Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
.. This file is part of Invenio. Copyright (C) 2015-2018 CERN.
Invenio is free software; you can redistribute it and/or modify it
under the terms of the MIT License; see LICENSE file for more details.
.. image:: https://img.shields.io/github/license/inveniosoftware/invenio-accounts.svg :target: https://github.com/inveniosoftware/invenio-accounts/blob/master/LICENSE
.. image:: https://github.com/inveniosoftware/invenio-accounts/workflows/CI/badge.svg :target: https://github.com/inveniosoftware/invenio-accounts/actions?query=workflow%3ACI
.. image:: https://img.shields.io/coveralls/inveniosoftware/invenio-accounts.svg :target: https://coveralls.io/r/inveniosoftware/invenio-accounts
.. image:: https://img.shields.io/pypi/v/invenio-accounts.svg :target: https://pypi.org/pypi/invenio-accounts
Invenio user management and authentication.
Features:
Invenio-Accounts relies on the following community packages to do all the heavy-lifting:
Flask-Security <https://flask-security.readthedocs.io>
_Flask-Login <https://flask-login.readthedocs.io/>
_Flask-Principal <https://pythonhosted.org/Flask-Principal/>
_Flask-KVSession <http://pythonhosted.org/Flask-KVSession/>
_Passlib <https://passlib.readthedocs.io/>
_Further documentation is available on https://invenio-accounts.readthedocs.io/
.. This file is part of Invenio. Copyright (C) 2015-2024 CERN. Copyright (C) 2024 Graz University of Technology.
Invenio is free software; you can redistribute it and/or modify it
under the terms of the MIT License; see LICENSE file for more details.
Version 6.0.0 (release 2024-12-04)
Version v5.1.7 (released 2024-11-29)
Version v5.1.6 (released 2024-11-28)
Version v5.1.5 (released 2024-11-05)
Version v5.1.4 (released 2024-11-04)
Version v5.1.3 (released 2024-10-31)
Version 5.1.2 (released 2024-09-19)
Version 5.1.1 (released 2024-08-08)
Version 5.1.0 (released 2024-07-30)
Version 5.0.1 (released 2024-03-22)
Version 5.0.0 (released 2024-03-21)
Version 4.0.2 (released 2024-02-19)
Version 4.0.1 (released 2024-02-01)
Version 4.0.0 (released 2024-01-29)
Version 3.5.1 (released 2023-12-10)
settings.change_password
menu
if ACCOUNTS_REGISTER_BLUEPRINT
is FalseVersion 3.5.0 (released 2023-11-10)
Version 3.4.4 (released 2023-11-10)
models: do not set value in user preference getter
Version 3.4.3 (released 2023-10-20)
Version 3.4.2 (released 2023-10-17)
Version 3.4.1 (released 2023-10-14)
Version 3.4.0 (released 2023-08-30)
Version 3.3.1 (released 2023-08-23)
ACCOUNTS_DEFAULT_USERS_VERIFIED
to False by defaultVersion 3.3.0 (released 2023-08-21)
verified_at
column in User model. The default value is controlled by
a new config variable called ACCOUNTS_DEFAULT_USERS_VERIFIED
. If True, then a date
is generated, otherwise is set to None
.Version 3.2.1 (released 2023-08-17)
Version 3.2.0 (released 2023-08-02)
Version 3.1.0 (released 2023-07-31)
Version 3.0.3 (released 2023-06-15)
Version 3.0.2 (released 2023-06-14)
Version 3.0.1 (released 2023-06-14)
Version 3.0.0 (released 2023-06-14)
Version 2.2.0 (released 2023-04-25)
Version 2.1.0 (released 2023-03-01)
Version 2.0.2 (released 2022-12-14)
--confirm
flag when creating a usersend_register_msg
, to control
programmatically the send of registration email independently of the global
configuration.Version 2.0.1 (released 2022-11-18)
Version 2.0.0 (released 2022-05-23)
Adds customizable user profiles and user preferences fields to the user data model.
Adds version counter to the user table to enable optimistic concurrency control on the user table.
Moves login information fields from user table to a separate login information table.
Moves the external user identity table from Invenio-OAuthclient to Invenio-Accounts.
Adds support for tracking changed users within a transaction to allow for updating the related indexes.
Changes from using Flask-Security to using a private fork named Flask-Security-Invenio. Flask-Security-Too was evaluated but was found to have significantly increased scope with features not needed.
Version 1.4.9 (released 2021-12-04)
Version 1.4.8 (released 2021-10-18)
Version 1.4.7 (released 2021-10-06)
Version 1.4.6 (released 2021-07-12)
Version 1.4.5 (released 2021-05-21)
Version 1.4.4 (released 2021-05-11)
Version 1.4.3 (released 2020-12-17)
Version 1.4.2 (released 2020-12-11)
Version 1.4.1 (released 2020-12-10)
Version 1.4.0 (released 2020-12-09)
next
parameter being used in the sign-up form.Version 1.3.0 (released 2020-05-15)
Flask-KVSession
to Flask-KVSession-Invenio
, fork of
the former.Version 1.2.2 (released 2020-05-13)
This release was removed from PyPI on 2020-05-15 due to issues with the release.
Version 1.2.1 (released 2020-04-28)
Version 1.2.0 (released 2020-03-09)
Version 1.1.4 (released 2020-04-28)
Version 1.1.3 (released 2020-02-19)
Version 1.1.2 (released 2020-02-12)
Version 1.1.1 (released 2019-03-10)
Version 1.1.0 (released 2019-02-15)
Added support for for adding the user id and session id of the current user
into the HTTP headers (X-User-ID
and X-Session-ID
) for upstream
servers to use. For instance, this way current user/session ids can be logged
by Nginx into the web server access logs. The feature is off by default and
can be enabled via the ACCOUNTS_USERINFO_HEADERS
configuration variable.
Note: The upstream server should strip the two headers from the response
returned to the client. The purpose is purely to allow upstream proxies like
Nginx to log the user/session id for a specific request.
Changed token expiration from 5 days to 30 minutes for the password reset token and email confirmation token. Using the tokens will as a side-effect login in the user, which means that if the link is leaked (e.g. forwarded by the users themselves), then another person can use the link to access the account. Flask-Security v3.1.0 addresses this issue, but has not yet been released.
Fixes issue that could rehash the user password in the adminstration interface.
Version 1.0.2 (released 2018-10-31)
any_user
Need in Invenio-Access.Version 1.0.1 (released 2018-05-25)
Version 1.0.0 (released 2018-03-23)
FAQs
Invenio user management and authentication.
We found that invenio-accounts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.