flask-praetorian
flask-praetorian copied to clipboard
dusktreader
Strong, Simple, and Precise security for Flask APIs (using jwt)
please see https://stackoverflow.com/a/59363326 for why this is needed. (more details:) First of all thanks for this great & working package! Secondly I wanted to download a file from my flask...
In flask-praetorian/flask_praetorian/exceptions.py the ExpiredRefreshError exception sends a 401 status code. Should this not be a 403 status code, as this token is not usable any more? I looked up the...
When encoding a jwt and specifying the override_access_lifespan parameter using a dictionary as per the documentation, an error is thrown: (unsupported operand type(s) for +: 'DateTime' and 'dict') I solved...
https://github.com/dusktreader/flask-praetorian/blob/c23d10e0d6e34b2b3102b9b71e48f006b8397467/flask_praetorian/base.py#L243 ```python self.reset_sender = app.config.get( "PRAETORIAN_RESET_SENDER", ) ``` might can be replace by: ``` ... DEFAULT_SENDER = app.config.get( "DEFAULT_SENDER" ) ... self.reset_sender = app.config.get( "PRAETORIAN_RESET_SENDER", DEFAULT_SENDER ) ``` IPO,the only...
The project needs to have integration tests that verify that each feature works with: * A running flask API instance * A running database The unit tests should verify that...
https://github.com/dusktreader/flask-praetorian/blob/4740713858965e4c933b12e7d33d8972cd1d5618/flask_praetorian/base.py#L896-L899 `send_reset_email` attempts to pass the attribute `user.email` to the function `send_token_email `. The `User` object may not necessarily have an email attribute (I for instance have set it up...
The email methods needed some hardening and there were some assumptions baked in that needed to be corrected. For now, the functionality has been updated, and documentation will follow. I...
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.2.2 to 2.2.3. Release notes Sourced from werkzeug's releases. 2.2.3 This is a fix release for the 2.2.x release branch. Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3 Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1 This release contains...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.10.8 to 2022.12.7. Commits 9e9e840 2022.12.07 b81bdb2 2022.09.24 939a28f 2022.09.14 aca828a 2022.06.15.2 de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ... b8eb5e9 2022.06.15.1...
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. Release notes Sourced from jinja2's releases. 3.1.4 This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise...
Metadata
Owner
Metadata
Strong, Simple, and Precise security for Flask APIs (using jwt)