Flask-login

-------------

Unreleased

- Remove previously deprecated code. 694

-------------

Released 2023-10-30

- Compatibility with Flask 3 and Werkzeug 3. 813

-------------

Released on July 25th, 2022

- Fix compatibility with Werkzeug 2.2 and Flask 2.2. 691
- Revert change to `expand_login_view` that attempted to preserve a
dynamic subdomain value. Such values should be handled using
`app.url_value_preprocessor` and `app.url_defaults`. 691
- Ensure deprecation warnings are present for deprecated features that
will be removed in the next feature release.
- Use `request_loader` instead of `header_loader`.
- Use `user_loaded_from_request` instead of `user_loaded_from_header`.
- Use `app.config["LOGIN_DISABLED"]` instead of `_login_disabled`.
- Use `init_app` instead of `setup_app`.

-------------

Released on May 1st, 2022

- Only preserve subdomain or host view args in unauthorized redirect 663
- The new utility function `login_remembered` returns `True` if the current
login is remembered across sessions. 654
- Fix side effect potentially executing view twice for same request. 666
- Clarify usage of FlaskLoginClient test client in docs. 668

-------------

Released on March 30th, 2022

- Drop support for Python 2.7, 3.5, and 3.6, which have all reached the
end of their official support. 594, 638
- The minimum supported version of Flask is 1.0.4, and Werkzeug is
1.0.1. However, projects are advised to use the latest versions of
both. 639
- Only flash "needs_refresh_message" if value is set 464
- Modify `expand_login_view` to allow for subdomain and host matching for `login_view` 462
- Add accessors for `request_loader` and `user_loader` callback functions 472
- Change "remember_me" cookie to match Werkzeug default value 488
- Change "remember_me" cookie to `HttpOnly`, matching Flask session cookie 488
- Add example for using `unauthorized_handler` 492
- Fix `assertEqual` deprecation warning in pytest 518
- Fix `collections` deprecation warning under Python 3.8 525
- Replace `safe_str_cmp` with `hmac.compare_digest` 585
- Document `REMEMBER_COOKIE_SAMESITE` config 577
- Revise setup.py to use README.md for long description 598
- Various documentation corrections 484, 482, 487, 534
- Fix `from flask_login import *` behavior, although note that
`import *` is not usually a good pattern in code. 485
- `UserMixin.is_authenticated` will return whatever `is_active` returns
by default. This prevents inactive users from logging in. 486, 530
- Session protection will only mark the session as not fresh if it's not
already marked as such, avoiding modifying the session cookie
unnecessarily. 612

-------------

Released on February 9th, 2020

- New custom test client: `flask_login.FlaskLoginClient`.
You can use this to write clearer automated tests. 431
- Prefix authenticated user_id, remember, and remember_seconds in Flask Session
with underscores to prevent accidental usage in application code. 470
- Simplify user loading. 378
- Various documentation improvements. 393, 394, 397, 417
- Set session ID when setting next. 403
- Clear session identifier on logout. 404
- Ensure use of a safe and up-to-date version of Flask.
- Drop support of Python versions: 2.6, 3.3, 3.4 450