Sindre Stephansen
15384fb78d
Add two-factor authentication
Fixes #4
pirms 5 gadiem
Sindre Stephansen
ac243db11b
Minor restructure to improve code usability and readability
pirms 5 gadiem
Sindre Stephansen
d5b155a348
Set SMTP timeout
pirms 5 gadiem
Sindre Stephansen
f7d309268f
Properly indent email messages
pirms 5 gadiem
Sindre Stephansen
dd27cb68a4
Implement password reset
Fixes #2
pirms 5 gadiem
Sindre Stephansen
46394af70f
Implement email registration
Fixes #1
pirms 5 gadiem
Sindre Stephansen
b0bd63d0a1
Implement email. It almost works
The email works when sent from app.py, but not from any other file.
Also, it requires mysql-connector-python version 8.0.5, for some reason.
Right now the email is logged, so even if it couldn't get through the
server testing works.
pirms 5 gadiem
Sindre Stephansen
7f62b906cb
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
cb0219dbba
Remove initial admin user, and change the database password
Fixes #7
pirms 5 gadiem
Sindre Stephansen
5fee2971bd
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
442f6e1470
Prevent account enumeration when creating a project
Fixes #9
pirms 5 gadiem
Sindre Stephansen
a4a1bd5451
Add a render helper that adds required globals
pirms 5 gadiem
Sindre Stephansen
4795a4fc90
Merge branch 'logging' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
6ab98ecdbd
Add log directory to gitignore
pirms 5 gadiem
Sindre Stephansen
f8022f372f
Log user registration and invalid login attempts
Fixes #15
pirms 5 gadiem
Sindre Stephansen
3c3cf6ebc7
Replace printing with logging in model files
pirms 5 gadiem
Sindre Stephansen
a2b8932f39
Add setup for outputing nginx, uwsgi and python logs to files outside docker
pirms 5 gadiem
Sindre Stephansen
608a60559b
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
593028b3fb
Fix OS remote code execution
Fixes #6
pirms 5 gadiem
Sindre Stephansen
454633f113
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
24bc79c575
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
pirms 5 gadiem
Sindre Stephansen
e103db3fb8
Merge remote-tracking branch 'gitea/master' into minor
pirms 5 gadiem
Sindre Stephansen
c10f4967cb
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
9491cfd5dd
Implement stricter password policy
Fixes #22
pirms 5 gadiem
Sindre Stephansen
9892487c44
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
pirms 5 gadiem
Sindre Stephansen
94dc16a0bb
Optimize Docker build
pirms 5 gadiem
Sindre Stephansen
57db08636e
Merge branch 'minor' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
4d562df0de
Minor fixes to code style in project files
pirms 5 gadiem
Sindre Stephansen
4a2af0f574
Check permissions and ownership when changing a project
Fixes #10
pirms 5 gadiem
Sindre Stephansen
09ef868038
Upgrade pip on build
pirms 5 gadiem
Sindre Stephansen
9738a31915
Disable the debug error page
Fixes #11
pirms 5 gadiem
Sindre Stephansen
b1242840a7
Add security headers
Fixes #26 and #12
pirms 5 gadiem
Sindre Stephansen
d89ddd6228
Remove old static file
Fixes #23
pirms 5 gadiem
Sindre Stephansen
8fd4e006ca
Merge branch 'master' of gitlab.stud.idi.ntnu.no:tdt4237-2020/group32
pirms 5 gadiem
Sindre Stephansen
30afd414f6
Merge branch 'csrf' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
e9b76013c3
Implement CSRF protection
Fixes #16
pirms 5 gadiem
Sindre Stephansen
35195b9622
Merge branch 'session-cookie' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
dafe82af0a
Make remember cookie HttpOnly
Fixes #24
pirms 5 gadiem
Sindre Stephansen
1257cadf70
Secure remember cookie. This doesn't enable http-only
pirms 5 gadiem
Sindre Stephansen
56c14f149f
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
pirms 5 gadiem
Sindre Stephansen
ba8b2e6153
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
pirms 5 gadiem
Sindre Stephansen
1e29c69150
Merge branch 'sql-injection' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
a21b56775d
Use bound variables instead of concatenation in SQL queries
Fixes #5
pirms 5 gadiem
Sindre Stephansen
7629423772
Update mysql-connector dependency
Fixes #18
pirms 5 gadiem
Sindre Stephansen
48c6151f34
Merge branch 'https' of sindre/Beelance into master
pirms 5 gadiem
Sindre Stephansen
f31d593e3a
Add HTTPS support with a self signed certificate
Fixes #3
pirms 5 gadiem
6f6084a563
Update README
pirms 5 gadiem
15072a68a3
Update README.md, to include local host as possible IP for the application.
pirms 5 gadiem
8d1ef7f01f
Set example email config
pirms 5 gadiem
e3d02892d3
config for mailserver
pirms 5 gadiem
Jakob Notland
Jakob Notland
jakobsn