flask-lastuser
flask-lastuser copied to clipboard
hasgeek
Flask extension for Lastuser
Flask-Lastuser needs to honour the secure flag in `SESSION_COOKIE_SECURE` and use it for the Lastuser cookie.
It is possible for a user to be logged into a client app while not logged into Lastuser, possibly because the login cookie was deleted there. In such a case,...
In hasgeek/coaster#154, we've added an explicit expectation of login managers being compatible with Flask-Login's user-loading API. Flask-Lastuser might as well pick up other ideas from Flask-Login and revamp the API...
We currently save the current URL when performing a login operation. However, if the current request was anything other than a GET, it can't be returned to. In such a...
Flask-Lastuser's old resource decorator is clunky and has never been used in production. The `before_request` handler, however, has recently acquired the ability to parse an access token like a session...
As per Python's documentation for the `assert` statement, an `assert expression` is equivalent to: ```python if __debug__: if not expression: raise AssertionError ``` Also: > In the current implementation, the...
An XHR request without credentials will currently attempt to redirect to `/login`, which breaks UI as JS will attempt to follow the redirect instead of recognising the lack of access....
As a result of moving to parent-domain cookies in #19, Flask-Lastuser now recognises a new user, but does not run the app's usual post-login process. This means if the app...
The UserBase and UserBase2 classes store user data that is not guaranteed up to date with Lastuser. Data is refreshed when: 1. The user logs into the app. 2. Lastuser...