Skip to content

Releases: indico/flask-multipass

v0.10

17 Mar 17:01
@github-actions github-actions
v0.10
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
e44bab0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.10 Latest
Latest
  • Allow overriding the message of NoSuchUser and InvalidCredentials, and make its other arguments keyword-only
Assets 4
Loading

v0.9

10 Mar 15:54
@github-actions github-actions
v0.9
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
d34007c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.9
  • Include the username in the identifier attribute of the NoSuchUser exception so applications can apply e.g. per-username rate limiting
  • Fail silently when there's no objectSid for an AD-style LDAP group
Loading

v0.8

09 Feb 11:59
@github-actions github-actions
v0.8
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
eb623a8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.8
  • Reject next URLs containing linebreaks gracefully
  • Look for logout_uri in top-level authlib provider config instead of the authlib_args dict (the latter is still checked as a fallback)
  • Include id_token_hint in authlib logout URL
  • Add logout_args setting to authlib provider which allows removing some of the query string arguments that are included by default
Loading

v0.7

04 Feb 12:23
@github-actions github-actions
v0.7
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
a196c5a

Choose a tag to compare

View all tags
v0.7
  • Support multiple id fields in SAML identity provider
  • Include client_id in authlib logout URL since some OIDC providers mayrequire this
  • Allow setting timeout for authlib token requests (default: 10 seconds)
  • Add new MULTIPASS_HIDE_NO_SUCH_USER config setting to convert NoSuchUser exceptions to InvalidCredentials to avoid disclosing whether a username is valid
  • Include the username in the identifier attribute of the InvalidCredentials exception so applications can apply e.g. per-username rate limiting
Loading

v0.6

27 Nov 15:48
@github-actions github-actions
v0.6
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
3d4e2c6

Choose a tag to compare

View all tags
v0.6
  • Drop support for Python 3.8 (3.8 is EOL since Oct 2024)
  • Remove upper version pins of dependencies
  • Support friendly names for SAML assertions (set 'saml_friendly_names': True in the auth provider settings)
  • Include more verbose authentication data in IdentityRetrievalFailed exception details
Loading

v0.5.6

29 Oct 16:44
@github-actions github-actions
v0.5.6
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
9b56208
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.6
  • Reject invalid next URLs with backslashes that could be used to trick browsers into redirecting to an otherwise disallowed host when doing client-side redirects
Loading

v0.5.5

23 Aug 00:36
@github-actions github-actions
v0.5.5
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
e4a56cf

Choose a tag to compare

View all tags
v0.5.5
  • Ensure only valid schemas (http and https) can be used when validating the next URL
  • Deprecate the flask_multipass.__version__ attribute
Loading

v0.5.4

30 Mar 11:29
@github-actions github-actions
v0.5.4
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
7dc4bcf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.4
  • Skip LDAP users that do not have the specified uid attribute set instead of failing with an error
Loading

v0.5.3

07 Feb 15:16
@github-actions github-actions
v0.5.3
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
816bdbb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.5.3
  • Skip LDAP group members that do not have the specified uid attribute set instead of failing with an error
Loading

v0.5.2

13 Dec 17:33
@github-actions github-actions
v0.5.2
This tag was signed with the committer’s verified signature.
ThiefMaster Adrian
GPG key ID: B071CD13184D719C
Verified
Learn about vigilant mode.
7523d98

Choose a tag to compare

View all tags
v0.5.2
  • Add ldap_or_authinfo identity provider which behaves exactly like the ldap provider, but if the user cannot be found in LDAP, it falls back to the data from the auth provider (typically Shibboleth)
Loading