 Sindre Stephansen
|
442f6e1470
|
Prevent account enumeration when creating a project
Fixes #9
|
5 years ago |
|
Sindre Stephansen
|
a4a1bd5451
|
Add a render helper that adds required globals
|
5 years ago |
|
Sindre Stephansen
|
4795a4fc90
|
Merge branch 'logging' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
6ab98ecdbd
|
Add log directory to gitignore
|
5 years ago |
|
Sindre Stephansen
|
f8022f372f
|
Log user registration and invalid login attempts
Fixes #15
|
5 years ago |
|
Sindre Stephansen
|
3c3cf6ebc7
|
Replace printing with logging in model files
|
5 years ago |
|
Sindre Stephansen
|
a2b8932f39
|
Add setup for outputing nginx, uwsgi and python logs to files outside docker
|
5 years ago |
|
Sindre Stephansen
|
608a60559b
|
Merge branch 'minor' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
593028b3fb
|
Fix OS remote code execution
Fixes #6
|
5 years ago |
|
Sindre Stephansen
|
454633f113
|
Merge branch 'minor' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
24bc79c575
|
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
|
5 years ago |
|
Sindre Stephansen
|
e103db3fb8
|
Merge remote-tracking branch 'gitea/master' into minor
|
5 years ago |
|
Sindre Stephansen
|
c10f4967cb
|
Merge branch 'minor' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
9491cfd5dd
|
Implement stricter password policy
Fixes #22
|
5 years ago |
|
Sindre Stephansen
|
9892487c44
|
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
|
5 years ago |
|
Sindre Stephansen
|
94dc16a0bb
|
Optimize Docker build
|
5 years ago |
|
Sindre Stephansen
|
57db08636e
|
Merge branch 'minor' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
4d562df0de
|
Minor fixes to code style in project files
|
5 years ago |
|
Sindre Stephansen
|
4a2af0f574
|
Check permissions and ownership when changing a project
Fixes #10
|
5 years ago |
|
Sindre Stephansen
|
09ef868038
|
Upgrade pip on build
|
5 years ago |
|
Sindre Stephansen
|
9738a31915
|
Disable the debug error page
Fixes #11
|
5 years ago |
|
Sindre Stephansen
|
b1242840a7
|
Add security headers
Fixes #26 and #12
|
5 years ago |
|
Sindre Stephansen
|
d89ddd6228
|
Remove old static file
Fixes #23
|
5 years ago |
|
Sindre Stephansen
|
8fd4e006ca
|
Merge branch 'master' of gitlab.stud.idi.ntnu.no:tdt4237-2020/group32
|
5 years ago |
|
Sindre Stephansen
|
30afd414f6
|
Merge branch 'csrf' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
e9b76013c3
|
Implement CSRF protection
Fixes #16
|
5 years ago |
|
Sindre Stephansen
|
35195b9622
|
Merge branch 'session-cookie' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
dafe82af0a
|
Make remember cookie HttpOnly
Fixes #24
|
5 years ago |
|
Sindre Stephansen
|
1257cadf70
|
Secure remember cookie. This doesn't enable http-only
|
5 years ago |
|
Sindre Stephansen
|
56c14f149f
|
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
|
5 years ago |
|
Sindre Stephansen
|
ba8b2e6153
|
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
|
5 years ago |
|
Sindre Stephansen
|
1e29c69150
|
Merge branch 'sql-injection' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
a21b56775d
|
Use bound variables instead of concatenation in SQL queries
Fixes #5
|
5 years ago |
|
Sindre Stephansen
|
7629423772
|
Update mysql-connector dependency
Fixes #18
|
5 years ago |
|
Sindre Stephansen
|
48c6151f34
|
Merge branch 'https' of sindre/Beelance into master
|
5 years ago |
|
Sindre Stephansen
|
f31d593e3a
|
Add HTTPS support with a self signed certificate
Fixes #3
|
5 years ago |
 Jakob Notland
|
6f6084a563
|
Update README
|
5 years ago |
 Jakob Notland
|
15072a68a3
|
Update README.md, to include local host as possible IP for the application.
|
5 years ago |
|
Jakob Notland
|
8d1ef7f01f
|
Set example email config
|
5 years ago |
 jakobsn
|
e3d02892d3
|
config for mailserver
|
5 years ago |
|
Jakob Notland
|
b1bab743d0
|
Change permissions to grant usergroup access. This change does not add or remove any vulnerablities. But makes it possibe for different administrators to manage the repository.
|
5 years ago |
|
Jakob Notland
|
4b7ebfcde2
|
Update README
|
5 years ago |
|
Jakob Notland
|
b10c8b4866
|
Fix errorhandler bug
|
5 years ago |
|
jakobsn
|
f55a9e50ef
|
Merge branch 'master' of https://gitlab.stud.idi.ntnu.no/tdt4237-2020/larepo
|
5 years ago |
|
jakobsn
|
2ef59fd840
|
Bug in exceptionhandler
|
5 years ago |
|
jakobsn
|
978b6a75ba
|
Update readme
|
5 years ago |
|
jakobsn
|
9388eda466
|
typo
|
5 years ago |
|
Jakob Notland
|
f5fdc210db
|
Bugfix
|
5 years ago |
|
Jakob Notland
|
25b92d3c2e
|
bugfix
|
5 years ago |
|
jakobsn
|
016d5a63ee
|
Error handling to prevent database from crashing on too easy on sql injections
|
5 years ago |
