With v1.0 we simplified customization by allowing developers to override or extend UserManager properties and methods.
We increased security by having the TokenManager accept parts of passwords, in addition to the user ID, to invalidate tokens after a password has changed. The TokenManager now also excepts IDs other than small integers.
Hashlib password hashing is completely configurable through two config settings: USER_PASSLIB_CRYPTCONTEXT_SCHEMES and USER_PASSLIB_CRYPTCONTEXT_KEYWORDS. Example: SCHEMES=['bcrypt', 'argon2'], KEYWORDS=dict(bcrypt__rounds=12, argon2__memory_cost=512).
We added support for MongoDBs (through Flask-MongoEngine) and for DynamoDBs (through Flask-Flywheel).
We introduced the EmailAdapter interface to support sending emails not only via SMTP, but also via sendmail, SendGrid, and custom EmailAdapters.
For all of the above we finally had to break compatibility with v0.6 (stable). For non-customized Flask-User apps, the porting is relatively straightforward. See the 'Porting from v0.6 to v1.0+' section in our docs.
- v1.0.2.3:
- Display "flash" message when change password fails (see #239).
- v1.0.2.0 - Production/Stable release. Dropped support for Python 2.6 and 3.3.
- v1.0.1.5 - Removed callbacks/auth0.
- v1.0.1.4 - Fixed calls to get_primary_user_email_object().
- v1.0.1.3 - Changed custom form class attribute names from something like
self.register_formto something likeself.RegisterFormClass - v1.0.1.2 - Use app.permanent_session_lifetime to limit user session lifetime.
- v1.0.1.1 - Alpha release. Breaks backward compatibility with v0.6.
- v0.6.* - Previous version. No longer supported.
- v0.5.* - Previous version. No longer supported.