Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

Fix documentation for #781 #791

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Conversation

fmerges
Copy link

@fmerges fmerges commented Jul 13, 2018

This fixes the documentation. But, on the same topic, currently the extension doesn't really support plaintext anymore, and I guess it's not encouraged per se:

https://github.com/mattupstate/flask-security/blob/89198288bc416a7921b4973d8e897993942bb428/flask_security/utils.py#L120-L127

So why not eliminate it completely? Additionally, the transparent update of plaintext passwords to the configured hash is also something arguable (backward compatibility?)

@jirikuncar
Copy link
Contributor

jasco pushed a commit to jasco/flask-security that referenced this pull request Oct 3, 2023
* Update test_common.py

Added testcase for failing toke-authentication on session-only endpoint

* Update conftest.py

Added session-only authenticated route to test-fixture

* Update decorators.py

Added the `_check_session` function to specifically check session data to be used as authentication_method in the `auth_required`

* Update decorators.py

* Update decorators.py

* fixed decorator and added tests

* Fix session-only authentication.

If an endpoint was decorated with "session" only - a properly submitted token would also be accepted.
Fix that by checking as part of the auth_required() decorator and the user is authenticated AND was authenticated using the _user_loader (which is what flask-login calls for session based authenticated).

close pallets-eco#791

---------

Co-authored-by: N247S <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants