Chore - prep 3.3.0rc1 (#132)

docs/_templates/sidebarintro.html

@@ -2,8 +2,8 @@ <h3>About</h3>
 <p>
   Flask-Security is an opinionated Flask extension which adds basic
   security and authentication features to your Flask apps quickly
-  and easily. Flask-Social can also be used to add "social" or OAuth
-  login and connection management.
+  and easily. Fully supports form-based and single-page-application style
+  UIs, as well as JSON based APIs.
 </p>
 <h3>Useful Links</h3>
 <ul>
@@ -12,6 +12,5 @@ <h3>Useful Links</h3>
   <li><a href="http://github.com/jwag956/flask-security/issues">Issue Tracker</a></li>
 </ul>
 <ul>
-  <li><a href="http://pypi.python.org/pypi/Flask-Social">Flask-Social</a></li>
-  <li><a href="http://github.com/mattupstate/flask-social">Flask-Social @ github</a></li>
+  <li><a href="https://palletsprojects.com/p/flask/">Flask</a></li>
 </ul>

docs/conf.py

@@ -50,7 +50,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = "3.2.0"
+version = "3.3.0"
 # The full version, including alpha/beta/rc tags.
 release = version
 

docs/configuration.rst

@@ -123,7 +123,7 @@ Core
 ``SECURITY_CSRF_PROTECT_MECHANISMS``             Authentication mechanisms that require CSRF protection.
                                                  These are the same mechanisms as are permitted
                                                  in the ``@auth_required`` decorator.
-                                                 Defaults to ``None``
+                                                 Defaults to ``("basic", "session", "token")``
 ``SECURITY_CSRF_IGNORE_UNAUTH_ENDPOINTS``        If ``True`` then CSRF will not be required for endpoints
                                                  that don't require authentication
                                                  (e.g. login, logout, register, forgot_password).
@@ -141,8 +141,8 @@ Core
                                                  the the configuration variable ``WTF_CSRF_TIME_LIMIT``.
                                                  This can cause CSRF failures if say an application is left
                                                  idle for a long time. You can set that time limit to ``None``
-                                                 Or have the CSRF cookie sent on every request (which will give
-                                                 it a new expiration time. Defaults to ``False``.
+                                                 or have the CSRF cookie sent on every request (which will give
+                                                 it a new expiration time). Defaults to ``False``.
 ==============================================   =============================================
 
 .. _Totp: https://passlib.readthedocs.io/en/stable/narr/totp-tutorial.html#totp-encryption-setup

flask_security/__init__.py

@@ -27,6 +27,7 @@
     auth_required,
     permissions_accepted,
     permissions_required,
+    unauth_csrf,
 )
 from .forms import (
     ForgotPasswordForm,
@@ -45,7 +46,7 @@
 )
 from .utils import login_user, logout_user, url_for_security
 
-__version__ = "3.2.0"
+__version__ = "3.3.0rc1"
 __all__ = (
     "AnonymousUser",
     "ConfirmRegisterForm",
@@ -76,6 +77,7 @@
     "reset_password_instructions_sent",
     "roles_accepted",
     "roles_required",
+    "unauth_csrf",
     "url_for_security",
     "user_confirmed",
     "user_registered",