Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

Flash message after Reset Password page says "logged in automatically", but it isn't #813

Open
kantorii opened this issue Nov 23, 2018 · 5 comments
Open

Flash message after Reset Password page says "logged in automatically", but it isn't #813

kantorii opened this issue Nov 23, 2018 · 5 comments

Comments

@kantorii
Copy link
Contributor

The default flash message after resetting the password is:
"You successfully reset your password and you have been logged in automatically."

However, in flask_security

  • I don't see code that logs the user in.
  • Fixing the default message breaks all the translations.

The workaround is to define SECURITY_MSG_PASSWORD_RESET, but I'm not sure if all programmers will realize that.
@avilaton
Copy link
Contributor

This is a valid bug since automatic login was removed upon password reset. All it needs is a PR updating the text. Good opportunity for a first time PR.

@deadlyraptor
Copy link

Hi there! I fixed this message in core.py and manually updated all of the translations as well but I'm unsure if that's the right approach for the latter. I tested the English version with an app I'm developing that utilizes Flask-Security and the message showed up correctly. I don't know how to use the translations so can't check those in a live environment.

Does this sound okay for a pull request or should I do some additional work first?

@kantorii
Copy link
Contributor Author

kantorii commented Jun 8, 2019

@deadlyraptor Thanks for following up!
Do you mean that you replaced the key in all the *.po files?
I think that's a good start.
I'm guessing that all the translations in different languages would also need to be updated, but I'm pretty sure there isn't a single person who can understand and check all the languages. I can only check English and Japanese.

@deadlyraptor
Copy link

@kantorii Yes, I edited the *.po files. I used Google Translate since it was mostly a matter of cutting off the second part of the sentence ("...and you have been successfully logged in.") but there could easily be grammatical errors. I can only verify English and Spanish.

English
"You successfully changed your password."

Spanish
"Has restablecido tu contraseña con éxito."

Japanese
パスワードの再設定が完了しました。

Let me know if there's anything else I can do on this one.

@kantorii
Copy link
Contributor Author

kantorii commented Jun 9, 2019
edited
Loading

@deadlyraptor The Japanese is ok.

I have nothing more to say.
I couldn't have done better :)

I wonder if @jirikuncar has anything to say.

jasco pushed a commit to jasco/flask-security that referenced this issue Oct 3, 2023
@jwag956 @N247S
Fix session-only authentication. (pallets-eco#813)
3bbd996 
* Update test_common.py

Added testcase for failing toke-authentication on session-only endpoint

* Update conftest.py

Added session-only authenticated route to test-fixture

* Update decorators.py

Added the `_check_session` function to specifically check session data to be used as authentication_method in the `auth_required`

* Update decorators.py

* Update decorators.py

* fixed decorator and added tests

* Fix session-only authentication.

If an endpoint was decorated with "session" only - a properly submitted token would also be accepted.
Fix that by checking as part of the auth_required() decorator and the user is authenticated AND was authenticated using the _user_loader (which is what flask-login calls for session based authenticated).

close pallets-eco#791

---------

Co-authored-by: N247S <fictiefverzonnen@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@avilaton @deadlyraptor @kantorii