Skip to content

Latest commit

 

History

History
186 lines (124 loc) · 17.8 KB

CHANGES.md

File metadata and controls

186 lines (124 loc) · 17.8 KB

Flask-HTTPAuth change log

Release 4.7.0 - 2022-05-29

  • Fallback to latin-1 encoding for credentials when utf-8 fails #151 (commit)
  • Documentation updates (commit)

Release 4.6.0 - 2022-04-21

  • Add MD5-Sess algorithm for Digest auth (commit)
  • Add qop=auth option for Digest auth (commit) (thanks Edward!)
  • Add Python 3.10 and PyPy 3.8 to build (commit)

Release 4.5.0 - 2021-10-25

  • Support for Flask 2 async views (commit)
  • Do not read the request body #138 (commit)
  • Remove unused flask.g import in token authentication example #137 (commit) (thanks Jonas Sandström!)
  • Fixed documentation typo #127 (commit) (thanks Reggie V!)

Release 4.4.0 - 2021-05-13

  • Replace safe_str_cmp with hmac.compare_digest to avoid a deprecation warning from Werkzeug #126 (commit) (thanks Federico Martinez!)
  • Drop Python 2 support (commit)

Release 4.3.0 - 2021-05-01

  • Support token auth with custom header in MultiAuth class #125 (commit)
  • Catch UnicodeDecodeError when passing malformed data in authorization header #122 (commit) (thanks Bastian Raschke!)
  • Fixes typo #116 (commit) (thanks Renato Oliveira!)
  • Move builds to GitHub actions (commit)

Release 4.2.0 - 2020-11-16

  • Allow error response to return a 200 status code #114 (commit)
  • Add optional argument to MultiAuth class #115 (commit) (thanks pryankster and Michael Wright!)
  • Remove python 3.5 and add python 3.9 to build (commit)

Release 4.1.0 - 2020-06-04

  • Basic authentication with custom scheme (commit)

Release 4.0.0 - 2020-04-26

  • Return user object from verify callbacks (commit)
  • New role authorization support (commit) (thanks gemerden!)
  • Add a custom token authorization header option (commit) (thanks Mohamed Feddad!)
  • Support an optional=True argument in login_required decorator (commit) (thanks Saif Almansoori!)
  • Pass HTTP status code to error callback (commit)
  • More secure example of basic auth in the documentation (commit)
  • Fix broken links in CHANGES.md and changelog template #85 (commit) (thanks Katie Smith!)

Release 3.3.0 - 2019-05-19

  • Use constant time string comparisons #82 (commit1, commit2) (thanks Brendan Long!)
  • Edited and changed the usage of JWT, because in fact the code and documentation uses JWS tokens. #79 (commit) (thanks unuseless!)
  • Documentation fix #78 (commit)
  • Documentation improvements #77 (commit)
  • helper release script (commit)

Release 3.2.4 - 2018-06-17

  • Refactored HTTPAuth login_required #74 (commit) (thanks nestedsoftware!)
  • remove incorrect references to JWT in example application #69 (commit)
  • Fix typo in docs #70 (commit) (thanks Grey Li!)
  • Fix documentation #67 (commit) (thanks Eugene Rymarev!)
  • correct spelling mistake #56 (commit) (thanks Edward Betts!)
  • travis build fix for py36 (commit)

Release 3.2.3 - 2017-06-05

  • Include docs and tests in pypi source tarball #55 (commit) (thanks Chandan Kumar!)

Release 3.2.2 - 2017-01-30

  • Validate authorization header in multi auth #51 (commit)
  • index.rst: Add a missing variable in a code snippet #49 (commit) (thanks Baptiste Fontaine!)

Release 3.2.1 - 2016-09-04

  • add __version__ to package (commit)
  • Add readme and license files to the built package #45 (commit)

Release 3.2.0 - 2016-08-20

  • Fix TCP Connection reset by peer error #39 (commit) (thanks Joe Kemp!)

Release 3.1.2 - 2016-04-21

  • Add robustness to password check (commit)

Release 3.1.1 - 2016-03-24

  • pass params to view function in MultiAuth #36 (commit) (thanks vovanz!)
  • add examples to flake8 build (commit)
  • Added multi auth tests (commit)
  • removed dead code (commit)

Release 3.1.0 - 2016-03-13

  • examples (commit)
  • Added support for multiple authentication methods (commit)
  • Added change log (commit)
  • Add additional token auth test (commit)

Release 3.0.2 - 2016-03-12

  • Let callback decide what to do when authentication type does not match (commit)

Release 3.0.1 - 2016-03-09

  • Catching exception when Authorization header is empty (commit) (thanks Kari Hreinsson!)
  • Documentation fix, validate_token() -> verify_token() (commit) (thanks Kari Hreinsson!)

Release 3.0.0 - 2016-03-07

  • documentation for new token auth (commit)
  • switch travis build to use tox (commit)
  • token auth support, plus test reorg (commit)
  • Added explicity Python 2 & 3 version classifiers to package (commit)

Release 2.7.1 - 2016-02-07

  • Remove session dependency in authenticate_header #31 (commit) (thanks Paweł Stiasny!)
  • Add Install Notes (commit) (thanks Michael Washburn Jr!)
  • Add syntax highlighting to the README #28 (commit) (thanks Josh Friend!)

Release 2.7.0 - 2015-09-20

  • Support custom authentication scheme and realm (commit)

Release 2.6.0 - 2015-08-23

  • Added information on how to implement digest authentication securely (commit)
  • Allow for custom nonce/opaque generation #24 (commit) (thanks Matt Haggard!)
  • fixed tests to work with python 2.6 (commit)
  • added travis ci badge (commit)

release 2.5.0 - 2015-04-26

  • documentation changes (commit)
  • documentation for stored ha1 feature (commit)
  • Include notes for nginx (commit) (thanks Erik Stephens!)
  • Include notes for nginx as well (commit) (thanks Erik Stephens!)
  • Update docs with WSGI notes (commit) (thanks Erik Stephens!)
  • Update README with WSGI notes (commit) (thanks Erik Stephens!)
  • Modified documents and readme for correct import statement #19 (commit) (thanks Aayush Kasurde!)

release 2.4.0 - 2015-03-02

  • Support anonymous users in verify_password callback (commit)
  • Add HA1 generation function to HTTPDigestAuth class (commit) (thanks Pawel Szczurko!)
  • Fix unit test url routes (commit) (thanks Pawel Szczurko!)
  • Add option to use ha1 combination as password instead of plain text password (commit) (thanks Pawel Szczurko!)
  • removed extra strip() calls in unit tests (commit)

release 2.3.0 - 2014-09-23

  • pep8 (commit)
  • Fixed problem with couple of decorator that destroy function they decorate #11 (commit) (thanks Nemanja Trifunovic!)
  • Ignore authentication headers for OPTIONS (commit) (thanks Henrique Carvalho Alves!)

release 2.2.1 - 2014-03-17

  • #5: correct handling of None return from get_password callback (commit)
  • #5 (commit)
  • Fixed problem when get_password decorator destroys function it decorates #4 (commit) (thanks Nemanja Trifunovic!)
  • custom password verification callback (commit)

version 2.1.0 - 2013-09-28

  • pass the username to the hash password callback (commit)

Release 2.0.0 - 2013-09-26

  • changed auth.username to auth.username() (commit)
  • 2.0 documentation update (commit)

Release 1.1.0 - 2013-08-30

Release 1.0.0 - 2013-07-27

  • First official release!