: %{python_module Babel >= 1.3}
-BuildRequires: %{python_module Flask >= 1.0.2}
+BuildRequires: %{python_module Flask >= 1.1.1}
BuildRequires: %{python_module Flask-Babel}
BuildRequires: %{python_module Flask-Login >= 0.4.1}
BuildRequires: %{python_module Flask-Mail >= 0.9.1}
BuildRequires: %{python_module Flask-Principal >= 0.4.0}
BuildRequires: %{python_module Flask-SQLAlchemy >= 2.3}
-BuildRequires: %{python_module Flask-WTF >= 0.14.2}
+BuildRequires: %{python_module Flask-WTF >= 0.14.3}
BuildRequires: %{python_module PyQRCode >= 1.2}
BuildRequires: %{python_module SQLAlchemy >= 1.2.6}
BuildRequires: %{python_module Werkzeug >= 0.14.1}
@@ -44,29 +44,29 @@
BuildRequires: %{python_module blinker >= 1.4}
BuildRequires: %{python_module cachetools >= 3.1.0}
BuildRequires: %{python_module cryptography >= 2.1.4}
-BuildRequires: %{python_module email_validator >= 1.0.5}
+BuildRequires: %{python_module email_validator >= 1.1.1}
BuildRequires: %{python_module itsdangerous >= 1.1.0}
BuildRequires: %{python_module mock >= 1.3.0}
-BuildRequires: %{python_module passlib >= 1.7.1}
+BuildRequires: %{python_module passlib >= 1.7.2}
BuildRequires: %{python_module peewee >= 3.7.1}
BuildRequires: %{python_module phonenumbers >= 8.11.1}
-BuildRequires: %{python_module pytest}
+BuildRequires: %{python_module pytest >= 6.2.5}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module zxcvbn >= 4.4.28}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
-Requires: python-Flask >= 1.0.2
+Requires: python-Flask >= 1.1.1
Requires: python-Flask-Babel
Requires: python-Flask-Login >= 0.4.1
Requires: python-Flask-Principal >= 0.4.0
-Requires: python-Flask-WTF >= 0.14.2
+Requires: python-Flask-WTF >= 0.14.3
Requires: python-Werkzeug >= 0.14.1
Requires: python-bcrypt >= 3.1.4
Requires: python-blinker >= 1.4
Requires: python-cryptography >= 2.1.4
-Requires: python-email_validator >= 1.0.5
+Requires: python-email_validator >= 1.1.1
Requires: python-itsdangerous >= 1.1.0
-Requires: python-passlib >= 1.7.1
+Requires: python-passlib >= 1.7.2
Recommends: python-PyQRCode >= 1.2
Recommends: python-SQLAlchemy >= 1.2.6
Recommends: python-zxcvbn >= 4.4.28
++++++ Flask-Security-Too-4.1.2.tar.gz -> Flask-Security-Too-4.1.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/CHANGES.rst
new/Flask-Security-Too-4.1.3/CHANGES.rst
--- old/Flask-Security-Too-4.1.2/CHANGES.rst 2021-09-23 00:54:50.000000000
+0200
+++ new/Flask-Security-Too-4.1.3/CHANGES.rst 2022-03-02 17:58:26.000000000
+0100
@@ -3,16 +3,30 @@
Here you can see the full list of changes between each Flask-Security release.
+Version 4.1.3
+-------------
+
+Released March 2, 2022
+
+Fixes
++++++
+- (:issue:`581`) Fix bug when attempting to disable register_blueprint.
(halali)
+- (:pr:`539`) Fix example documentation re: generating localized messages.
(kazuhei2)
+- (:pr:`546`) Make roles joinedload compatible with SQLAlchemy 2.0. (keats)
+- (:pr:`586`) Ship py.typed as part of package.
+- (:issue:`580`) Improve documentation around use of bleach and include in
common install extra.
+
+
Version 4.1.2
-------------
Released September 22, 2021
Fixes
------
--(:issue:`526`) default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
--(:pr:`528`) Improve German translations (sr-verde)
--(:pr:`527`) Fix two-factor sample code (djpnewton)
++++++
+- (:issue:`526`) default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
+- (:pr:`528`) Improve German translations (sr-verde)
+- (:pr:`527`) Fix two-factor sample code (djpnewton)
Version 4.1.1
--------------
@@ -20,7 +34,7 @@
Released September 10, 2021
Fixes
------
++++++
- (:issue:`518`) Fix corner case where Security object was being reused in
tests.
- (:issue:`512`) If USERNAME_ENABLE is set, change LoginForm field from
EmailField
to StringField. Also - dynamically add fields to Login and Registration forms
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/PKG-INFO
new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/PKG-INFO
--- old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/PKG-INFO
2021-09-23 00:55:32.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/PKG-INFO
2022-03-02 17:59:40.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Flask-Security-Too
-Version: 4.1.2
+Version: 4.1.3
Summary: Simple security for Flask apps.
Home-page: https://github.com/Flask-Middleware/flask-security
Author: Matt Wright & Chris Wagner
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/SOURCES.txt
new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/SOURCES.txt
--- old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/SOURCES.txt
2021-09-23 00:55:32.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/SOURCES.txt
2022-03-02 17:59:41.000000000 +0100
@@ -53,6 +53,7 @@
flask_security/passwordless.py
flask_security/phone_util.py
flask_security/proxies.py
+flask_security/py.typed
flask_security/quart_compat.py
flask_security/recoverable.py
flask_security/registerable.py
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/requires.txt
new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/requires.txt
--- old/Flask-Security-Too-4.1.2/Flask_Security_Too.egg-info/requires.txt
2021-09-23 00:55:32.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/Flask_Security_Too.egg-info/requires.txt
2022-03-02 17:59:40.000000000 +0100
@@ -14,6 +14,7 @@
[common]
bcrypt>=3.1.5
flask_mail>=0.9.1
+bleach>=3.3.1
[fsqla]
flask_sqlalchemy>=2.4.4
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/MANIFEST.in
new/Flask-Security-Too-4.1.3/MANIFEST.in
--- old/Flask-Security-Too-4.1.2/MANIFEST.in 2021-09-23 00:54:50.000000000
+0200
+++ new/Flask-Security-Too-4.1.3/MANIFEST.in 2022-03-02 17:58:26.000000000
+0100
@@ -8,6 +8,7 @@
include pytest.ini
include tox.ini
include requirements/*.txt
+include flask_security/py.typed
graft docs
graft flask_security/templates
graft flask_security/translations
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/PKG-INFO
new/Flask-Security-Too-4.1.3/PKG-INFO
--- old/Flask-Security-Too-4.1.2/PKG-INFO 2021-09-23 00:55:32.832971000
+0200
+++ new/Flask-Security-Too-4.1.3/PKG-INFO 2022-03-02 17:59:41.054738300
+0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Flask-Security-Too
-Version: 4.1.2
+Version: 4.1.3
Summary: Simple security for Flask apps.
Home-page: https://github.com/Flask-Middleware/flask-security
Author: Matt Wright & Chris Wagner
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/conf.py
new/Flask-Security-Too-4.1.3/docs/conf.py
--- old/Flask-Security-Too-4.1.2/docs/conf.py 2021-09-23 00:54:50.000000000
+0200
+++ new/Flask-Security-Too-4.1.3/docs/conf.py 2022-03-02 17:58:26.000000000
+0100
@@ -57,7 +57,7 @@
# built documents.
#
# The short X.Y version.
-version = "4.1.2"
+version = "4.1.3"
# The full version, including alpha/beta/rc tags.
release = version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/configuration.rst
new/Flask-Security-Too-4.1.3/docs/configuration.rst
--- old/Flask-Security-Too-4.1.2/docs/configuration.rst 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/docs/configuration.rst 2022-03-02
17:58:26.000000000 +0100
@@ -731,7 +731,8 @@
Validation and normalization is encapsulated in :class:`.UsernameUtil`.
Note that the default validation restricts username input to be unicode
- letters and numbers.
+ letters and numbers. It also uses ``bleach`` to scrub any risky input. Be
+ sure your application requirements includes ``bleach``.
Default: ``False``
@@ -763,7 +764,7 @@
.. py:data:: SECURITY_USERNAME_NORMALIZE_FORM
- Usernames can be unicode normalization is performed using the Python
unicodedata.normalize() method.
+ Usernames, by default, are normalized using the Python
unicodedata.normalize() method.
Default: ``"NFKD"``
@@ -1090,6 +1091,9 @@
Unified Signin
--------------
+ Unified sign in provides a generalized sign in endpoint that takes an
`identity`
+ and a `passcode`.
+
.. versionadded:: 3.4.0
.. py:data:: SECURITY_UNIFIED_SIGNIN
@@ -1406,8 +1410,8 @@
* ``SECURITY_MSG_US_SPECIFY_IDENTITY``
* ``SECURITY_MSG_USE_CODE``
* ``SECURITY_MSG_USER_DOES_NOT_EXIST``
-* ``SECURITY_USERNAME_INVALID_LENGTH``
-* ``SECURITY_USERNAME_ILLEGAL_CHARACTERS``
-* ``SECURITY_USERNAME_DISALLOWED_CHARACTERS``
-* ``SECURITY_USERNAME_NOT_PROVIDED``
-* ``SECURITY_USERNAME_ALREADY_ASSOCIATED``
+* ``SECURITY_MSG_USERNAME_INVALID_LENGTH``
+* ``SECURITY_MSG_USERNAME_ILLEGAL_CHARACTERS``
+* ``SECURITY_MSG_USERNAME_DISALLOWED_CHARACTERS``
+* ``SECURITY_MSG_USERNAME_NOT_PROVIDED``
+* ``SECURITY_MSG_USERNAME_ALREADY_ASSOCIATED``
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/customizing.rst
new/Flask-Security-Too-4.1.3/docs/customizing.rst
--- old/Flask-Security-Too-4.1.2/docs/customizing.rst 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/docs/customizing.rst 2022-03-02
17:58:26.000000000 +0100
@@ -182,7 +182,7 @@
Then compile it with::
- pybabel compile -d translations/ -i
translations/fr_FR/LC_MESSAGES/flask_security.po -l fr_FR
+ pybabel compile -d translations/ -i
translations/fr_FR/LC_MESSAGES/flask_security.po -l fr_FR -D flask_security
Finally add your translations directory to your configuration::
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/index.rst
new/Flask-Security-Too-4.1.3/docs/index.rst
--- old/Flask-Security-Too-4.1.2/docs/index.rst 2021-09-23 00:54:50.000000000
+0200
+++ new/Flask-Security-Too-4.1.3/docs/index.rst 2022-03-02 17:58:26.000000000
+0100
@@ -45,7 +45,7 @@
1. `Flask-SQLAlchemy <https://pypi.python.org/pypi/flask-sqlalchemy/>`_
2. `Flask-MongoEngine <https://pypi.python.org/pypi/flask-mongoengine/>`_
3. `Peewee Flask utils
<https://docs.peewee-orm.com/en/latest/peewee/playhouse.html#flask-utils>`_
-4. `PonyORM <https://pypi.python.org/pypi/pony/>`_
+4. `PonyORM <https://pypi.python.org/pypi/pony/>`_ - NOTE: not currently
supported.
5. `SQLAlchemy sessions
<https://docs.sqlalchemy.org/en/14/orm/session_basics.html>`_
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/models.rst
new/Flask-Security-Too-4.1.3/docs/models.rst
--- old/Flask-Security-Too-4.1.2/docs/models.rst 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/docs/models.rst 2022-03-02
17:58:26.000000000 +0100
@@ -15,7 +15,7 @@
contain ALL the fields and tables required for all features. They also contain
various `best practice` fields - such as update and create times. These mixins
can
be easily extended to add any sort of custom fields and can be found in the
-`models` module (today there is just one for using Flask-SqlAlchemy).
+`models` module (today there is just one for using Flask-SQLAlchemy).
The provided models are versioned since they represent actual DB models, and
any
changes require a schema migration (and perhaps a data migration). Applications
@@ -33,7 +33,7 @@
* ``email`` (for most features - unique, non-nullable)
* ``password`` (non-nullable)
* ``active`` (boolean, non-nullable)
-* ``fs_uniquifier`` (unique, non-nullable)
+* ``fs_uniquifier`` (string, 64 bytes, unique, non-nullable)
**Role**
@@ -78,13 +78,13 @@
configuration value to `True`, your `User` model will require the following
additional fields:
-* ``tf_totp_secret`` (string)
+* ``tf_totp_secret`` (string, 255 bytes, nullable)
* ``tf_primary_method`` (string)
If you include 'sms' in `SECURITY_TWO_FACTOR_ENABLED_METHODS`, your `User`
model
will require the following additional field:
-* ``tf_phone_number`` (string)
+* ``tf_phone_number`` (string, 255 bytes, nullable)
Unified Sign In
^^^^^^^^^^^^^^^
@@ -105,12 +105,19 @@
If you want authentication tokens to not be invalidated when the user changes
their
password add the following to your `User` model:
-* ``fs_token_uniquifier`` (unique, non-nullable)
+* ``fs_token_uniquifier`` (string, 64 bytes, unique, non-nullable)
+
+Username
+~~~~~~~~~
+If you set :py:data:`SECURITY_USERNAME_ENABLE` to `True`, then your `User`
model
+requires the following additional field:
+
+* ``username`` (string, 64 bytes, unique, nullable)
Permissions
^^^^^^^^^^^
If you want to protect endpoints with permissions, and assign permissions to
roles
-that are then assigned to users the Role model requires:
+that are then assigned to users, the ``Role`` model requires:
* ``permissions`` (UnicodeText)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/docs/quickstart.rst
new/Flask-Security-Too-4.1.3/docs/quickstart.rst
--- old/Flask-Security-Too-4.1.2/docs/quickstart.rst 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/docs/quickstart.rst 2022-03-02
17:58:26.000000000 +0100
@@ -80,6 +80,7 @@
app.config["SQLALCHEMY_ENGINE_OPTIONS"] = {
"pool_pre_ping": True,
}
+ app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
# Create database connection object
db = SQLAlchemy(app)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/flask_security/__init__.py
new/Flask-Security-Too-4.1.3/flask_security/__init__.py
--- old/Flask-Security-Too-4.1.2/flask_security/__init__.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/flask_security/__init__.py 2022-03-02
17:58:26.000000000 +0100
@@ -105,4 +105,4 @@
verify_and_update_password,
)
-__version__ = "4.1.2"
+__version__ = "4.1.3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/flask_security/cli.py
new/Flask-Security-Too-4.1.3/flask_security/cli.py
--- old/Flask-Security-Too-4.1.2/flask_security/cli.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/flask_security/cli.py 2022-03-02
17:58:26.000000000 +0100
@@ -44,7 +44,6 @@
return functools.update_wrapper(decorator, f)
-
else:
import flask.cli
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/flask_security/core.py
new/Flask-Security-Too-4.1.3/flask_security/core.py
--- old/Flask-Security-Too-4.1.2/flask_security/core.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/flask_security/core.py 2022-03-02
17:58:26.000000000 +0100
@@ -1118,7 +1118,7 @@
raise ValueError("Datastore must be provided")
self.datastore = self._datastore
- if register_blueprint:
+ if register_blueprint is not None:
self._register_blueprint = register_blueprint
self.register_blueprint = self._register_blueprint
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/flask_security/datastore.py
new/Flask-Security-Too-4.1.3/flask_security/datastore.py
--- old/Flask-Security-Too-4.1.2/flask_security/datastore.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/flask_security/datastore.py 2022-03-02
17:58:26.000000000 +0100
@@ -570,7 +570,7 @@
if config_value("JOIN_USER_ROLES") and hasattr(self.user_model,
"roles"):
from sqlalchemy.orm import joinedload
- query = query.options(joinedload("roles"))
+ query = query.options(joinedload(self.user_model.roles))
if case_insensitive:
# While it is of course possible to pass in multiple keys to
filter on
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/flask_security/utils.py
new/Flask-Security-Too-4.1.3/flask_security/utils.py
--- old/Flask-Security-Too-4.1.2/flask_security/utils.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/flask_security/utils.py 2022-03-02
17:58:26.000000000 +0100
@@ -98,7 +98,6 @@
_datastore.commit()
return response
-
else:
def view_commit(response=None):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/setup.cfg
new/Flask-Security-Too-4.1.3/setup.cfg
--- old/Flask-Security-Too-4.1.2/setup.cfg 2021-09-23 00:55:32.832971000
+0200
+++ new/Flask-Security-Too-4.1.3/setup.cfg 2022-03-02 17:59:41.054738300
+0100
@@ -9,6 +9,7 @@
common =
bcrypt>=3.1.5
flask_mail>=0.9.1
+ bleach>=3.3.1
mfa =
cryptography>=3.0.0
pyqrcode>=1.2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/tests/test_recoverable.py
new/Flask-Security-Too-4.1.3/tests/test_recoverable.py
--- old/Flask-Security-Too-4.1.2/tests/test_recoverable.py 2021-09-23
00:54:50.000000000 +0200
+++ new/Flask-Security-Too-4.1.3/tests/test_recoverable.py 2022-03-02
17:58:26.000000000 +0100
@@ -566,3 +566,40 @@
)
assert response.status_code == 200
assert get_message("PASSWORD_RESET_REQUEST", email="[email protected]") in
response.data
+
+
+def test_password_normalization(app, client, get_message):
+ with capture_reset_password_requests() as requests:
+ response = client.post(
+ "/reset",
+ json=dict(email="[email protected]"),
+ )
+ assert response.status_code == 200
+ token = requests[0]["token"]
+
+ response = client.post(
+ "/reset/" + token,
+ json=dict(password="H??heH??he", password_confirm="H??heH??he"),
+ )
+ assert response.status_code == 200
+ logout(client)
+
+ # make sure can log in with new password both normnalized or not
+ response = client.post(
+ "/login",
+ json=dict(email="[email protected]", password="H??heH??he"),
+ )
+ assert response.status_code == 200
+ # verify actually logged in
+ response = client.get("/profile", follow_redirects=False)
+ assert response.status_code == 200
+ logout(client)
+
+ response = client.post(
+ "/login",
+ json=dict(email="[email protected]", password="Ho\u0308heHo\u0308he"),
+ )
+ assert response.status_code == 200
+ # verify actually logged in
+ response = client.get("/profile", follow_redirects=False)
+ assert response.status_code == 200
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Flask-Security-Too-4.1.2/tox.ini
new/Flask-Security-Too-4.1.3/tox.ini
--- old/Flask-Security-Too-4.1.2/tox.ini 2021-09-23 00:54:50.000000000
+0200
+++ new/Flask-Security-Too-4.1.3/tox.ini 2022-03-02 17:58:26.000000000
+0100
@@ -1,6 +1,6 @@
[tox]
envlist =
- py{36,37,38,39,py3}-{low,release}
+ py{36,37,38,39,py38}-{low,release}
mypy
nobabel
style
@@ -9,14 +9,14 @@
makedist
skip_missing_interpreters = true
-[testenv:py{36,37,38,39,py3}-release]
+[testenv:py{36,37,38,39,py38}-release]
deps =
-r requirements/tests.txt
commands =
python setup.py compile_catalog
pytest --basetemp={envtmpdir} {posargs:tests}
-[testenv:py{36,37,38,39,py3}-low]
+[testenv:py{36,37,38,39,py38}-low]
deps =
pytest
@@ -30,14 +30,15 @@
argon2_cffi==20.1.0
babel==2.7.0
bcrypt==3.2.0
- bleach==3.1.5
+ bleach==3.2.2
cryptography==3.0.0
# next 2 come from minimums from Flask 1.1.1
- jinja2==2.10.1
- itsdangerous==0.24
- mongoengine==0.20.0
- mongomock==3.21.0
- pony==0.7.14
+ jinja2==2.11.0
+ itsdangerous==1.1.0
+ markupsafe==2.0.1
+ mongoengine==0.22.1
+ mongomock==3.22.0
+ pony==0.7.14;python_version<'3.10'
phonenumberslite==8.11.1
pyqrcode==1.2
sqlalchemy==1.3.19
