Skip to content
This repository has been archived by the owner on Feb 22, 2024. It is now read-only.

Flask-Social Version 1.6.3 #38

Open
4 of 5 tasks
eriktaubeneck opened this issue Feb 19, 2014 · 17 comments
Open
4 of 5 tasks

Flask-Social Version 1.6.3 #38

eriktaubeneck opened this issue Feb 19, 2014 · 17 comments

Comments

@eriktaubeneck
Copy link
Collaborator

We've got a few PRs and issues lined up, so I figured I'd create a checklist for things we'd like for Version 1.6.3 and I can work to get them in line, onto develop, and we can get a new version pushed to master and pypi shortly.

@mattupstate would like to get feedback on this plan. The * items are ones that I will take care of, and I can take care of merging in portions of pull requests, if we decide.

@pib
Copy link
Contributor

pib commented Feb 19, 2014

Actually it was PR #33 that I was going to add tests for. I think the conclusion for #36 was that it was unneeded.

@eriktaubeneck
Copy link
Collaborator Author

Yep. Typo, my bad. Thanks! (and fixed)

jaitaiwan added a commit to CentricWebEstate/flask-social that referenced this issue Jun 29, 2014
Working towards py3k support as its a major issue for my web application. Relates to pallets-eco#38
@sayerhs
Copy link

sayerhs commented May 12, 2015

@eriktaubeneck, @mattupstate : Any update on plans to release the next version? v1.6.2 has issues with google login which seems to have been fixed on the devel branch with the move to flask-oauthlib + mods to providers/google.py. I would prefer to use Flask-Social in requirements.txt instead of the git+https:// entry for production.

@eriktaubeneck
Copy link
Collaborator Author

@sayerhs I haven't been using flask-social at work anymore, so I haven't been able to give it nearly as much attention as I used to. Hopefully I'll get a chance soon to merge this all in, and @mattupstate can push a new version .

@sayerhs
Copy link

sayerhs commented May 13, 2015

@eriktaubeneck Great! Let me know if there is something I can do to help speed up the process. Thanks.

@jquacinella
Copy link

@eriktaubeneck Any word on this? https://pypi.python.org/pypi/Flask-Social states 1.6.2 is still the latest and I am having issues with Google login like @sayerhs stated. Thanks!

@eriktaubeneck
Copy link
Collaborator Author

Hey @jquacinella, sorry for the delay. I haven't been using Flask-Social at my new job, so I haven't been able to dedicate the same amount of time to the project. I believe the same is true WRT @mattupstate. We should potentially discuss bringing in more maintainers who are actively using the project.

@sayerhs
Copy link

sayerhs commented Aug 11, 2015

@eriktaubeneck - I will definitely be willing to contribute. Also I think
it would be good to revisit the list you have developed and see if those
are still the priorities.

On Tue, Aug 11, 2015 at 11:39 AM, Erik Taubeneck [email protected]
wrote:

Hey @jquacinella https://github.com/jquacinella, sorry for the delay. I
haven't been using Flask-Social at my new job, so I haven't been able to
dedicate the same amount of time to the project. I believe the same is true
WRT @mattupstate https://github.com/mattupstate. We should potentially
discuss bringing in more maintainers who are actively using the project.


Reply to this email directly or view it on GitHub
#38 (comment)
.

@eriktaubeneck
Copy link
Collaborator Author

I think the 2 largest priorities would be switching over to Flask-Oauthlib and getting CSRF working properly.

@sayerhs
Copy link

sayerhs commented Aug 12, 2015 via email

@eriktaubeneck
Copy link
Collaborator Author

Ahh yes, you are correct WRT Flask-Oauthlib. It's been a little while since using the package.

For CSRF, the issue is that if you wish to use the CsrfProtect function that Flask-WTF provides, it breaks all of the social routes. You can see Issue 24 for more details. I'll also look at my old code and see if I can figure out if we got around it, it may provide clues in how to implement it.

@sayerhs
Copy link

sayerhs commented Aug 12, 2015

Do you have an example of the breakage of flask social routes? Or the
monkey patching code that you're using as a workaround?

On Wed, Aug 12, 2015 at 10:47 AM, Erik Taubeneck [email protected]
wrote:

Ahh yes, you are correct WRT Flask-Oauthlib. It's been a little while
since using the package.

For CSRF, the issue is that if you wish to use the CsrfProtect function
that Flask-WTF provides, it breaks all of the social routes. You can see Issue
24 #24 for more
details. I'll also look at my old code and see if I can figure out if we
got around it, it may provide clues in how to implement it.


Reply to this email directly or view it on GitHub
#38 (comment)
.

@eriktaubeneck
Copy link
Collaborator Author

All we did was manually insert a csrf_token() into the form when we posted the signup, i.e.:

<form action="{{ url_for('social.connect', provider_id=provider_id) }}" method="POST">
    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
    <button type="submit" {{provider_id}} </button>
</form>

@sayerhs
Copy link

sayerhs commented Aug 22, 2015

Hi Erik,

So after reading Flask-WTF documentation (
http://flask-wtf.readthedocs.org/en/latest/csrf.html), it seems that this
is essentially an app developer setting and the changes are mostly in the
templates. So if we update the documentation and flask-social-example. I
don't see anything in flask-social itself that needs fixing.

On Thu, Aug 20, 2015 at 11:22 AM, Erik Taubeneck [email protected]
wrote:

All we did was manually insert a csrf_token() into the form when we
posted the signup, i.e.:


Reply to this email directly or view it on GitHub
#38 (comment)
.

@eriktaubeneck
Copy link
Collaborator Author

See the discussion here for more detail, but essentially the issue is not making Flask-Social compatible with CSRF, but to utilize it and protect someone from getting an account deleted through a CSRF attack.

@KeNaCo
Copy link

KeNaCo commented Jan 7, 2016

Is here someone active?

@oleksandr-l5
Copy link

+1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

No branches or pull requests

6 participants