Sindre Stephansen
4acd265951
Add QR image to set up authenticator
5 年之前
Sindre Stephansen
15384fb78d
Add two-factor authentication
Fixes #4
5 年之前
Sindre Stephansen
ac243db11b
Minor restructure to improve code usability and readability
5 年之前
Sindre Stephansen
d5b155a348
Set SMTP timeout
5 年之前
Sindre Stephansen
f7d309268f
Properly indent email messages
5 年之前
Sindre Stephansen
dd27cb68a4
Implement password reset
Fixes #2
5 年之前
Sindre Stephansen
46394af70f
Implement email registration
Fixes #1
5 年之前
Sindre Stephansen
b0bd63d0a1
Implement email. It almost works
The email works when sent from app.py, but not from any other file.
Also, it requires mysql-connector-python version 8.0.5, for some reason.
Right now the email is logged, so even if it couldn't get through the
server testing works.
5 年之前
Sindre Stephansen
cb0219dbba
Remove initial admin user, and change the database password
Fixes #7
5 年之前
Sindre Stephansen
442f6e1470
Prevent account enumeration when creating a project
Fixes #9
5 年之前
Sindre Stephansen
a4a1bd5451
Add a render helper that adds required globals
5 年之前
Sindre Stephansen
f8022f372f
Log user registration and invalid login attempts
Fixes #15
5 年之前
Sindre Stephansen
3c3cf6ebc7
Replace printing with logging in model files
5 年之前
Sindre Stephansen
a2b8932f39
Add setup for outputing nginx, uwsgi and python logs to files outside docker
5 年之前
Sindre Stephansen
593028b3fb
Fix OS remote code execution
Fixes #6
5 年之前
Sindre Stephansen
24bc79c575
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
5 年之前
Sindre Stephansen
9491cfd5dd
Implement stricter password policy
Fixes #22
5 年之前
Sindre Stephansen
9892487c44
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
5 年之前
Sindre Stephansen
4d562df0de
Minor fixes to code style in project files
5 年之前
Sindre Stephansen
4a2af0f574
Check permissions and ownership when changing a project
Fixes #10
5 年之前
Sindre Stephansen
9738a31915
Disable the debug error page
Fixes #11
5 年之前
Sindre Stephansen
d89ddd6228
Remove old static file
Fixes #23
5 年之前
Sindre Stephansen
e9b76013c3
Implement CSRF protection
Fixes #16
5 年之前
Sindre Stephansen
dafe82af0a
Make remember cookie HttpOnly
Fixes #24
5 年之前
Sindre Stephansen
1257cadf70
Secure remember cookie. This doesn't enable http-only
5 年之前
Sindre Stephansen
56c14f149f
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
5 年之前
Sindre Stephansen
ba8b2e6153
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
5 年之前
Sindre Stephansen
a21b56775d
Use bound variables instead of concatenation in SQL queries
Fixes #5
5 年之前
Sindre Stephansen
7629423772
Update mysql-connector dependency
Fixes #18
5 年之前
Sindre Stephansen
f31d593e3a
Add HTTPS support with a self signed certificate
Fixes #3
5 年之前
e3d02892d3
config for mailserver
5 年之前
b1bab743d0
Change permissions to grant usergroup access. This change does not add or remove any vulnerablities. But makes it possibe for different administrators to manage the repository.
5 年之前
b10c8b4866
Fix errorhandler bug
5 年之前
2ef59fd840
Bug in exceptionhandler
5 年之前
9388eda466
typo
5 年之前
016d5a63ee
Error handling to prevent database from crashing on too easy on sql injections
5 年之前
dfc0928f7c
Database exception handling
5 年之前
a696c319df
Add smtp server
5 年之前
212d0a9197
Accept zeros aswell
5 年之前
2cd20c5106
Uwsgi init file
5 年之前
96215ad1ff
NGINX skeleton for https
5 年之前
01ce46108c
update
5 年之前
3bb08a973f
Correctly use env variable to connect to database after image is running
6 年之前
8cedf0d58f
Set ip and ports from groupid environment variable
6 年之前
6f0754ce54
clean
6 年之前
cbe5cc7413
generate docs
6 年之前
4d85f51209
refactor
6 年之前
fa7148315c
polish
6 年之前
5e01105c3b
Connect database on every query, might prevent the database timeout
6 年之前
d44735afff
polish
6 年之前
jakobsn
Jakob Notland