commit python-Flask-Security-Too for openSUSE:Factory

root Wed, 13 May 2020 13:56:41 -0700

Hello community,

here is the log from the commit of package python-Flask-Security-Too for 
openSUSE:Factory checked in at 2020-05-13 22:55:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
 and      /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "python-Flask-Security-Too"

Wed May 13 22:55:55 2020 rev:3 rq:801333 version:3.4.2

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes
      2020-04-05 20:57:06.429414505 +0200
+++ 
/work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.2738/python-Flask-Security-Too.changes
    2020-05-13 22:55:56.474992493 +0200
@@ -1,0 +2,29 @@
+Thu May  7 10:42:20 UTC 2020 - Antonio Larrosa <[email protected]>
+
+- Update to 3.4.2:
+  * The flask-security repo was moved to a github organization
+    Flask-Middleware.
+
+- Update to 3.4.1:
+  * Fix a bunch of bugs in new unified sign in along with a couple
+    other major issues.
+  * (:issue:`298`) Alternative ID feature ran afoul of
+    postgres/psycopg2 finickiness.
+  * (:issue:`300`) JSON 401 responses had WWW-Authenticate Header
+    attached - that caused browsers to pop up their own login/password
+    form. Not what applications want.
+  * (:issue:`280`) Allow admin/api to setup TFA (and unified sign in)
+    out of band. Please see :meth:`.UserDatastore.tf_set`,
+    :meth:`.UserDatastore.tf_reset`, :meth:`.UserDatastore.us_set`,
+    :meth:`.UserDatastore.us_reset` and
+    :meth:`.UserDatastore.reset_user_access`.
+  * (:pr:`305`) We used form._errors which wasn't very pythonic,
+    and it was removed in WTForms 2.3.0.
+  * (:pr:`310`) WTForms 2.3.0 made email_validator optional,
+    we need it.
+
+- Added Requires python-bcrypt and python-email_validator,
+  Recommends python-PyQRCode, python-SQLAlchemy, python-zxcvbn
+  and Suggests python-argon2_cffi and python-phonenumbers
+
+-------------------------------------------------------------------
@@ -5,7 +34,22 @@
-  * (:pr:`257`) Support a unified sign in feature. Please see 
:ref:`unified-sign-in`.
-  * (:pr:`265`) Add phone number validation class. This is used in both 
unified sign in as well as two-factor when using sms.
-  * (:pr:`274`) Add support for 'freshness' of caller's authentication. This 
permits endpoints to be additionally protected by ensuring a recent 
authentication.
-  * (:issue:`99`, :issue:`195`) Support pluggable password validators. Provide 
a default validator that offers complexity and breached support.
-  * (:issue:`266`) Provide interface to two-factor send_token so that 
applications can provide error mitigation. Defaults to returning errors if 
can't send the verification code.
-  * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add fields 
necessary for the new unified sign in feature and changed 'username' to be 
unique (but not required).
-  * (:pr:`245`) Use fs_uniquifier as the default Flask-Login 'alternative 
token'. Basically this means that changing the fs_uniquifier will cause 
outstanding auth tokens, session and remember me cookies to be invalidated. So 
if an account gets compromised, an admin can easily stop access. Prior to this 
cookies were storing the 'id' which is the user's primary key - difficult to 
change! (kishi85)
+  * (:pr:`257`) Support a unified sign in feature.
+    Please see :ref:`unified-sign-in`.
+  * (:pr:`265`) Add phone number validation class. This is used in
+    both unified sign in as well as two-factor when using sms.
+  * (:pr:`274`) Add support for 'freshness' of caller's authentication.
+    This permits endpoints to be additionally protected by ensuring a
+    recent authentication.
+  * (:issue:`99`, :issue:`195`) Support pluggable password validators.
+    Provide a default validator that offers complexity and breached support.
+  * (:issue:`266`) Provide interface to two-factor send_token so that
+    applications can provide error mitigation. Defaults to returning
+    errors if can't send the verification code.
+  * (:pr:`247`) Updated all-inclusive data models (fsqlaV2). Add
+    fields necessary for the new unified sign in feature and changed
+    'username' to be unique (but not required).
+  * (:pr:`245`) Use fs_uniquifier as the default Flask-Login
+    'alternative token'. Basically this means that changing the
+    fs_uniquifier will cause outstanding auth tokens, session and
+    remember me cookies to be invalidated. So if an account gets
+    compromised, an admin can easily stop access. Prior to this cookies
+    were storing the 'id' which is the user's primary key - difficult
+    to change! (kishi85)

Old:
----
  Flask-Security-Too-3.4.0.tar.gz

New:
----
  Flask-Security-Too-3.4.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.RATPNV/_old  2020-05-13 22:55:56.950993422 +0200
+++ /var/tmp/diff_new_pack.RATPNV/_new  2020-05-13 22:55:56.954993430 +0200
@@ -19,7 +19,7 @@
 %define skip_python2 1
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-Flask-Security-Too
-Version:        3.4.0
+Version:        3.4.2
 Release:        0
 Summary:        Security for Flask apps
 License:        MIT
@@ -33,15 +33,16 @@
 BuildRequires:  %{python_module Flask-Mail >= 0.9.1}
 BuildRequires:  %{python_module Flask-Principal >= 0.4.0}
 BuildRequires:  %{python_module Flask-SQLAlchemy >= 2.3}
-BuildRequires:  %{python_module Flask-WTF >= 0.14.0}
+BuildRequires:  %{python_module Flask-WTF >= 0.14.2}
 BuildRequires:  %{python_module PyQRCode >= 1.2}
 BuildRequires:  %{python_module SQLAlchemy >= 1.2.6}
 BuildRequires:  %{python_module Werkzeug >= 0.15.5}
 BuildRequires:  %{python_module argon2_cffi >= 19.1.0}
 BuildRequires:  %{python_module bcrypt >= 3.1.5}
 BuildRequires:  %{python_module cachetools >= 3.1.0}
+BuildRequires:  %{python_module email_validator >= 1.0.5}
 BuildRequires:  %{python_module itsdangerous >= 1.1.0}
-BuildRequires:  %{python_module mock}
+BuildRequires:  %{python_module mock >= 1.3.0}
 BuildRequires:  %{python_module passlib >= 1.7.1}
 BuildRequires:  %{python_module peewee >= 3.11.2}
 BuildRequires:  %{python_module phonenumbers >= 8.11.1}
@@ -60,8 +61,15 @@
 Requires:       python-Flask-Principal >= 0.4.0
 Requires:       python-Flask-WTF >= 0.14.2
 Requires:       python-Werkzeug >= 0.15.5
+Requires:       python-bcrypt >= 3.1.5
+Requires:       python-email_validator >= 1.0.5
 Requires:       python-itsdangerous >= 1.1.0
 Requires:       python-passlib >= 1.7.1
+Recommends:     python-PyQRCode >= 1.2
+Recommends:     python-SQLAlchemy >= 1.2.6
+Recommends:     python-zxcvbn >= 4.4.28
+Suggests:       python-argon2_cffi >= 19.1.0
+Suggests:       python-phonenumbers >= 8.11.1
 Conflicts:      python-Flask-Security < 3.2.0
 Obsoletes:      python-Flask-Security < 3.2.0
 Provides:       python-Flask-Security = %{version}

++++++ Flask-Security-Too-3.4.0.tar.gz -> Flask-Security-Too-3.4.2.tar.gz ++++++
++++ 7618 lines of diff (skipped)

commit python-Flask-Security-Too for openSUSE:Factory

Reply via email to