mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-09-26 13:30:13 +00:00
Code Issues Projects Releases Wiki Activity
7910 commits 20 branches 36 tags 97 MiB
Commit graph

1291 commits

Author SHA1 Message Date
Hugh Rundle
f3768c3d92 code formatting fix 2022-10-15 07:47:20 +11:00
Hugh Rundle
79b04c2240 various 2fa improvements 
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
 2022-10-15 07:47:20 +11:00
Hugh Rundle
9d36722783 code formatting 2022-10-15 07:47:20 +11:00
Hugh Rundle
28329c1781 use string for datetime in session 
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
 2022-10-15 07:47:20 +11:00
Hugh Rundle
9b74c26742 backup codes 
- add hotp_secret to user model
- view to create backup codes in user prefs
- check backup code if otp doesn't work
- increment hotp count if used
- show correct errors if code wrong
 2022-10-15 07:47:20 +11:00
Hugh Rundle
5b244f06d6 fix error messages when setting up 2FA 2022-10-15 07:47:20 +11:00
Hugh Rundle
6db4fb39ed improve security and fix error msg 
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
 2022-10-15 07:47:20 +11:00
Hugh Rundle
9d12b7caff make pylint stop grumbling 2022-10-15 07:47:20 +11:00
Hugh Rundle
1d13f0ab4f lint 2022-10-15 07:47:20 +11:00
Hugh Rundle
8837495ffd redirect login to 2fa check if active 2022-10-15 07:47:20 +11:00
Hugh Rundle
2ec343c5db new views for capturing user for 2fa check 2022-10-15 07:47:20 +11:00
Hugh Rundle
0e1751eb57 prep for 2fa login check 
- new 2fa checker page to be inserted between initial login and completion of login
- new views and forms for above
 2022-10-15 07:47:20 +11:00
Hugh Rundle
54daade9f9 prepare for 2FA 
- add and migrate User fields for 2FA
- add views for 2FA
- add new forms for 2FA
- update package list in requirements.txt
- add URLs for 2FA views
 2022-10-15 07:47:20 +11:00
Mouse Reeve
3a73ced5fa Adds a couple tests to annual review views 
Also I tweaked the save functions so they don't broadcast
 2022-09-19 14:38:30 -07:00
Mouse Reeve
fdc477afdf
Merge pull request #2258 from bookwyrm-social/form-perms 
Check permissions automatically on form save
 2022-09-19 13:32:41 -07:00
Mouse Reeve
35aebacf70 Fixes theme form and adds view tests 2022-09-19 13:13:21 -07:00
Mouse Reeve
bf092ec44e Small fixes 2022-09-19 12:10:27 -07:00
Mouse Reeve
6947f3b787 Uses class method to get list of instance admins 
Re-writing this query over and over is a bad approach
 2022-09-19 10:43:52 -07:00
Mouse Reeve
9d8d85ebc1 Invite perms checks 2022-09-19 10:26:40 -07:00
Mouse Reeve
1e988cae6c More edit book lines 2022-09-19 10:26:29 -07:00
Mouse Reeve
be480e40f0 Updates links form saves 2022-09-19 10:18:30 -07:00
Mouse Reeve
3fd573c0da Check perms on site model form 2022-09-19 10:16:38 -07:00
Mouse Reeve
b0d8697006 Adds missing save in edit book view 2022-09-19 10:16:29 -07:00
Mouse Reeve
e51980bc12 Use BookWyrmModel as parent for admin models 
This will make them more internally consistent and give them built-in
permissions checking
 2022-09-19 09:35:38 -07:00
Mouse Reeve
b0236b95bd Merge branch 'main' into form-perms 2022-09-19 09:32:48 -07:00
Mouse Reeve
d76eae358f Show queues and runtime instead of start time 2022-09-15 10:53:08 -07:00
Mouse Reeve
3739bdbf81 Better comments 2022-09-15 09:49:58 -07:00
Mouse Reeve
0f55b76a93 Adds celery status view 2022-09-14 18:58:51 -07:00
Mouse Reeve
fcf796abe1 Null state for review view during imports 
Without this, it will show an empty progress bar and no info about why
the table is empty.
 2022-09-14 18:08:16 -07:00
Mouse Reeve
543d13af6e Removes explicit calls to raise_not_editable from views 
These raises are handled implicitly in the form, so they don't have to
be called outright.
 2022-09-08 11:03:06 -07:00
Mouse Reeve
351292fcda Catches places where form.save() needs the request 
Thank you, tests.
 2022-09-08 11:02:17 -07:00
Mouse Reeve
1f93dc9c62
Merge pull request #2260 from bookwyrm-social/mentions 
Refactors how mentions are collected
 2022-08-29 15:17:40 -07:00
Mouse Reeve
e782b3f360 Fixes logic that displays search remote or manually add link 2022-08-29 14:03:47 -07:00
Hugh Rundle
22495e40bd strip spaces from user search 
Strips leading and trailing spaces from user search to prevent errors when doing webfinger lookup.
Prior to this, webfinger user queries included everything after the second '@' as part of the hostname. This resulted in failed webfinger requests when there was one or more trailing spaces.
Fixes #2205
 2022-08-13 15:40:53 +10:00
Mouse Reeve
5c3bb2da13 Refactors how mentions are collected 
This should be quicker, because it queries the users in one go instead
of jumping straight to iterating over them, and it checks if a user
blocks the poster before allowing them to be tagged.
 2022-08-05 14:06:39 -07:00
Mouse Reeve
9d7ece47ef
Merge pull request #2254 from bookwyrm-social/fixes-search-pagination 
Fixes search pagination
 2022-08-05 12:32:47 -07:00
Mouse Reeve
9fad5b5623 Fixes isbn view 2022-08-05 11:44:10 -07:00
Mouse Reeve
8f79b362f8 Check permissions automatically on form save 2022-08-05 09:56:32 -07:00
Mouse Reeve
2894aa37a2 Fixes perms checks for groups 2022-08-05 09:12:48 -07:00
Mouse Reeve
b4cfda0587 Updates tests 2022-08-05 08:56:24 -07:00
Mouse Reeve
ed71b791c9 Python formatting 2022-08-04 12:19:26 -07:00
Mouse Reeve
48df5076e7 Use elided page range and paginate user and list results 2022-08-04 12:11:39 -07:00
Mouse Reeve
06d1936ac9 Fixes pagination of local search results 2022-08-04 12:04:13 -07:00
Mouse Reeve
3270d0a7d4
Merge pull request #2247 from bookwyrm-social/followers-following-views 
Merges follower/following views
 2022-08-02 11:59:06 -07:00
Mouse Reeve
d7bf348c77
Merge pull request #2249 from bookwyrm-social/crsf-exempt 
Removes improperly placed csrf_exempt decorator
 2022-07-29 13:49:29 -07:00
Mouse Reeve
8e2a8ec6e0 Removes improperly places csrf_exempt decorator 2022-07-29 13:40:40 -07:00
Mouse Reeve
96f1521239
Merge pull request #2248 from bookwyrm-social/list-suggestions 
Move list suggestions into helper function
 2022-07-29 13:27:04 -07:00
Mouse Reeve
d301cecc9f Move list suggestions into helper function 
The view was complicated, this makes it a little easier to read and
test.
 2022-07-29 13:15:24 -07:00
Mouse Reeve
23188dfc5f
Merge branch 'main' into followers-following-views 2022-07-29 13:09:30 -07:00
Mouse Reeve
d458001491 Merges follower/following views 
They were almost identical!
 2022-07-29 13:07:15 -07:00
Mouse Reeve
2837d0148f Checks permissions when saving a list 2022-07-28 11:44:04 -07:00
Mouse Reeve
ed20587695
Merge pull request #2168 from hughrun/tour 
Add guided tour / walkthrough
 2022-07-28 11:08:49 -07:00
Mouse Reeve
0217d36f7b Show lists to logged out viewers 
The activitystreams for lists require a logged in user, so this just
uses a simple database query of all public lists when there is no logged
in user.
 2022-07-23 20:42:40 -07:00
Hugh Rundle
17dc5e7eb1 Merge branch 'main' into tour 
- we need to do this because of conflicting migrations
 2022-07-17 16:30:45 +10:00
Mouse Reeve
086ec10849
Merge pull request #2229 from bookwyrm-social/password-validation 
Password validation
 2022-07-15 11:53:27 -07:00
Mouse Reeve
3846b201bd Updates reset password flow to use validators 2022-07-15 11:39:18 -07:00
Mouse Reeve
b62f8eff42 Updates method decorators 2022-07-15 10:59:35 -07:00
Mouse Reeve
659ee96002 Use password validation in change password flow 
This also moves the form validation into a form instead of doing it in
the view.
 2022-07-15 10:51:58 -07:00
Mouse Reeve
7fdfd0c9c7 Check permissions when creating a status 2022-07-15 09:26:52 -07:00
Mouse Reeve
5ecd75ee24 Remove redirecting to "next" 
This wasn't even particularly working
 2022-07-14 12:54:02 -07:00
Mouse Reeve
aa579605e0
Merge pull request #2224 from bookwyrm-social/email-not-found-text 
Remove error reporting on resend to invalid email address
 2022-07-14 12:34:14 -07:00
Mouse Reeve
69728439c8 Remove error reporting on resend to invalid email address 2022-07-14 12:23:43 -07:00
Mouse Reeve
c21864a1ac Merge branch 'main' into shelf-edit-perms 2022-07-14 11:50:27 -07:00
Mouse Reeve
4f1283ff52 Check editability before creating shelf 2022-07-14 11:42:59 -07:00
Mouse Reeve
661865de87 Remmoves insecure redirects 
This should really fundamentally work differently, but this is a quick
for for now to avoid an insecure redirect. There will be a negative
impact on user experience from this, and a followup change should look
into these views and improve their flow.
 2022-07-14 11:22:17 -07:00
Mouse Reeve
f1ae64543f
Merge pull request #2216 from bookwyrm-social/export-post 
Use HTTP post for CSV export
 2022-07-11 08:14:47 -07:00
Mouse Reeve
42e29e40b3 Use HTTP post for csv export 
Also fixes a missing translation string
 2022-07-11 07:51:51 -07:00
Mouse Reeve
f44b3cc4b2 Improves change password flow 
There are two changes: one is to require the current password to change
your password (which is a security improvement), and the other is error
reporting when you either get your current password wrong or your new
password doesn't match it's second entry.
 2022-07-10 20:05:54 -07:00
Mouse Reeve
7a772c7d3e Use POST instead of GET for logout function 2022-07-10 09:30:39 -07:00
Mouse Reeve
c092d952bd Adds test to catch notification error 2022-07-09 12:29:29 -07:00
Mouse Reeve
a7553c0b8c Return HttpResponse instead of redirects for AJAX follows 
This is more efficient, and most follow activities are ajax
 2022-07-09 12:20:18 -07:00
Hugh Rundle
ab5e4128e6 Merge branch 'main' into tour 
Also fixes conflict
 2022-07-09 20:54:48 +10:00
Mouse Reeve
bd6774fca8
Merge pull request #2202 from bookwyrm-social/settings-warnings 
New and improved warnings on the admin dashboard
 2022-07-08 15:39:23 -07:00
Mouse Reeve
36553ef2a9 Suppress protected-access warning on admin dashboard 2022-07-08 12:22:23 -07:00
Mouse Reeve
d0e986c283 Hide DMs from profile page 2022-07-08 12:19:51 -07:00
Mouse Reeve
ba7ae46c75 Adds warnings for missing privacy policies and codes of conduct 2022-07-08 11:59:21 -07:00
Mouse Reeve
be86fef42d Move deleted users to a separate tab 
Since there's nothing to be done with them, they get their own tab.
 2022-07-08 09:21:48 -07:00
Mouse Reeve
a972c58f3b Fixes errors in permissions 2022-07-07 14:01:51 -07:00
Mouse Reeve
742d97b177 Python formatting 2022-07-07 12:23:10 -07:00
Mouse Reeve
76c466ee45 Fixes cache invalidation for editions 
Your reading status is shown across all editions of a work, so when you
change your status in relation to the edition you're currently reading,
it needs to invalidate the cached values for all editions of that work.
 2022-07-07 12:21:24 -07:00
Mouse Reeve
0b7c8e8dc0
Merge pull request #2082 from bookwyrm-social/notifications 
Notifications refactor
 2022-07-07 09:34:19 -07:00
Mouse Reeve
fd5e513ad6 Update password reset copy so as not to reveal whether the email exists 
A malicious user could use this to test which email addresses are in the
user database.
 2022-07-06 19:34:00 -07:00
Mouse Reeve
cded3e973d Fixes html on notifications page 2022-07-06 19:16:14 -07:00
Mouse Reeve
5a6ef7ccd8 Merge branch 'main' into notifications 2022-07-06 14:41:15 -07:00
Mouse Reeve
dda6126329 Fixes typo in group notification 2022-07-06 14:33:45 -07:00
Mouse Reeve
7a9d320afd Expands automod view test 2022-07-06 10:52:50 -07:00
Mouse Reeve
f5638c1e44 Removed unused helper function 2022-07-06 10:05:55 -07:00
Mouse Reeve
4f386e8c4e Allow reports with no associated user 2022-07-05 17:19:03 -07:00
Mouse Reeve
736d29ea20 Updates group leave and remove notifications 2022-07-05 13:05:28 -07:00
Mouse Reeve
e2a50230c7 Fixes setting acces level to "user" 
This wasn't working because "user" isn't a group, it's the absense of
any group.
 2022-07-04 21:44:55 -07:00
Mouse Reeve
f76d661e07 Updates templates for fav notifications 2022-07-04 21:32:53 -07:00
Mouse Reeve
0cc2bc269e Updates view 2022-07-04 18:51:07 -07:00
Mouse Reeve
a718a168a3 Merge branch 'main' into notifications 2022-07-04 17:38:21 -07:00
Mouse Reeve
7f78140015 Uses library for html cleanup 2022-07-04 13:21:13 -07:00
Mouse Reeve
89165fd909 Creates helper function for creating charts 2022-07-03 08:28:24 -07:00
Hugh Rundle
b82cf887e2 linting fixes 2022-07-03 17:14:13 +10:00
Hugh Rundle
0e9dc66ffa Merge branch 'main' into tour 
Merging in latest changes from main, since I got covid and missed a few weeks.
 2022-07-03 16:18:50 +10:00
Mouse Reeve
516c4a9790 Add warning to dashboard if email sender looks misconfigured 
This can be a really obscure error, hopefully this warning will catch
potential issues.
 2022-07-02 21:11:23 -07:00
Mouse Reeve
13e23a868d Adds instance name filter to federated instance list view 
This lets you look for a specific server in your (probably very long)
instance list.
 2022-07-02 11:12:15 -07:00
Mouse Reeve
e0a67f5e18 Uses := syntax in user admin view 
I learned this! It's cool.
 2022-07-02 11:06:48 -07:00