Mouse Reeve
c375e842ad
Merge pull request #2294 from hughrun/otp
...
Enable optional 2FA
2022-10-20 20:40:00 -07:00
Hugh Rundle
3d95916b55
handle 2fa user exception properly
2022-10-15 07:47:20 +11:00
Hugh Rundle
32e4f7718e
pylint is being pedantic
2022-10-15 07:47:20 +11:00
Hugh Rundle
cf1fae6af8
return Bad Request if 2fa user does not exist
2022-10-15 07:47:20 +11:00
Hugh Rundle
905aa66f38
add test_post_login_with_2fa
2022-10-15 07:47:20 +11:00
Hugh Rundle
a1c3f15d80
remove unused import
2022-10-15 07:47:20 +11:00
Hugh Rundle
f55adbadf4
fix 2fa tests
2022-10-15 07:47:20 +11:00
Hugh Rundle
cffbf82ddb
DRY footer for 2FA pages
2022-10-15 07:47:20 +11:00
Hugh Rundle
f3768c3d92
code formatting fix
2022-10-15 07:47:20 +11:00
Hugh Rundle
79b04c2240
various 2fa improvements
...
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
2022-10-15 07:47:20 +11:00
Hugh Rundle
aefc7a23bc
fix 2fa templates
...
- translate all strings
- do not embed svg element inside svg element
- fix sizing of input for confirming 2fa setup
2022-10-15 07:47:20 +11:00
Hugh Rundle
e1513bf98d
amend nginx rate limiting urls
2022-10-15 07:47:20 +11:00
Hugh Rundle
da613c9b26
ugh forgot to run black
2022-10-15 07:47:20 +11:00
Hugh Rundle
fda150fa0d
resolve migration conflict
2022-10-15 07:47:20 +11:00
Hugh Rundle
119b4bf2ff
clean up tests
...
- remove unnecessary crap
- add missing tests
2022-10-15 07:47:20 +11:00
Hugh Rundle
9d36722783
code formatting
2022-10-15 07:47:20 +11:00
Hugh Rundle
b63d4bec60
add tests for 2fa
2022-10-15 07:47:20 +11:00
Hugh Rundle
28329c1781
use string for datetime in session
...
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
2022-10-15 07:47:20 +11:00
Hugh Rundle
e1b1bb20dc
make password field less goofy in 2fa screen
2022-10-15 07:47:20 +11:00
Hugh Rundle
9b74c26742
backup codes
...
- add hotp_secret to user model
- view to create backup codes in user prefs
- check backup code if otp doesn't work
- increment hotp count if used
- show correct errors if code wrong
2022-10-15 07:47:20 +11:00
Hugh Rundle
9616abb6bd
clean up 2fa prompt page
2022-10-15 07:47:20 +11:00
Hugh Rundle
5b244f06d6
fix error messages when setting up 2FA
2022-10-15 07:47:20 +11:00
Hugh Rundle
6db4fb39ed
improve security and fix error msg
...
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
2022-10-15 07:47:20 +11:00
Hugh Rundle
9d12b7caff
make pylint stop grumbling
2022-10-15 07:47:20 +11:00
Hugh Rundle
1d13f0ab4f
lint
2022-10-15 07:47:20 +11:00
Hugh Rundle
8837495ffd
redirect login to 2fa check if active
2022-10-15 07:47:20 +11:00
Hugh Rundle
2ec343c5db
new views for capturing user for 2fa check
2022-10-15 07:47:20 +11:00
Hugh Rundle
f26ac1ccde
2fa page templates
2022-10-15 07:47:20 +11:00
Hugh Rundle
0e1751eb57
prep for 2fa login check
...
- new 2fa checker page to be inserted between initial login and completion of login
- new views and forms for above
2022-10-15 07:47:20 +11:00
Hugh Rundle
514762c233
fix typo in new user fields
...
oopsie
2022-10-15 07:47:20 +11:00
Hugh Rundle
aca5c19f70
2fa templates
...
- new page templates for 2FA
- add 2FA to menu in user preferences
2022-10-15 07:47:20 +11:00
Hugh Rundle
54daade9f9
prepare for 2FA
...
- add and migrate User fields for 2FA
- add views for 2FA
- add new forms for 2FA
- update package list in requirements.txt
- add URLs for 2FA views
2022-10-15 07:47:20 +11:00
Mouse Reeve
fed6bcd375
Merge pull request #2314 from chambersh1129/2194-normalize-stored-ISNI
...
Closes #2194 Normalize stored ISNI
2022-10-14 12:20:07 -07:00
Mouse Reeve
b02ad2ec68
Merge pull request #2316 from redshiftss/bugfix/reading-status-future
...
Make it so that finishing a book cannot happen in the future
2022-10-14 12:17:42 -07:00
Mouse Reeve
b06c35b7dd
Update forms.py
2022-10-14 12:06:54 -07:00
Laura Pircalaboiu
f97b6f3da2
fix pylint complaint
2022-10-12 11:25:03 +02:00
x3005504
4423827c27
Merge branch 'bugfix/reading-status-future' of github.com:redshiftss/bookwyrm into bugfix/reading-status-future
2022-10-11 14:42:09 +02:00
Laura Pircalaboiu
4ab5e4b5d9
re-format code
2022-10-11 14:40:52 +02:00
Laura Pircalaboiu
b895fbd8f2
fix bug, can no longer finish a book in the future
2022-10-11 14:40:45 +02:00
Laura Pircalaboiu
aeeb2c3442
WIP: fix reading status ending in the future
2022-10-11 14:40:32 +02:00
x3005504
ec25ffe6ba
re-format code
2022-10-11 14:07:17 +02:00
x3005504
9a9a7821b7
fix bug, can no longer finish a book in the future
2022-10-11 14:05:20 +02:00
x3005504
68b9791d8c
WIP: fix reading status ending in the future
2022-10-11 13:41:07 +02:00
Hunter Chambers
32f68c3f62
remove trailing whitespace causing pylint/black errors
2022-10-10 14:13:57 -04:00
Hunter Chambers
02c7397eaf
Closes #2194 Normalize stored ISNI
2022-10-09 19:36:24 -04:00
Mouse Reeve
003c5c9c82
Merge pull request #2311 from bookwyrm-social/small-tests
...
Just adds a couple tests
2022-10-04 12:18:10 -07:00
Mouse Reeve
74b89b2d4a
That test didn't work
2022-10-04 12:09:05 -07:00
Mouse Reeve
5b5e15d48b
Just adds a couple tests
2022-10-04 11:40:01 -07:00
Mouse Reeve
f32eaad8ef
Merge pull request #2310 from bookwyrm-social/typo-fix
...
Typo fix
2022-10-04 11:22:35 -07:00
Mouse Reeve
520b1d2207
Updates locales
2022-10-04 11:04:36 -07:00