jwag956 / flask-security

94%

master: 97%

LAST BUILD ON BRANCH 3.3.0rc2

branch: 3.3.0rc2

CHANGE BRANCH

x

Reset

• 3.3.0rc2
• 3.0.1
• 3.0.1-rc1
• 3.0.1-rc2
• 3.0.1rc3
• 3.0.2
• 3.1.0
• 3.1.0rc1
• 3.2.0
• 3.2.0rc1
• 3.2.0rc2
• 3.2.0rc3
• 3.2.0rc4
• 3.3.0
• 3.3.0rc1
• 3.3.0rc3
• 3.3.1
• 3.3.2
• 3.3.3
• 3.4.0
• 3.4.1
• 302
• develop
• master

Build # 328

Build Type

push

travis-ci

Committed by web-flow

Commit Message

fix/feature - Improve unauthenticated/unauthorized handlers. (#152)

Prior to this, FS had a single unauthorized_handler that was called for both
authentication failures as well as authorization failures. The default
authentication handler simply returned 401 and a static html string. The default
unauthorized handler either redirected to UNAUTHORIZED_VIEW or did an abort(403)

This made FS authentication decorator behavior different than @login_required,
and made it difficult to have a handler for JSON that could differentiate between the 2.

2 new handlers - unauthn_handler and unauthz_handler were added.
unauthorized_handler has been deprecated.
Furthermore, both default handlers look to see if the response should be JSON and calls
render_json - this gives a nice easy hook for applications to have uniform API error responses.

Furthermore, the default unauthn_handler now simply calls login_manager.unauthorized() so
all authentication error handling is uniform.

Added docs, examples, etc.

Fixed bug in POST /logout where render_json wasn't being called.

Run Details

2111 of 2245 relevant lines covered (94.03%)

8.46 hits per line