From 4faacd49d39d2119565a07c28fba3f6b878674f1 Mon Sep 17 00:00:00 2001 From: Chris Wagner Date: Tue, 23 Jul 2019 13:12:50 -0700 Subject: [PATCH] Chore - prep 3.3.0rc1 (#132) --- docs/_templates/sidebarintro.html | 7 +++---- docs/conf.py | 2 +- docs/configuration.rst | 6 +++--- flask_security/__init__.py | 4 +++- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/_templates/sidebarintro.html b/docs/_templates/sidebarintro.html index 6d468099..c4ca6df1 100644 --- a/docs/_templates/sidebarintro.html +++ b/docs/_templates/sidebarintro.html @@ -2,8 +2,8 @@

About

Flask-Security is an opinionated Flask extension which adds basic security and authentication features to your Flask apps quickly - and easily. Flask-Social can also be used to add "social" or OAuth - login and connection management. + and easily. Fully supports form-based and single-page-application style + UIs, as well as JSON based APIs.

Useful Links

diff --git a/docs/conf.py b/docs/conf.py index 96830a24..47df3752 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -50,7 +50,7 @@ # built documents. # # The short X.Y version. -version = "3.2.0" +version = "3.3.0" # The full version, including alpha/beta/rc tags. release = version diff --git a/docs/configuration.rst b/docs/configuration.rst index c96dccb0..9a172ac8 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -123,7 +123,7 @@ Core ``SECURITY_CSRF_PROTECT_MECHANISMS`` Authentication mechanisms that require CSRF protection. These are the same mechanisms as are permitted in the ``@auth_required`` decorator. - Defaults to ``None`` + Defaults to ``("basic", "session", "token")`` ``SECURITY_CSRF_IGNORE_UNAUTH_ENDPOINTS`` If ``True`` then CSRF will not be required for endpoints that don't require authentication (e.g. login, logout, register, forgot_password). @@ -141,8 +141,8 @@ Core the the configuration variable ``WTF_CSRF_TIME_LIMIT``. This can cause CSRF failures if say an application is left idle for a long time. You can set that time limit to ``None`` - Or have the CSRF cookie sent on every request (which will give - it a new expiration time. Defaults to ``False``. + or have the CSRF cookie sent on every request (which will give + it a new expiration time). Defaults to ``False``. ============================================== ============================================= .. _Totp: https://passlib.readthedocs.io/en/stable/narr/totp-tutorial.html#totp-encryption-setup diff --git a/flask_security/__init__.py b/flask_security/__init__.py index 8d552583..36e52302 100644 --- a/flask_security/__init__.py +++ b/flask_security/__init__.py @@ -27,6 +27,7 @@ auth_required, permissions_accepted, permissions_required, + unauth_csrf, ) from .forms import ( ForgotPasswordForm, @@ -45,7 +46,7 @@ ) from .utils import login_user, logout_user, url_for_security -__version__ = "3.2.0" +__version__ = "3.3.0rc1" __all__ = ( "AnonymousUser", "ConfirmRegisterForm", @@ -76,6 +77,7 @@ "reset_password_instructions_sent", "roles_accepted", "roles_required", + "unauth_csrf", "url_for_security", "user_confirmed", "user_registered",