Metadata-Version: 2.1
Name: invenio-accounts
Version: 1.4.1
Summary: Invenio user management and authentication.
Home-page: https://github.com/inveniosoftware/invenio-accounts
Author: CERN
Author-email: info@inveniosoftware.org
License: MIT
Keywords: invenio accounts user role login
Platform: any
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Development Status :: 5 - Production/Stable
Requires-Dist: cryptography (>=3.0.0)
Requires-Dist: Flask-Breadcrumbs (>=0.4.0)
Requires-Dist: Flask-KVSession-Invenio (>=0.6.3)
Requires-Dist: Flask-Login (<0.5.0,>=0.3.0)
Requires-Dist: Flask-Mail (>=0.9.1)
Requires-Dist: Flask-Menu (>=0.5.0)
Requires-Dist: Flask-Security (>=3.0.0)
Requires-Dist: Flask-WTF (>=0.14.3)
Requires-Dist: email-validator (>=1.0.5)
Requires-Dist: future (>=0.16.0)
Requires-Dist: invenio-base (>=1.2.3)
Requires-Dist: invenio-i18n (>=1.2.0)
Requires-Dist: invenio-celery (>=1.1.2)
Requires-Dist: invenio-rest (>=1.2.1)
Requires-Dist: maxminddb-geolite2 (>=2017.404)
Requires-Dist: passlib (>=1.7.1)
Requires-Dist: pyjwt (>=1.5.0)
Requires-Dist: redis (>=2.10.5)
Requires-Dist: simplekv (>=0.11.2)
Requires-Dist: ua-parser (>=0.7.3)
Provides-Extra: admin
Requires-Dist: invenio-admin (>=1.2.1) ; extra == 'admin'
Provides-Extra: all
Requires-Dist: invenio-admin (>=1.2.1) ; extra == 'all'
Requires-Dist: Sphinx (>=3) ; extra == 'all'
Requires-Dist: pytest-invenio (>=1.4.0) ; extra == 'all'
Provides-Extra: docs
Requires-Dist: Sphinx (>=3) ; extra == 'docs'
Provides-Extra: mysql
Requires-Dist: invenio-db[mysql,versioning] (>=1.0.8) ; extra == 'mysql'
Provides-Extra: postgresql
Requires-Dist: invenio-db[postgresql,versioning] (>=1.0.8) ; extra == 'postgresql'
Provides-Extra: sqlite
Requires-Dist: invenio-db[versioning] (>=1.0.8) ; extra == 'sqlite'
Provides-Extra: tests
Requires-Dist: pytest-invenio (>=1.4.0) ; extra == 'tests'

..
    This file is part of Invenio.
    Copyright (C) 2015-2018 CERN.

    Invenio is free software; you can redistribute it and/or modify it
    under the terms of the MIT License; see LICENSE file for more details.

==================
 Invenio-Accounts
==================

.. image:: https://img.shields.io/github/license/inveniosoftware/invenio-accounts.svg
        :target: https://github.com/inveniosoftware/invenio-accounts/blob/master/LICENSE

.. image:: https://github.com/inveniosoftware/invenio-accounts/workflows/CI/badge.svg
        :target: https://github.com/inveniosoftware/invenio-accounts/actions?query=workflow%3ACI

.. image:: https://img.shields.io/coveralls/inveniosoftware/invenio-accounts.svg
        :target: https://coveralls.io/r/inveniosoftware/invenio-accounts

.. image:: https://img.shields.io/pypi/v/invenio-accounts.svg
        :target: https://pypi.org/pypi/invenio-accounts

Invenio user management and authentication.

Features:

- User and role management.
- User registration, password reset/recovery and email verification.
- Administration interface and CLI for managing users.
- Session based authentication with session theft protection as well as
  "remember me" support.
- Strong cryptographic password hashing with support for migrating password
  hashes (including Invenio v1.x) to new stronger algorithms.
- Session activity tracking allowing users to e.g. logout of all devices.
- Server-side session management.
- JSON Web Token encoding and decoding support useful for e.g. CSRF-protection
  in REST APIs.

Invenio-Accounts relies on the following community packages to do all the
heavy-lifting:

- `Flask-Security <https://flask-security.readthedocs.io>`_
- `Flask-Login <https://flask-login.readthedocs.io/>`_
- `Flask-Principal <https://pythonhosted.org/Flask-Principal/>`_
- `Flask-KVSession <http://pythonhosted.org/Flask-KVSession/>`_
- `Passlib <https://passlib.readthedocs.io/>`_

Further documentation is available on
https://invenio-accounts.readthedocs.io/


..
    This file is part of Invenio.
    Copyright (C) 2015-2020 CERN.

    Invenio is free software; you can redistribute it and/or modify it
    under the terms of the MIT License; see LICENSE file for more details.

Changes
=======

Version 1.4.1 (released 2020-12-10)

- Fixes styling of forgot password form in semantic ui theme.

Version 1.4.0 (released 2020-12-09)

- Major: adds new Semantic UI theme.
- Adds Turkish translations.
- Fixes ``next`` parameter being used in the sign-up form.
- Fixes issue with translation files causing translations not to be picked up.
- Fixes wording from sign in to log in.
- Removes password length validation during login.

Version 1.3.0 (released 2020-05-15)

- Refreshes the CSRF token on login and logout.
- Removes the example app.
- Migrate from `Flask-KVSession` to `Flask-KVSession-Invenio`, fork of
  the former.

Version 1.2.2 (released 2020-05-13)

*This release was removed from PyPI on 2020-05-15 due to issues with the
release.*

Version 1.2.1 (released 2020-04-28)

- Fixes issue with the latest WTForms v2.3.x release which now requires an
  extra library for email validation.

Version 1.2.0 (released 2020-03-09)

- Replaces Flask dependency with centrally managed invenio-base

Version 1.1.4 (released 2020-04-28)

- Fixes issue with the latest WTForms v2.3.x release which now requires an
  extra library for email validation.

Version 1.1.3 (released 2020-02-19)

- Replaces Flask-CeleryExt to invenio-celery due to version incompatibilities
  with celery, kombu. Removes Flask-BabelExt already provided by invenio-i18n

Version 1.1.2 (released 2020-02-12)

- Fixes requirements for Flask, Werkzeug and Flask-Login due to
  incompatibilities of latest released modules.

Version 1.1.1 (released 2019-03-10)

- Fixes an issue where the HTTP headers X-Session-ID and X-User-ID are added
  even if the value is not known. This causes 'None' to be logged in Nginx,
  instead of simply '-'.

Version 1.1.0 (released 2019-02-15)

- Added support for for adding the user id and session id of the current user
  into the HTTP headers (``X-User-ID`` and ``X-Session-ID``) for upstream
  servers to use. For instance, this way current user/session ids can be logged
  by Nginx into the web server access logs. The feature is off by default and
  can be enabled via the ``ACCOUNTS_USERINFO_HEADERS`` configuration variable.
  Note: The upstream server should strip the two headers from the response
  returned to the client. The purpose is purely to allow upstream proxies like
  Nginx to log the user/session id for a specific request.

- Changed token expiration from 5 days to 30 minutes for the password reset
  token and email confirmation token. Using the tokens will as a side-effect
  login in the user, which means that if the link is leaked (e.g. forwarded by
  the users themselves), then another person can use the link to access the
  account. Flask-Security v3.1.0 addresses this issue, but has not yet been
  released.

- Fixes issue that could rehash the user password in the adminstration
  interface.

Version 1.0.2 (released 2018-10-31)

- Added AnonymousIdentity loader to app initialisation to fix the ``any_user``
  Need in Invenio-Access.

Version 1.0.1 (released 2018-05-25)

- Bumped Flask-CeleryExt from v0.3.0 to v0.3.1 to fix issue with Celery version
  string not being parsable and thus causing problems with installing Celery.

Version 1.0.0 (released 2018-03-23)

- Initial public release.


