Sindre Stephansen
4acd265951
Add QR image to set up authenticator
5 лет назад
Sindre Stephansen
15384fb78d
Add two-factor authentication
Fixes #4
5 лет назад
Sindre Stephansen
ac243db11b
Minor restructure to improve code usability and readability
5 лет назад
Sindre Stephansen
d5b155a348
Set SMTP timeout
5 лет назад
Sindre Stephansen
f7d309268f
Properly indent email messages
5 лет назад
Sindre Stephansen
dd27cb68a4
Implement password reset
Fixes #2
5 лет назад
Sindre Stephansen
46394af70f
Implement email registration
Fixes #1
5 лет назад
Sindre Stephansen
b0bd63d0a1
Implement email. It almost works
The email works when sent from app.py, but not from any other file.
Also, it requires mysql-connector-python version 8.0.5, for some reason.
Right now the email is logged, so even if it couldn't get through the
server testing works.
5 лет назад
Sindre Stephansen
7f62b906cb
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
cb0219dbba
Remove initial admin user, and change the database password
Fixes #7
5 лет назад
Sindre Stephansen
5fee2971bd
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
442f6e1470
Prevent account enumeration when creating a project
Fixes #9
5 лет назад
Sindre Stephansen
a4a1bd5451
Add a render helper that adds required globals
5 лет назад
Sindre Stephansen
4795a4fc90
Merge branch 'logging' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
6ab98ecdbd
Add log directory to gitignore
5 лет назад
Sindre Stephansen
f8022f372f
Log user registration and invalid login attempts
Fixes #15
5 лет назад
Sindre Stephansen
3c3cf6ebc7
Replace printing with logging in model files
5 лет назад
Sindre Stephansen
a2b8932f39
Add setup for outputing nginx, uwsgi and python logs to files outside docker
5 лет назад
Sindre Stephansen
608a60559b
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
593028b3fb
Fix OS remote code execution
Fixes #6
5 лет назад
Sindre Stephansen
454633f113
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
24bc79c575
Implement protection from brute-force attacks
The implementation enforces a timeout of one minute after three or
more incorrect login attempts for an account.
Fixes #8
5 лет назад
Sindre Stephansen
e103db3fb8
Merge remote-tracking branch 'gitea/master' into minor
5 лет назад
Sindre Stephansen
c10f4967cb
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
9491cfd5dd
Implement stricter password policy
Fixes #22
5 лет назад
Sindre Stephansen
9892487c44
Implement better password security
The new scheme uses bcrypt and a random salt for each user.
This is not compatible with old passwords.
Fixes #13
5 лет назад
Sindre Stephansen
94dc16a0bb
Optimize Docker build
5 лет назад
Sindre Stephansen
57db08636e
Merge branch 'minor' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
4d562df0de
Minor fixes to code style in project files
5 лет назад
Sindre Stephansen
4a2af0f574
Check permissions and ownership when changing a project
Fixes #10
5 лет назад
Sindre Stephansen
09ef868038
Upgrade pip on build
5 лет назад
Sindre Stephansen
9738a31915
Disable the debug error page
Fixes #11
5 лет назад
Sindre Stephansen
b1242840a7
Add security headers
Fixes #26 and #12
5 лет назад
Sindre Stephansen
d89ddd6228
Remove old static file
Fixes #23
5 лет назад
Sindre Stephansen
8fd4e006ca
Merge branch 'master' of gitlab.stud.idi.ntnu.no:tdt4237-2020/group32
5 лет назад
Sindre Stephansen
30afd414f6
Merge branch 'csrf' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
e9b76013c3
Implement CSRF protection
Fixes #16
5 лет назад
Sindre Stephansen
35195b9622
Merge branch 'session-cookie' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
dafe82af0a
Make remember cookie HttpOnly
Fixes #24
5 лет назад
Sindre Stephansen
1257cadf70
Secure remember cookie. This doesn't enable http-only
5 лет назад
Sindre Stephansen
56c14f149f
Reduce remember cookie expiry, and enforce by storing it in the database
Fixes #14
5 лет назад
Sindre Stephansen
ba8b2e6153
Use random string for remember cookie, replacing deserialization
The random string token is stored in the database, and is revoked when
the user logs out.
Fixes #17
5 лет назад
Sindre Stephansen
1e29c69150
Merge branch 'sql-injection' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
a21b56775d
Use bound variables instead of concatenation in SQL queries
Fixes #5
5 лет назад
Sindre Stephansen
7629423772
Update mysql-connector dependency
Fixes #18
5 лет назад
Sindre Stephansen
48c6151f34
Merge branch 'https' of sindre/Beelance into master
5 лет назад
Sindre Stephansen
f31d593e3a
Add HTTPS support with a self signed certificate
Fixes #3
5 лет назад
6f6084a563
Update README
5 лет назад
15072a68a3
Update README.md, to include local host as possible IP for the application.
5 лет назад
8d1ef7f01f
Set example email config
5 лет назад
Jakob Notland
Jakob Notland