Sindre Stephansen
4acd265951
Add QR image to set up authenticator
il y a 5 ans
Sindre Stephansen
15384fb78d
Add two-factor authentication
Fixes #4
il y a 5 ans
Sindre Stephansen
ac243db11b
Minor restructure to improve code usability and readability
il y a 5 ans
Sindre Stephansen
d5b155a348
Set SMTP timeout
il y a 5 ans
Sindre Stephansen
f7d309268f
Properly indent email messages
il y a 5 ans
Sindre Stephansen
dd27cb68a4
Implement password reset
Fixes #2
il y a 5 ans
Sindre Stephansen
46394af70f
Implement email registration
Fixes #1
il y a 5 ans
Sindre Stephansen
b0bd63d0a1
Implement email. It almost works
The email works when sent from app.py, but not from any other file.
Also, it requires mysql-connector-python version 8.0.5, for some reason.
Right now the email is logged, so even if it couldn't get through the
server testing works.
il y a 5 ans
Sindre Stephansen
cb0219dbba
Remove initial admin user, and change the database password
Fixes #7
il y a 5 ans
Sindre Stephansen
442f6e1470
Prevent account enumeration when creating a project
Fixes #9
il y a 5 ans
Sindre Stephansen
a4a1bd5451
Add a render helper that adds required globals
il y a 5 ans
Sindre Stephansen
f8022f372f
Log user registration and invalid login attempts
Fixes #15
il y a 5 ans
Sindre Stephansen
3c3cf6ebc7
Replace printing with logging in model files
il y a 5 ans
Sindre Stephansen
a2b8932f39
Add setup for outputing nginx, uwsgi and python logs to files outside docker
il y a 5 ans
Sindre Stephansen
593028b3fb
Fix OS remote code execution
Fixes #6
il y a 5 ans
Sindre Stephansen
24bc79c575
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
il y a 5 ans
Sindre Stephansen
9491cfd5dd
Implement stricter password policy
Fixes #22
il y a 5 ans
Sindre Stephansen
9892487c44
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
il y a 5 ans
Sindre Stephansen
94dc16a0bb
Optimize Docker build
il y a 5 ans
Sindre Stephansen
4d562df0de
Minor fixes to code style in project files
il y a 5 ans
Sindre Stephansen
4a2af0f574
Check permissions and ownership when changing a project
Fixes #10
il y a 5 ans
Sindre Stephansen
09ef868038
Upgrade pip on build
il y a 5 ans
Sindre Stephansen
9738a31915
Disable the debug error page
Fixes #11
il y a 5 ans
Sindre Stephansen
b1242840a7
Add security headers
Fixes #26 and #12
il y a 5 ans
Sindre Stephansen
d89ddd6228
Remove old static file
Fixes #23
il y a 5 ans
Sindre Stephansen
e9b76013c3
Implement CSRF protection
Fixes #16
il y a 5 ans
Sindre Stephansen
dafe82af0a
Make remember cookie HttpOnly
Fixes #24
il y a 5 ans
Sindre Stephansen
1257cadf70
Secure remember cookie. This doesn't enable http-only
il y a 5 ans
Sindre Stephansen
56c14f149f
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
il y a 5 ans
Sindre Stephansen
ba8b2e6153
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
il y a 5 ans
Sindre Stephansen
a21b56775d
Use bound variables instead of concatenation in SQL queries
Fixes #5
il y a 5 ans
Sindre Stephansen
7629423772
Update mysql-connector dependency
Fixes #18
il y a 5 ans
Sindre Stephansen
f31d593e3a
Add HTTPS support with a self signed certificate
Fixes #3
il y a 5 ans
e3d02892d3
config for mailserver
il y a 5 ans
b1bab743d0
Change permissions to grant usergroup access. This change does not add or remove any vulnerablities. But makes it possibe for different administrators to manage the repository.
il y a 5 ans
b10c8b4866
Fix errorhandler bug
il y a 5 ans
2ef59fd840
Bug in exceptionhandler
il y a 5 ans
9388eda466
typo
il y a 5 ans
016d5a63ee
Error handling to prevent database from crashing on too easy on sql injections
il y a 5 ans
dfc0928f7c
Database exception handling
il y a 5 ans
a696c319df
Add smtp server
il y a 5 ans
212d0a9197
Accept zeros aswell
il y a 5 ans
2cd20c5106
Uwsgi init file
il y a 5 ans
96215ad1ff
NGINX skeleton for https
il y a 5 ans
01ce46108c
update
il y a 5 ans
919d3c633d
Update subnet for bridge and readme description
il y a 6 ans
3bb08a973f
Correctly use env variable to connect to database after image is running
il y a 6 ans
8cedf0d58f
Set ip and ports from groupid environment variable
il y a 6 ans
6f0754ce54
clean
il y a 6 ans
cbe5cc7413
generate docs
il y a 6 ans
jakobsn
Jakob Notland