mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-09-25 21:10:02 +00:00
Code Issues Projects Releases Wiki Activity
7910 commits 20 branches 36 tags 97 MiB
Commit graph

40 commits

Author SHA1 Message Date
Mouse Reeve
89478ac87e
Merge pull request #2491 from chdorner/register-tz-support 
Detect preferred timezone via JavaScript on register
 2022-12-11 14:49:29 -08:00
Christof Dorner
13b262bb7b Detect preferred timezone via JavaScript on register 2022-12-11 23:32:07 +01:00
Mouse Reeve
50a42dc0a2 Use user.reactivate when a user confirms their email address 
This is cleaner and easier to maintain.
 2022-12-11 11:44:04 -08:00
Mouse Reeve
70d639440e Show impressum 2022-11-25 12:06:32 -08:00
Mouse Reeve
eae1866992
Allow users to temporarily deactivate their accounts (#2324) 2022-11-10 13:40:54 -08:00
Hugh Rundle
79b04c2240 various 2fa improvements 
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
 2022-10-15 07:47:20 +11:00
Hugh Rundle
28329c1781 use string for datetime in session 
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
 2022-10-15 07:47:20 +11:00
Hugh Rundle
6db4fb39ed improve security and fix error msg 
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
 2022-10-15 07:47:20 +11:00
Hugh Rundle
9d12b7caff make pylint stop grumbling 2022-10-15 07:47:20 +11:00
Hugh Rundle
1d13f0ab4f lint 2022-10-15 07:47:20 +11:00
Hugh Rundle
8837495ffd redirect login to 2fa check if active 2022-10-15 07:47:20 +11:00
Mouse Reeve
6947f3b787 Uses class method to get list of instance admins 
Re-writing this query over and over is a bad approach
 2022-09-19 10:43:52 -07:00
Mouse Reeve
8e2a8ec6e0 Removes improperly places csrf_exempt decorator 2022-07-29 13:40:40 -07:00
Mouse Reeve
3846b201bd Updates reset password flow to use validators 2022-07-15 11:39:18 -07:00
Mouse Reeve
5ecd75ee24 Remove redirecting to "next" 
This wasn't even particularly working
 2022-07-14 12:54:02 -07:00
Mouse Reeve
69728439c8 Remove error reporting on resend to invalid email address 2022-07-14 12:23:43 -07:00
Mouse Reeve
7a772c7d3e Use POST instead of GET for logout function 2022-07-10 09:30:39 -07:00
Mouse Reeve
fd5e513ad6 Update password reset copy so as not to reveal whether the email exists 
A malicious user could use this to test which email addresses are in the
user database.
 2022-07-06 19:34:00 -07:00
Mouse Reeve
a6cb46356f Show clearer behavior when no email confirmation is needed after all 2022-04-26 08:14:31 -07:00
Mouse Reeve
78ac252dae Python formatting 2022-03-19 12:08:57 -07:00
Mouse Reeve
4386d2ddb9 Switches resend email to modal 2022-03-19 12:00:16 -07:00
Mouse Reeve
23d0d3e2b7 Register admin user 2022-02-17 11:25:11 -08:00
Mouse Reeve
b4e0749f73 Disallow registration in install mode and adds redirects 2022-02-17 10:52:12 -08:00
Mouse Reeve
4ba375892a
Merge pull request #1793 from bookwyrm-social/more-caches 
More caches
 2022-01-10 11:25:26 -08:00
Mouse Reeve
0a182e8150 Caches query for landing page books 2022-01-09 13:04:41 -08:00
Mouse Reeve
599c79917e Makes query to get admins unique 2022-01-08 18:44:32 -08:00
Mouse Reeve
26928252cd Use cache 2022-01-08 11:44:04 -08:00
Mouse Reeve
bb4b724b1a Updates queries 2022-01-08 11:26:15 -08:00
Mouse Reeve
a1e3ef1c79
Fixes pylint complaint 2022-01-06 18:47:14 -08:00
Hugh Rundle
e4be6a98e8
do not cache registration form 
Fixes #1777

Caching the Landing view also caches the registration form, including the CSRF value.

This moves the caching into the recently reviewed books landing template which is presumably what we're trying to cache here, instead of caching the whole view.

NOTE: this fixes the problem with registration, I haven't done enough testing to be sure it actually still caches the recent reviews data.
 2022-01-07 13:13:56 +11:00
Mouse Reeve
0f09759662 Separate out landing and about views files 2022-01-06 09:51:38 -08:00
Mouse Reeve
b8c72d75e5 Python formatting 2022-01-06 09:48:36 -08:00
Mouse Reeve
461bfd0ce7 Link to books 2022-01-06 09:47:46 -08:00
Mouse Reeve
d690224559 Use weighted averages 2022-01-06 09:39:51 -08:00
Mouse Reeve
840746754d Fixes superlatives 2022-01-06 09:22:10 -08:00
Mouse Reeve
4caa68200f Adds more info to the about page 2022-01-06 09:04:59 -08:00
Mouse Reeve
b855464396 Expands about pages 2022-01-05 21:42:41 -08:00
Mouse Reeve
b0fef8f0e3 Cache landing page 2022-01-05 15:53:01 -08:00
Mouse Reeve
14601a0c31 Don't error out on invalid login POST 
Thanks, log4j exploit scanners, for catching this one
 2021-12-28 14:50:28 -08:00
Mouse Reeve
290039ac66 Moves landing views into directory 2021-10-16 11:45:55 -07:00