Merge branch 'dpgaspar:master' into feature/use-joserfc-to-evaluate-a…

…zure-jwt
dpgaspar · Oct 5, 2023 · ec14163 · ec14163
2 parents 3c17998 + e4d613a
commit ec14163
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 13 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,10 +1,15 @@
 Flask-AppBuilder ChangeLog
 ==========================
 
+Improvements and Bug fixes on 4.3.7
+-----------------------------------
+
+- fix: fix: swagger missing nonce (#2116) [Daniel Vaz Gaspar]
+
 Improvements and Bug fixes on 4.3.6
 -----------------------------------
 
-fix: increase email field length (#2102) [Daniel Vaz Gaspar]
+- fix: increase email field length (#2102) [Daniel Vaz Gaspar]
 
 Improvements and Bug fixes on 4.3.5
 -----------------------------------

diff --git a/docs/security.rst b/docs/security.rst
@@ -90,7 +90,7 @@ This method will authenticate the user's credentials against an LDAP server.
 
 WARNING: To use LDAP you need to install `python-ldap <https://www.python-ldap.org>`_.
 
-For a typical Microsoft AD setup (where all users can preform LDAP searches)::
+For a typical Microsoft AD setup (where all users can perform LDAP searches)::
 
     AUTH_TYPE = AUTH_LDAP
     AUTH_LDAP_SERVER = "ldap://ldap.example.com"

diff --git a/flask_appbuilder/__init__.py b/flask_appbuilder/__init__.py
@@ -1,5 +1,5 @@
 __author__ = "Daniel Vaz Gaspar"
-__version__ = "4.3.6"
+__version__ = "4.3.7"
 
 from .actions import action  # noqa: F401
 from .api import ModelRestApi  # noqa: F401

diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py
@@ -931,7 +931,7 @@ def _search_ldap(self, ldap, con, username):
         if len(self.auth_roles_mapping) > 0:
             request_fields.append(self.auth_ldap_group_field)
 
-        # preform the LDAP search
+        # perform the LDAP search
         log.debug(
             "LDAP search for '%s' with fields %s in scope '%s'",
             filter_str,
@@ -1114,7 +1114,7 @@ def auth_user_ldap(self, username, password):
             user_attributes = {}
 
             # Flow 1 - (Indirect Search Bind):
-            #  - in this flow, special bind credentials are used to preform the
+            #  - in this flow, special bind credentials are used to perform the
             #    LDAP search
             #  - in this flow, AUTH_LDAP_SEARCH must be set
             if self.auth_ldap_bind_user:
@@ -1150,7 +1150,7 @@ def auth_user_ldap(self, username, password):
 
             # Flow 2 - (Direct Search Bind):
             #  - in this flow, the credentials provided by the end-user are used
-            #    to preform the LDAP search
+            #    to perform the LDAP search
             #  - in this flow, we only search LDAP if AUTH_LDAP_SEARCH is set
             #     - features like AUTH_USER_REGISTRATION & AUTH_ROLES_SYNC_AT_LOGIN
             #       will only work if AUTH_LDAP_SEARCH is set

diff --git a/flask_appbuilder/templates/appbuilder/init.html b/flask_appbuilder/templates/appbuilder/init.html
@@ -27,7 +27,7 @@
       {% endif %}
       <link href="{{url_for('appbuilder.static',filename='datepicker/bootstrap-datepicker.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='select2/select2.css')}}" rel="stylesheet">
-        <link href="{{url_for('appbuilder.static',filename='select2/select2-bootstrap-theme.css')}}" rel="stylesheet">
+      <link href="{{url_for('appbuilder.static',filename='select2/select2-bootstrap-theme.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='css/flags/flags16.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='css/ab.css')}}" rel="stylesheet">
     {% endblock %}

diff --git a/flask_appbuilder/templates/appbuilder/swagger/swagger.html b/flask_appbuilder/templates/appbuilder/swagger/swagger.html
@@ -3,17 +3,17 @@
 {% block head_css %}
     {{ super() }}
     <link type="text/css" rel="stylesheet"
-          href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@4/swagger-ui.css">
-    <link rel="shortcut icon" href="https://fastapi.tiangolo.com/img/favicon.png">
+          href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css"
+          nonce="{{ baselib.get_nonce() }}">
 {% endblock %}
 
 {% block content %}
     <div id="swagger-ui">
     </div>
-    <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@4/swagger-ui-bundle.js" nonce="{{ baselib.get_nonce() }}"></script>
+    <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui-bundle.js"
+            nonce="{{ baselib.get_nonce() }}"></script>
     <!-- `SwaggerUIBundle` is now available on the page -->
-    <script>
-
+    <script nonce="{{ baselib.get_nonce() }}">
         const ui = SwaggerUIBundle({
             url: '{{openapi_uri}}',
             dom_id: '#swagger-ui',
@@ -22,7 +22,6 @@
                 SwaggerUIBundle.SwaggerUIStandalonePreset
             ],
             layout: "BaseLayout"
-
         })
     </script>
 {% endblock %}