Merge pull request pallets-eco#366 from covertgeek/develop

Modified check_token function to handle list-type JSON post

docs/configuration.rst

@@ -269,3 +269,44 @@ Miscellaneous
                                               me" value used when logging in
                                               a user. Defaults to ``False``.
 ============================================= ==================================
+
+Messages
+-------------
+
+The following are the messages Flask-Security uses.  They are tuples; the first
+element is the message and the second element is the error level.
+
+The default messages and error levels can be found in ``core.py``.
+
+* ``SECURITY_MSG_ALREADY_CONFIRMED``
+* ``SECURITY_MSG_CONFIRMATION_EXPIRED``
+* ``SECURITY_MSG_CONFIRMATION_REQUEST``
+* ``SECURITY_MSG_CONFIRMATION_REQUIRED``
+* ``SECURITY_MSG_CONFIRM_REGISTRATION``
+* ``SECURITY_MSG_DISABLED_ACCOUNT``
+* ``SECURITY_MSG_EMAIL_ALREADY_ASSOCIATED``
+* ``SECURITY_MSG_EMAIL_CONFIRMED``
+* ``SECURITY_MSG_EMAIL_NOT_PROVIDED``
+* ``SECURITY_MSG_INVALID_CONFIRMATION_TOKEN``
+* ``SECURITY_MSG_INVALID_EMAIL_ADDRESS``
+* ``SECURITY_MSG_INVALID_LOGIN_TOKEN``
+* ``SECURITY_MSG_INVALID_PASSWORD``
+* ``SECURITY_MSG_INVALID_REDIRECT``
+* ``SECURITY_MSG_INVALID_RESET_PASSWORD_TOKEN``
+* ``SECURITY_MSG_LOGIN``
+* ``SECURITY_MSG_LOGIN_EMAIL_SENT``
+* ``SECURITY_MSG_LOGIN_EXPIRED``
+* ``SECURITY_MSG_PASSWORDLESS_LOGIN_SUCCESSFUL``
+* ``SECURITY_MSG_PASSWORD_CHANGE``
+* ``SECURITY_MSG_PASSWORD_INVALID_LENGTH``
+* ``SECURITY_MSG_PASSWORD_IS_THE_SAME``
+* ``SECURITY_MSG_PASSWORD_MISMATCH``
+* ``SECURITY_MSG_PASSWORD_NOT_PROVIDED``
+* ``SECURITY_MSG_PASSWORD_NOT_SET``
+* ``SECURITY_MSG_PASSWORD_RESET``
+* ``SECURITY_MSG_PASSWORD_RESET_EXPIRED``
+* ``SECURITY_MSG_PASSWORD_RESET_REQUEST``
+* ``SECURITY_MSG_REFRESH``
+* ``SECURITY_MSG_RETYPE_PASSWORD_MISMATCH``
+* ``SECURITY_MSG_UNAUTHORIZED``
+* ``SECURITY_MSG_USER_DOES_NOT_EXIST``

docs/features.rst

@@ -89,7 +89,7 @@ User Registration
 
 Flask-Security comes packaged with a basic user registration view. This view is
 very simple and new users need only supply an email address and their password.
-This view can be overrided if your registration process requires more fields.
+This view can be overridden if your registration process requires more fields.
 
 
 Login Tracking

flask_security/decorators.py

@@ -52,7 +52,8 @@ def _check_token():
     header_token = request.headers.get(header_key, None)
     token = request.args.get(args_key, header_token)
     if request.get_json(silent=True):
-        token = request.json.get(args_key, token)
+        if not isinstance(request.json, list):
+            token = request.json.get(args_key, token)
 
     user = _security.login_manager.token_callback(token)