Sindre Stephansen
4acd265951
Add QR image to set up authenticator
5 anos atrás
Sindre Stephansen
15384fb78d
Add two-factor authentication
Fixes #4
5 anos atrás
Sindre Stephansen
ac243db11b
Minor restructure to improve code usability and readability
5 anos atrás
Sindre Stephansen
d5b155a348
Set SMTP timeout
5 anos atrás
Sindre Stephansen
f7d309268f
Properly indent email messages
5 anos atrás
Sindre Stephansen
dd27cb68a4
Implement password reset
Fixes #2
5 anos atrás
Sindre Stephansen
46394af70f
Implement email registration
Fixes #1
5 anos atrás
Sindre Stephansen
b0bd63d0a1
Implement email. It almost works
The email works when sent from app.py, but not from any other file.
Also, it requires mysql-connector-python version 8.0.5, for some reason.
Right now the email is logged, so even if it couldn't get through the
server testing works.
5 anos atrás
Sindre Stephansen
cb0219dbba
Remove initial admin user, and change the database password
Fixes #7
5 anos atrás
Sindre Stephansen
442f6e1470
Prevent account enumeration when creating a project
Fixes #9
5 anos atrás
Sindre Stephansen
a4a1bd5451
Add a render helper that adds required globals
5 anos atrás
Sindre Stephansen
f8022f372f
Log user registration and invalid login attempts
Fixes #15
5 anos atrás
Sindre Stephansen
3c3cf6ebc7
Replace printing with logging in model files
5 anos atrás
Sindre Stephansen
a2b8932f39
Add setup for outputing nginx, uwsgi and python logs to files outside docker
5 anos atrás
Sindre Stephansen
593028b3fb
Fix OS remote code execution
Fixes #6
5 anos atrás
Sindre Stephansen
24bc79c575
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
5 anos atrás
Sindre Stephansen
9491cfd5dd
Implement stricter password policy
Fixes #22
5 anos atrás
Sindre Stephansen
9892487c44
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
5 anos atrás
Sindre Stephansen
4d562df0de
Minor fixes to code style in project files
5 anos atrás
Sindre Stephansen
4a2af0f574
Check permissions and ownership when changing a project
Fixes #10
5 anos atrás
Sindre Stephansen
9738a31915
Disable the debug error page
Fixes #11
5 anos atrás
Sindre Stephansen
d89ddd6228
Remove old static file
Fixes #23
5 anos atrás
Sindre Stephansen
e9b76013c3
Implement CSRF protection
Fixes #16
5 anos atrás
Sindre Stephansen
dafe82af0a
Make remember cookie HttpOnly
Fixes #24
5 anos atrás
Sindre Stephansen
1257cadf70
Secure remember cookie. This doesn't enable http-only
5 anos atrás
Sindre Stephansen
56c14f149f
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
5 anos atrás
Sindre Stephansen
ba8b2e6153
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
5 anos atrás
Sindre Stephansen
a21b56775d
Use bound variables instead of concatenation in SQL queries
Fixes #5
5 anos atrás
Sindre Stephansen
7629423772
Update mysql-connector dependency
Fixes #18
5 anos atrás
Sindre Stephansen
f31d593e3a
Add HTTPS support with a self signed certificate
Fixes #3
5 anos atrás
e3d02892d3
config for mailserver
5 anos atrás
b1bab743d0
Change permissions to grant usergroup access. This change does not add or remove any vulnerablities. But makes it possibe for different administrators to manage the repository.
5 anos atrás
b10c8b4866
Fix errorhandler bug
5 anos atrás
2ef59fd840
Bug in exceptionhandler
5 anos atrás
9388eda466
typo
5 anos atrás
016d5a63ee
Error handling to prevent database from crashing on too easy on sql injections
5 anos atrás
dfc0928f7c
Database exception handling
5 anos atrás
a696c319df
Add smtp server
5 anos atrás
212d0a9197
Accept zeros aswell
5 anos atrás
2cd20c5106
Uwsgi init file
5 anos atrás
96215ad1ff
NGINX skeleton for https
5 anos atrás
01ce46108c
update
5 anos atrás
3bb08a973f
Correctly use env variable to connect to database after image is running
6 anos atrás
8cedf0d58f
Set ip and ports from groupid environment variable
6 anos atrás
6f0754ce54
clean
6 anos atrás
cbe5cc7413
generate docs
6 anos atrás
4d85f51209
refactor
6 anos atrás
fa7148315c
polish
6 anos atrás
5e01105c3b
Connect database on every query, might prevent the database timeout
6 anos atrás
d44735afff
polish
6 anos atrás
jakobsn
Jakob Notland