Hugh Rundle
f3768c3d92
code formatting fix
2022-10-15 07:47:20 +11:00
Hugh Rundle
79b04c2240
various 2fa improvements
...
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
2022-10-15 07:47:20 +11:00
Hugh Rundle
9d36722783
code formatting
2022-10-15 07:47:20 +11:00
Hugh Rundle
28329c1781
use string for datetime in session
...
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
2022-10-15 07:47:20 +11:00
Hugh Rundle
9b74c26742
backup codes
...
- add hotp_secret to user model
- view to create backup codes in user prefs
- check backup code if otp doesn't work
- increment hotp count if used
- show correct errors if code wrong
2022-10-15 07:47:20 +11:00
Hugh Rundle
5b244f06d6
fix error messages when setting up 2FA
2022-10-15 07:47:20 +11:00
Hugh Rundle
6db4fb39ed
improve security and fix error msg
...
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
2022-10-15 07:47:20 +11:00
Hugh Rundle
9d12b7caff
make pylint stop grumbling
2022-10-15 07:47:20 +11:00
Hugh Rundle
1d13f0ab4f
lint
2022-10-15 07:47:20 +11:00
Hugh Rundle
8837495ffd
redirect login to 2fa check if active
2022-10-15 07:47:20 +11:00
Hugh Rundle
2ec343c5db
new views for capturing user for 2fa check
2022-10-15 07:47:20 +11:00
Hugh Rundle
0e1751eb57
prep for 2fa login check
...
- new 2fa checker page to be inserted between initial login and completion of login
- new views and forms for above
2022-10-15 07:47:20 +11:00
Hugh Rundle
54daade9f9
prepare for 2FA
...
- add and migrate User fields for 2FA
- add views for 2FA
- add new forms for 2FA
- update package list in requirements.txt
- add URLs for 2FA views
2022-10-15 07:47:20 +11:00
Mouse Reeve
3a73ced5fa
Adds a couple tests to annual review views
...
Also I tweaked the save functions so they don't broadcast
2022-09-19 14:38:30 -07:00
Mouse Reeve
fdc477afdf
Merge pull request #2258 from bookwyrm-social/form-perms
...
Check permissions automatically on form save
2022-09-19 13:32:41 -07:00
Mouse Reeve
35aebacf70
Fixes theme form and adds view tests
2022-09-19 13:13:21 -07:00
Mouse Reeve
bf092ec44e
Small fixes
2022-09-19 12:10:27 -07:00
Mouse Reeve
6947f3b787
Uses class method to get list of instance admins
...
Re-writing this query over and over is a bad approach
2022-09-19 10:43:52 -07:00
Mouse Reeve
9d8d85ebc1
Invite perms checks
2022-09-19 10:26:40 -07:00
Mouse Reeve
1e988cae6c
More edit book lines
2022-09-19 10:26:29 -07:00
Mouse Reeve
be480e40f0
Updates links form saves
2022-09-19 10:18:30 -07:00
Mouse Reeve
3fd573c0da
Check perms on site model form
2022-09-19 10:16:38 -07:00
Mouse Reeve
b0d8697006
Adds missing save in edit book view
2022-09-19 10:16:29 -07:00
Mouse Reeve
e51980bc12
Use BookWyrmModel as parent for admin models
...
This will make them more internally consistent and give them built-in
permissions checking
2022-09-19 09:35:38 -07:00
Mouse Reeve
b0236b95bd
Merge branch 'main' into form-perms
2022-09-19 09:32:48 -07:00
Mouse Reeve
d76eae358f
Show queues and runtime instead of start time
2022-09-15 10:53:08 -07:00
Mouse Reeve
3739bdbf81
Better comments
2022-09-15 09:49:58 -07:00
Mouse Reeve
0f55b76a93
Adds celery status view
2022-09-14 18:58:51 -07:00
Mouse Reeve
fcf796abe1
Null state for review view during imports
...
Without this, it will show an empty progress bar and no info about why
the table is empty.
2022-09-14 18:08:16 -07:00
Mouse Reeve
543d13af6e
Removes explicit calls to raise_not_editable from views
...
These raises are handled implicitly in the form, so they don't have to
be called outright.
2022-09-08 11:03:06 -07:00
Mouse Reeve
351292fcda
Catches places where form.save() needs the request
...
Thank you, tests.
2022-09-08 11:02:17 -07:00
Mouse Reeve
1f93dc9c62
Merge pull request #2260 from bookwyrm-social/mentions
...
Refactors how mentions are collected
2022-08-29 15:17:40 -07:00
Mouse Reeve
e782b3f360
Fixes logic that displays search remote or manually add link
2022-08-29 14:03:47 -07:00
Hugh Rundle
22495e40bd
strip spaces from user search
...
Strips leading and trailing spaces from user search to prevent errors when doing webfinger lookup.
Prior to this, webfinger user queries included everything after the second '@' as part of the hostname. This resulted in failed webfinger requests when there was one or more trailing spaces.
Fixes #2205
2022-08-13 15:40:53 +10:00
Mouse Reeve
5c3bb2da13
Refactors how mentions are collected
...
This should be quicker, because it queries the users in one go instead
of jumping straight to iterating over them, and it checks if a user
blocks the poster before allowing them to be tagged.
2022-08-05 14:06:39 -07:00
Mouse Reeve
9d7ece47ef
Merge pull request #2254 from bookwyrm-social/fixes-search-pagination
...
Fixes search pagination
2022-08-05 12:32:47 -07:00
Mouse Reeve
9fad5b5623
Fixes isbn view
2022-08-05 11:44:10 -07:00
Mouse Reeve
8f79b362f8
Check permissions automatically on form save
2022-08-05 09:56:32 -07:00
Mouse Reeve
2894aa37a2
Fixes perms checks for groups
2022-08-05 09:12:48 -07:00
Mouse Reeve
b4cfda0587
Updates tests
2022-08-05 08:56:24 -07:00
Mouse Reeve
ed71b791c9
Python formatting
2022-08-04 12:19:26 -07:00
Mouse Reeve
48df5076e7
Use elided page range and paginate user and list results
2022-08-04 12:11:39 -07:00
Mouse Reeve
06d1936ac9
Fixes pagination of local search results
2022-08-04 12:04:13 -07:00
Mouse Reeve
3270d0a7d4
Merge pull request #2247 from bookwyrm-social/followers-following-views
...
Merges follower/following views
2022-08-02 11:59:06 -07:00
Mouse Reeve
d7bf348c77
Merge pull request #2249 from bookwyrm-social/crsf-exempt
...
Removes improperly placed csrf_exempt decorator
2022-07-29 13:49:29 -07:00
Mouse Reeve
8e2a8ec6e0
Removes improperly places csrf_exempt decorator
2022-07-29 13:40:40 -07:00
Mouse Reeve
96f1521239
Merge pull request #2248 from bookwyrm-social/list-suggestions
...
Move list suggestions into helper function
2022-07-29 13:27:04 -07:00
Mouse Reeve
d301cecc9f
Move list suggestions into helper function
...
The view was complicated, this makes it a little easier to read and
test.
2022-07-29 13:15:24 -07:00
Mouse Reeve
23188dfc5f
Merge branch 'main' into followers-following-views
2022-07-29 13:09:30 -07:00
Mouse Reeve
d458001491
Merges follower/following views
...
They were almost identical!
2022-07-29 13:07:15 -07:00
Mouse Reeve
2837d0148f
Checks permissions when saving a list
2022-07-28 11:44:04 -07:00
Mouse Reeve
ed20587695
Merge pull request #2168 from hughrun/tour
...
Add guided tour / walkthrough
2022-07-28 11:08:49 -07:00
Mouse Reeve
0217d36f7b
Show lists to logged out viewers
...
The activitystreams for lists require a logged in user, so this just
uses a simple database query of all public lists when there is no logged
in user.
2022-07-23 20:42:40 -07:00
Hugh Rundle
17dc5e7eb1
Merge branch 'main' into tour
...
- we need to do this because of conflicting migrations
2022-07-17 16:30:45 +10:00
Mouse Reeve
086ec10849
Merge pull request #2229 from bookwyrm-social/password-validation
...
Password validation
2022-07-15 11:53:27 -07:00
Mouse Reeve
3846b201bd
Updates reset password flow to use validators
2022-07-15 11:39:18 -07:00
Mouse Reeve
b62f8eff42
Updates method decorators
2022-07-15 10:59:35 -07:00
Mouse Reeve
659ee96002
Use password validation in change password flow
...
This also moves the form validation into a form instead of doing it in
the view.
2022-07-15 10:51:58 -07:00
Mouse Reeve
7fdfd0c9c7
Check permissions when creating a status
2022-07-15 09:26:52 -07:00
Mouse Reeve
5ecd75ee24
Remove redirecting to "next"
...
This wasn't even particularly working
2022-07-14 12:54:02 -07:00
Mouse Reeve
aa579605e0
Merge pull request #2224 from bookwyrm-social/email-not-found-text
...
Remove error reporting on resend to invalid email address
2022-07-14 12:34:14 -07:00
Mouse Reeve
69728439c8
Remove error reporting on resend to invalid email address
2022-07-14 12:23:43 -07:00
Mouse Reeve
c21864a1ac
Merge branch 'main' into shelf-edit-perms
2022-07-14 11:50:27 -07:00
Mouse Reeve
4f1283ff52
Check editability before creating shelf
2022-07-14 11:42:59 -07:00
Mouse Reeve
661865de87
Remmoves insecure redirects
...
This should really fundamentally work differently, but this is a quick
for for now to avoid an insecure redirect. There will be a negative
impact on user experience from this, and a followup change should look
into these views and improve their flow.
2022-07-14 11:22:17 -07:00
Mouse Reeve
f1ae64543f
Merge pull request #2216 from bookwyrm-social/export-post
...
Use HTTP post for CSV export
2022-07-11 08:14:47 -07:00
Mouse Reeve
42e29e40b3
Use HTTP post for csv export
...
Also fixes a missing translation string
2022-07-11 07:51:51 -07:00
Mouse Reeve
f44b3cc4b2
Improves change password flow
...
There are two changes: one is to require the current password to change
your password (which is a security improvement), and the other is error
reporting when you either get your current password wrong or your new
password doesn't match it's second entry.
2022-07-10 20:05:54 -07:00
Mouse Reeve
7a772c7d3e
Use POST instead of GET for logout function
2022-07-10 09:30:39 -07:00
Mouse Reeve
c092d952bd
Adds test to catch notification error
2022-07-09 12:29:29 -07:00
Mouse Reeve
a7553c0b8c
Return HttpResponse instead of redirects for AJAX follows
...
This is more efficient, and most follow activities are ajax
2022-07-09 12:20:18 -07:00
Hugh Rundle
ab5e4128e6
Merge branch 'main' into tour
...
Also fixes conflict
2022-07-09 20:54:48 +10:00
Mouse Reeve
bd6774fca8
Merge pull request #2202 from bookwyrm-social/settings-warnings
...
New and improved warnings on the admin dashboard
2022-07-08 15:39:23 -07:00
Mouse Reeve
36553ef2a9
Suppress protected-access warning on admin dashboard
2022-07-08 12:22:23 -07:00
Mouse Reeve
d0e986c283
Hide DMs from profile page
2022-07-08 12:19:51 -07:00
Mouse Reeve
ba7ae46c75
Adds warnings for missing privacy policies and codes of conduct
2022-07-08 11:59:21 -07:00
Mouse Reeve
be86fef42d
Move deleted users to a separate tab
...
Since there's nothing to be done with them, they get their own tab.
2022-07-08 09:21:48 -07:00
Mouse Reeve
a972c58f3b
Fixes errors in permissions
2022-07-07 14:01:51 -07:00
Mouse Reeve
742d97b177
Python formatting
2022-07-07 12:23:10 -07:00
Mouse Reeve
76c466ee45
Fixes cache invalidation for editions
...
Your reading status is shown across all editions of a work, so when you
change your status in relation to the edition you're currently reading,
it needs to invalidate the cached values for all editions of that work.
2022-07-07 12:21:24 -07:00
Mouse Reeve
0b7c8e8dc0
Merge pull request #2082 from bookwyrm-social/notifications
...
Notifications refactor
2022-07-07 09:34:19 -07:00
Mouse Reeve
fd5e513ad6
Update password reset copy so as not to reveal whether the email exists
...
A malicious user could use this to test which email addresses are in the
user database.
2022-07-06 19:34:00 -07:00
Mouse Reeve
cded3e973d
Fixes html on notifications page
2022-07-06 19:16:14 -07:00
Mouse Reeve
5a6ef7ccd8
Merge branch 'main' into notifications
2022-07-06 14:41:15 -07:00
Mouse Reeve
dda6126329
Fixes typo in group notification
2022-07-06 14:33:45 -07:00
Mouse Reeve
7a9d320afd
Expands automod view test
2022-07-06 10:52:50 -07:00
Mouse Reeve
f5638c1e44
Removed unused helper function
2022-07-06 10:05:55 -07:00
Mouse Reeve
4f386e8c4e
Allow reports with no associated user
2022-07-05 17:19:03 -07:00
Mouse Reeve
736d29ea20
Updates group leave and remove notifications
2022-07-05 13:05:28 -07:00
Mouse Reeve
e2a50230c7
Fixes setting acces level to "user"
...
This wasn't working because "user" isn't a group, it's the absense of
any group.
2022-07-04 21:44:55 -07:00
Mouse Reeve
f76d661e07
Updates templates for fav notifications
2022-07-04 21:32:53 -07:00
Mouse Reeve
0cc2bc269e
Updates view
2022-07-04 18:51:07 -07:00
Mouse Reeve
a718a168a3
Merge branch 'main' into notifications
2022-07-04 17:38:21 -07:00
Mouse Reeve
7f78140015
Uses library for html cleanup
2022-07-04 13:21:13 -07:00
Mouse Reeve
89165fd909
Creates helper function for creating charts
2022-07-03 08:28:24 -07:00
Hugh Rundle
b82cf887e2
linting fixes
2022-07-03 17:14:13 +10:00
Hugh Rundle
0e9dc66ffa
Merge branch 'main' into tour
...
Merging in latest changes from main, since I got covid and missed a few weeks.
2022-07-03 16:18:50 +10:00
Mouse Reeve
516c4a9790
Add warning to dashboard if email sender looks misconfigured
...
This can be a really obscure error, hopefully this warning will catch
potential issues.
2022-07-02 21:11:23 -07:00
Mouse Reeve
13e23a868d
Adds instance name filter to federated instance list view
...
This lets you look for a specific server in your (probably very long)
instance list.
2022-07-02 11:12:15 -07:00
Mouse Reeve
e0a67f5e18
Uses := syntax in user admin view
...
I learned this! It's cool.
2022-07-02 11:06:48 -07:00