From f96efdac27e7914d28dae456cc5086e6b815fbaa Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Fri, 22 Sep 2023 10:14:30 +0100
Subject: [PATCH 1/3] fix: swagger missing nonce (#2116)

---
 flask_appbuilder/templates/appbuilder/init.html       |  2 +-
 .../templates/appbuilder/swagger/swagger.html         | 11 +++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/flask_appbuilder/templates/appbuilder/init.html b/flask_appbuilder/templates/appbuilder/init.html
index 6ebf8b0409..62608c0f7a 100644
--- a/flask_appbuilder/templates/appbuilder/init.html
+++ b/flask_appbuilder/templates/appbuilder/init.html
@@ -27,7 +27,7 @@
       {% endif %}
       <link href="{{url_for('appbuilder.static',filename='datepicker/bootstrap-datepicker.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='select2/select2.css')}}" rel="stylesheet">
-        <link href="{{url_for('appbuilder.static',filename='select2/select2-bootstrap-theme.css')}}" rel="stylesheet">
+      <link href="{{url_for('appbuilder.static',filename='select2/select2-bootstrap-theme.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='css/flags/flags16.css')}}" rel="stylesheet">
       <link href="{{url_for('appbuilder.static',filename='css/ab.css')}}" rel="stylesheet">
     {% endblock %}
diff --git a/flask_appbuilder/templates/appbuilder/swagger/swagger.html b/flask_appbuilder/templates/appbuilder/swagger/swagger.html
index 40cce6707b..9cf29b6c87 100644
--- a/flask_appbuilder/templates/appbuilder/swagger/swagger.html
+++ b/flask_appbuilder/templates/appbuilder/swagger/swagger.html
@@ -3,17 +3,17 @@
 {% block head_css %}
     {{ super() }}
     <link type="text/css" rel="stylesheet"
-          href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@4/swagger-ui.css">
-    <link rel="shortcut icon" href="https://fastapi.tiangolo.com/img/favicon.png">
+          href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css"
+          nonce="{{ baselib.get_nonce() }}">
 {% endblock %}
 
 {% block content %}
     <div id="swagger-ui">
     </div>
-    <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@4/swagger-ui-bundle.js" nonce="{{ baselib.get_nonce() }}"></script>
+    <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui-bundle.js"
+            nonce="{{ baselib.get_nonce() }}"></script>
     <!-- `SwaggerUIBundle` is now available on the page -->
-    <script>
-
+    <script nonce="{{ baselib.get_nonce() }}">
         const ui = SwaggerUIBundle({
             url: '{{openapi_uri}}',
             dom_id: '#swagger-ui',
@@ -22,7 +22,6 @@
                 SwaggerUIBundle.SwaggerUIStandalonePreset
             ],
             layout: "BaseLayout"
-
         })
     </script>
 {% endblock %}

From c6fecdc551629e15467fde5d06b4437379d90592 Mon Sep 17 00:00:00 2001
From: Daniel Vaz Gaspar <danielvazgaspar@gmail.com>
Date: Fri, 22 Sep 2023 12:45:48 +0100
Subject: [PATCH 2/3] release: 4.3.7 (#2118)

---
 CHANGELOG.rst                | 7 ++++++-
 flask_appbuilder/__init__.py | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 2885602e40..db595d49d5 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,10 +1,15 @@
 Flask-AppBuilder ChangeLog
 ==========================
 
+Improvements and Bug fixes on 4.3.7
+-----------------------------------
+
+- fix: fix: swagger missing nonce (#2116) [Daniel Vaz Gaspar]
+
 Improvements and Bug fixes on 4.3.6
 -----------------------------------
 
-fix: increase email field length (#2102) [Daniel Vaz Gaspar]
+- fix: increase email field length (#2102) [Daniel Vaz Gaspar]
 
 Improvements and Bug fixes on 4.3.5
 -----------------------------------
diff --git a/flask_appbuilder/__init__.py b/flask_appbuilder/__init__.py
index 9691034afe..1eebd688cf 100644
--- a/flask_appbuilder/__init__.py
+++ b/flask_appbuilder/__init__.py
@@ -1,5 +1,5 @@
 __author__ = "Daniel Vaz Gaspar"
-__version__ = "4.3.6"
+__version__ = "4.3.7"
 
 from .actions import action  # noqa: F401
 from .api import ModelRestApi  # noqa: F401

From e4d613ae4e8470160bf6dff2babcba6dab5ed13f Mon Sep 17 00:00:00 2001
From: Sam Firke <sfirke@users.noreply.github.com>
Date: Tue, 3 Oct 2023 07:56:29 -0400
Subject: [PATCH 3/3] docs(typo): "preform" -> "perform" x4 (#2123)

* preform -> perform

* preform -> perform
---
 docs/security.rst                    | 2 +-
 flask_appbuilder/security/manager.py | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/security.rst b/docs/security.rst
index c5ef982dc7..03c01175af 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -90,7 +90,7 @@ This method will authenticate the user's credentials against an LDAP server.
 
 WARNING: To use LDAP you need to install `python-ldap <https://www.python-ldap.org>`_.
 
-For a typical Microsoft AD setup (where all users can preform LDAP searches)::
+For a typical Microsoft AD setup (where all users can perform LDAP searches)::
 
     AUTH_TYPE = AUTH_LDAP
     AUTH_LDAP_SERVER = "ldap://ldap.example.com"
diff --git a/flask_appbuilder/security/manager.py b/flask_appbuilder/security/manager.py
index ae4fbe96a2..bf15c69a2d 100644
--- a/flask_appbuilder/security/manager.py
+++ b/flask_appbuilder/security/manager.py
@@ -954,7 +954,7 @@ def _search_ldap(self, ldap, con, username):
         if len(self.auth_roles_mapping) > 0:
             request_fields.append(self.auth_ldap_group_field)
 
-        # preform the LDAP search
+        # perform the LDAP search
         log.debug(
             "LDAP search for '%s' with fields %s in scope '%s'",
             filter_str,
@@ -1137,7 +1137,7 @@ def auth_user_ldap(self, username, password):
             user_attributes = {}
 
             # Flow 1 - (Indirect Search Bind):
-            #  - in this flow, special bind credentials are used to preform the
+            #  - in this flow, special bind credentials are used to perform the
             #    LDAP search
             #  - in this flow, AUTH_LDAP_SEARCH must be set
             if self.auth_ldap_bind_user:
@@ -1173,7 +1173,7 @@ def auth_user_ldap(self, username, password):
 
             # Flow 2 - (Direct Search Bind):
             #  - in this flow, the credentials provided by the end-user are used
-            #    to preform the LDAP search
+            #    to perform the LDAP search
             #  - in this flow, we only search LDAP if AUTH_LDAP_SEARCH is set
             #     - features like AUTH_USER_REGISTRATION & AUTH_ROLES_SYNC_AT_LOGIN
             #       will only work if AUTH_LDAP_SEARCH is set