Mouse Reeve
89478ac87e
Merge pull request #2491 from chdorner/register-tz-support
...
Detect preferred timezone via JavaScript on register
2022-12-11 14:49:29 -08:00
Christof Dorner
13b262bb7b
Detect preferred timezone via JavaScript on register
2022-12-11 23:32:07 +01:00
Mouse Reeve
50a42dc0a2
Use user.reactivate when a user confirms their email address
...
This is cleaner and easier to maintain.
2022-12-11 11:44:04 -08:00
Mouse Reeve
70d639440e
Show impressum
2022-11-25 12:06:32 -08:00
Mouse Reeve
eae1866992
Allow users to temporarily deactivate their accounts ( #2324 )
2022-11-10 13:40:54 -08:00
Hugh Rundle
79b04c2240
various 2fa improvements
...
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
2022-10-15 07:47:20 +11:00
Hugh Rundle
28329c1781
use string for datetime in session
...
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
2022-10-15 07:47:20 +11:00
Hugh Rundle
6db4fb39ed
improve security and fix error msg
...
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
2022-10-15 07:47:20 +11:00
Hugh Rundle
9d12b7caff
make pylint stop grumbling
2022-10-15 07:47:20 +11:00
Hugh Rundle
1d13f0ab4f
lint
2022-10-15 07:47:20 +11:00
Hugh Rundle
8837495ffd
redirect login to 2fa check if active
2022-10-15 07:47:20 +11:00
Mouse Reeve
6947f3b787
Uses class method to get list of instance admins
...
Re-writing this query over and over is a bad approach
2022-09-19 10:43:52 -07:00
Mouse Reeve
8e2a8ec6e0
Removes improperly places csrf_exempt decorator
2022-07-29 13:40:40 -07:00
Mouse Reeve
3846b201bd
Updates reset password flow to use validators
2022-07-15 11:39:18 -07:00
Mouse Reeve
5ecd75ee24
Remove redirecting to "next"
...
This wasn't even particularly working
2022-07-14 12:54:02 -07:00
Mouse Reeve
69728439c8
Remove error reporting on resend to invalid email address
2022-07-14 12:23:43 -07:00
Mouse Reeve
7a772c7d3e
Use POST instead of GET for logout function
2022-07-10 09:30:39 -07:00
Mouse Reeve
fd5e513ad6
Update password reset copy so as not to reveal whether the email exists
...
A malicious user could use this to test which email addresses are in the
user database.
2022-07-06 19:34:00 -07:00
Mouse Reeve
a6cb46356f
Show clearer behavior when no email confirmation is needed after all
2022-04-26 08:14:31 -07:00
Mouse Reeve
78ac252dae
Python formatting
2022-03-19 12:08:57 -07:00
Mouse Reeve
4386d2ddb9
Switches resend email to modal
2022-03-19 12:00:16 -07:00
Mouse Reeve
23d0d3e2b7
Register admin user
2022-02-17 11:25:11 -08:00
Mouse Reeve
b4e0749f73
Disallow registration in install mode and adds redirects
2022-02-17 10:52:12 -08:00
Mouse Reeve
4ba375892a
Merge pull request #1793 from bookwyrm-social/more-caches
...
More caches
2022-01-10 11:25:26 -08:00
Mouse Reeve
0a182e8150
Caches query for landing page books
2022-01-09 13:04:41 -08:00
Mouse Reeve
599c79917e
Makes query to get admins unique
2022-01-08 18:44:32 -08:00
Mouse Reeve
26928252cd
Use cache
2022-01-08 11:44:04 -08:00
Mouse Reeve
bb4b724b1a
Updates queries
2022-01-08 11:26:15 -08:00
Mouse Reeve
a1e3ef1c79
Fixes pylint complaint
2022-01-06 18:47:14 -08:00
Hugh Rundle
e4be6a98e8
do not cache registration form
...
Fixes #1777
Caching the Landing view also caches the registration form, including the CSRF value.
This moves the caching into the recently reviewed books landing template which is presumably what we're trying to cache here, instead of caching the whole view.
NOTE: this fixes the problem with registration, I haven't done enough testing to be sure it actually still caches the recent reviews data.
2022-01-07 13:13:56 +11:00
Mouse Reeve
0f09759662
Separate out landing and about views files
2022-01-06 09:51:38 -08:00
Mouse Reeve
b8c72d75e5
Python formatting
2022-01-06 09:48:36 -08:00
Mouse Reeve
461bfd0ce7
Link to books
2022-01-06 09:47:46 -08:00
Mouse Reeve
d690224559
Use weighted averages
2022-01-06 09:39:51 -08:00
Mouse Reeve
840746754d
Fixes superlatives
2022-01-06 09:22:10 -08:00
Mouse Reeve
4caa68200f
Adds more info to the about page
2022-01-06 09:04:59 -08:00
Mouse Reeve
b855464396
Expands about pages
2022-01-05 21:42:41 -08:00
Mouse Reeve
b0fef8f0e3
Cache landing page
2022-01-05 15:53:01 -08:00
Mouse Reeve
14601a0c31
Don't error out on invalid login POST
...
Thanks, log4j exploit scanners, for catching this one
2021-12-28 14:50:28 -08:00
Mouse Reeve
290039ac66
Moves landing views into directory
2021-10-16 11:45:55 -07:00