Remove LOGIN_DISABLED config (#868)

CHANGES.md

@@ -17,6 +17,7 @@ Unreleased
 - Use `datetime.now(timezone.utc)` instead of deprecated `datetime.utcnow`. #758
 - Never look at the `X-Forwarded-For` header, always use `request.remote_addr`,
  requiring the developer to configure `ProxyFix` appropriately. #700
+- Remove `LOGIN_DISABLED` config. #697
 
 
 Version 0.6.3

src/flask_login/utils.py

@@ -263,10 +263,6 @@ def post():
 
  ...which is essentially the code that this function adds to your views.
 
- It can be convenient to globally turn off authentication when unit testing.
- To enable this, if the application configuration variable `LOGIN_DISABLED`
- is set to `True`, this decorator will be ignored.
-
  .. Note ::
 
  Per `W3 guidelines for CORS preflight requests
@@ -279,7 +275,7 @@ def post():
 
  @wraps(func)
  def decorated_view(*args, **kwargs):
- if request.method in EXEMPT_METHODS or current_app.config.get("LOGIN_DISABLED"):
+ if request.method in EXEMPT_METHODS:
  pass
  elif not current_user.is_authenticated:
  return current_app.login_manager.unauthorized()
@@ -320,7 +316,7 @@ def fresh_login_required(func):
 
  @wraps(func)
  def decorated_view(*args, **kwargs):
- if request.method in EXEMPT_METHODS or current_app.config.get("LOGIN_DISABLED"):
+ if request.method in EXEMPT_METHODS:
  pass
  elif not current_user.is_authenticated:
  return current_app.login_manager.unauthorized()

tests/test_login.py

@@ -187,7 +187,6 @@ def setUp(self):
  self.app = Flask(__name__)
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
 
  class SecretEndpoint(MethodView):
  decorators = [
@@ -220,7 +219,6 @@ def setUp(self):
  self.app.config["REMEMBER_COOKIE_NAME"] = self.remember_cookie_name
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
 
  # Disable absolute location, like Werkzeug 2.1
  self.app.response_class.autocorrect_location_header = False
@@ -1092,13 +1090,6 @@ async def protected():
  return "Access Granted"
 
  with self.app.test_client() as c:
- self.app.config["LOGIN_DISABLED"] = True
-
- result = c.get("/protected")
- self.assertEqual(result.status_code, 200)
-
- self.app.config["LOGIN_DISABLED"] = False
-
  result = c.get("/protected")
  self.assertEqual(result.status_code, 401)
 
@@ -1110,19 +1101,6 @@ async def protected():
  result2 = c.get("/protected")
  self.assertIn("Access Granted", result2.data.decode("utf-8"))
 
- def test_decorators_are_disabled(self):
- @self.app.route("/protected")
- @login_required
- @fresh_login_required
- def protected():
- return "Access Granted"
-
- self.app.config["LOGIN_DISABLED"] = True
-
- with self.app.test_client() as c:
- result = c.get("/protected")
- self.assertIn("Access Granted", result.data.decode("utf-8"))
-
  def test_fresh_login_required_decorator(self):
  @self.app.route("/very-protected")
  @fresh_login_required
@@ -1165,7 +1143,6 @@ def setUp(self):
  self.app.config["REMEMBER_COOKIE_NAME"] = self.remember_cookie_name
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
 
  @self.app.route("/")
  def index():
@@ -1444,7 +1421,6 @@ def setUp(self):
  self.app.config["REMEMBER_COOKIE_NAME"] = self.remember_cookie_name
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
 
  @self.app.route("/")
  def index():
@@ -1512,7 +1488,6 @@ def setUp(self):
  self.app.config["REMEMBER_COOKIE_NAME"] = self.remember_cookie_name
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
 
  @self.app.route("/secret")
  def secret():
@@ -1572,7 +1547,6 @@ def setUp(self):
  self.app.config["REMEMBER_COOKIE_NAME"] = self.remember_cookie_name
  self.login_manager = LoginManager()
  self.login_manager.init_app(self.app)
- self.app.config["LOGIN_DISABLED"] = False
  self.app.test_client_class = FlaskLoginClient
 
  @self.app.route("/username")