Allow flask 2.x.x (#427)

vimalloc-mavenlink · web-flow · commit 4013c7382f5a · 2021-05-12T17:11:12.000-06:00
diff --git a/examples/automatic_user_loading.py b/examples/automatic_user_loading.py
@@ -1,8 +1,9 @@
+from hmac import compare_digest
+
 from flask import Flask
 from flask import jsonify
 from flask import request
 from flask_sqlalchemy import SQLAlchemy
-from werkzeug.security import safe_str_cmp
 
 from flask_jwt_extended import create_access_token
 from flask_jwt_extended import current_user
@@ -29,7 +30,7 @@ class User(db.Model):
 
     # NOTE: In a real application make sure to properly hash and salt passwords
     def check_password(self, password):
-        return safe_str_cmp(password, "password")
+        return compare_digest(password, "password")
 
 
 # Register a callback function that takes whatever object is passed in as the
diff --git a/flask_jwt_extended/tokens.py b/flask_jwt_extended/tokens.py
@@ -2,9 +2,9 @@
 from datetime import datetime
 from datetime import timedelta
 from datetime import timezone
+from hmac import compare_digest
 
 import jwt
-from werkzeug.security import safe_str_cmp
 
 from flask_jwt_extended.exceptions import CSRFError
 from flask_jwt_extended.exceptions import JWTDecodeError
@@ -110,7 +110,7 @@ def _decode_jwt(
     if csrf_value:
         if "csrf" not in decoded_token:
             raise JWTDecodeError("Missing claim: csrf")
-        if not safe_str_cmp(decoded_token["csrf"], csrf_value):
+        if not compare_digest(decoded_token["csrf"], csrf_value):
             raise CSRFError("CSRF double submit tokens do not match")
 
     return decoded_token
diff --git a/requirements.txt b/requirements.txt
@@ -1,62 +1,64 @@
 alabaster==0.7.12
 appdirs==1.4.4
-Babel==2.9.0
+Babel==2.9.1
 black==20.8b1
 bleach==3.3.0
 certifi==2020.12.5
-cffi==1.14.4
+cffi==1.14.5
 cfgv==3.2.0
 chardet==4.0.0
-click==7.1.2
+click==8.0.0
 colorama==0.4.4
-cryptography==3.3.2
+cryptography==3.4.7
 distlib==0.3.1
-docutils==0.16
+docutils==0.17.1
 filelock==3.0.12
-Flask==1.1.2
-identify==1.5.13
+Flask==2.0.0
+identify==2.2.4
 idna==2.10
 imagesize==1.2.0
-itsdangerous==1.1.0
+importlib-metadata==4.0.1
+itsdangerous==2.0.0
 Jinja2==2.11.3
-keyring==21.8.0
+keyring==23.0.1
 MarkupSafe==1.1.1
 mypy-extensions==0.4.3
-nodeenv==1.5.0
-packaging==20.8
-Pallets-Sphinx-Themes==1.2.3
+nodeenv==1.6.0
+packaging==20.9
+Pallets-Sphinx-Themes==2.0.0
 pathspec==0.8.1
 pkginfo==1.7.0
 pluggy==0.13.1
-pre-commit==2.9.3
+pre-commit==2.12.1
 py==1.10.0
 pycparser==2.20
-Pygments==2.7.4
-PyJWT==2.0.1
+Pygments==2.9.0
+PyJWT==2.1.0
 pyparsing==2.4.7
-pytz==2020.5
-PyYAML==5.4
-readme-renderer==28.0
-regex==2020.11.13
+pytz==2021.1
+PyYAML==5.4.1
+readme-renderer==29.0
+regex==2021.4.4
 requests==2.25.1
 requests-toolbelt==0.9.1
-rfc3986==1.4.0
-six==1.15.0
-snowballstemmer==2.0.0
-Sphinx==3.4.3
+rfc3986==1.5.0
+six==1.16.0
+snowballstemmer==2.1.0
+Sphinx==4.0.1
 sphinxcontrib-applehelp==1.0.2
 sphinxcontrib-devhelp==1.0.2
 sphinxcontrib-htmlhelp==1.0.3
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.3
 sphinxcontrib-serializinghtml==1.1.4
 toml==0.10.2
-tox==3.21.1
-tqdm==4.56.0
-twine==3.3.0
-typed-ast==1.4.2
-typing-extensions==3.7.4.3
+tox==3.23.1
+tqdm==4.60.0
+twine==3.4.1
+typed-ast==1.4.3
+typing-extensions==3.10.0.0
 urllib3==1.26.4
-virtualenv==20.3.1
+virtualenv==20.4.6
 webencodings==0.5.1
-Werkzeug==1.0.1
+Werkzeug==2.0.0
+zipp==3.4.1
diff --git a/setup.py b/setup.py
@@ -27,7 +27,7 @@
     platforms="any",
     install_requires=[
         "Werkzeug>=0.14",  # Needed for SameSite cookie functionality
-        "Flask>=1.0,<2.0",
+        "Flask>=1.0,<3.0",
         "PyJWT>=2.0,<3.0",
     ],
     extras_require={"asymmetric_crypto": ["cryptography>=3.0,<4.0"]},
