CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity
14,155 Commits 309 Branches 199 Tags
f3fb1e66dc9939cc2a1870fcfff8f3b8d0347468
Commit Graph

40 Commits

Author SHA1 Message Date
Raphael Michel
3e0ff1e6ed Send security notification when recovery code is used or created by admin (#5719) 
* Send security notification when recovery code is used or created by admin

"Where to store recovery codes" is one of these problems there is no
right answer to, so many people store them in a less-than-optimal place.
If that's the reality we live in, this PR adds at least a little
security so one notices when they get used :)

* Add sentence
 2026-01-26 10:01:07 +01:00
luelista
1cb2d443f9 Validation of user email addresses (#5434) 
* Validation of user email addresses
* Improve email and password change forms
 2025-11-07 11:17:34 +01:00
Raphael Michel
177a7d07fc Update license header (#5540) 2025-10-10 15:32:46 +02:00
Felix Schäfer
1dda2eb4fb Fix reauth loops with redirect style authentication plugins (#4512) 
* Test reauth with redirect style auth #4498

* Fix reauth loops with redirect style auth #4498
 2024-10-09 09:24:49 +02:00
Raphael Michel
32d6ded003 Stricten password validation to match PCI DSS requirements (#4467) 
* Stricten password validation to match PCI DSS requirements

* Review fix

* Fix a file header
 2024-09-17 13:29:17 +02:00
Raphael Michel
a3139944f6 Send notifications about login with new client or country (#4032) 
* Send notifications about login with new client or country

* Rebase migration

* Remove immediately

* Fix isort

* Text update
 2024-04-03 11:19:20 +02:00
Raphael Michel
4ea4189e6d Allow team admins to require two-factor authentication (#4034) 
* Allow team admins to require two-factor authentication

* Add API tests

* Improve logic

* ADd button tooltip
 2024-04-02 17:15:16 +02:00
Raphael Michel
57738f19bf Update webauthn requirement from ==0.4.* to ==2.0.* (#3880) 
* Get rid of unmaintained dependency python-u2flib-server

* Update webauthn requirement from ==0.4.* to ==2.0.*

* Fix tests

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

---------

Co-authored-by: Richard Schreiber <schreiber@rami.io>
 2024-02-14 13:27:24 +01:00
Richard Schreiber
da9aa3e133 Fix registration tests (#3663) 2023-10-23 14:40:43 +02:00
Raphael Michel
ff86fcf000 Add session pinning by country (#3233) 2023-04-18 12:29:07 +02:00
Raphael Michel
926d334b10 [SECURITY] Enforce session validation on oauth authorize endpoint 2023-03-06 11:52:01 +01:00
Raphael Michel
a37ed6f001 Bump versions of pycodestyle and pep8-naming 2022-02-13 20:39:31 +01:00
ser8phin
169a6c51b4 Add check to force users to change password (#2284) 2021-11-11 11:10:33 +01:00
Raphael Michel
403b8191e4 Upgrade to Django 3.2 (#2056) 2021-05-07 12:00:30 +02:00
Raphael Michel
a93287207b pretix Community Edition moves to AGPLv3-based license (#2023) 2021-04-12 10:33:47 +02:00
Raphael Michel
d3748a6194 Move quota cache from database to redis (#2010) 2021-03-29 09:42:27 +02:00
Raphael Michel
a3dd015c23 [SECURITY] Fix unvalidated redirect 2020-12-22 10:47:47 +01:00
Raphael Michel
fb92676aee Fix test suite failures 2020-11-01 15:43:57 +01:00
Martin Gross
af0e8ec992 Fix test, Ref: 3cbcf663e5 2020-10-05 13:45:53 +02:00
Maico Timmerman
9a32668ee1 Make next url authentication backend dependent (#1609) 
* Make next url authentication backend dependent

* Rename authentication next_url to get_next_url.

* Add test for custom authentication backend get_next_url.

* Fix typo in docstring of authentication backend get_next_url.
 2020-03-15 11:05:57 +01:00
Raphael Michel
8a6a515b6a Refs #775 -- Pluggable authentication backends (#1447) 
* Drag-and-drop: Force csrf_token to be present

* Rough design

* Missing file

* b.visble

* Forms

* Docs

* Tests

* Fix variable
 2019-10-17 09:11:03 +02:00
Raphael Michel
2c4ee3b3c7 Replace U2F with WebAuthn (#1392) 
* Replace U2F with WebAuthn

* Imports

* Fix backwards compatibility

* Add explanatory comment

* Fix tests
 2019-09-10 09:58:31 +02:00
Martin Gross
0a1429ed60 Add setting for enforcing 2FA (#1259) 
* Add setting for enforcing 2FA

* Changes after code-review

* Add Test-Cases for Obligatory 2FA
 2019-06-17 17:08:27 +02:00
Raphael Michel
d85ddb5bda Integrate django-scopes (#1319) 
* Install django-scopes

* Fix tests.api

* Update tasks and cronjobs

* Fix remaining tests

* Remove unused import

* Fix tests after rebase

* Disable scopes for get_Events_with_any_permission

* Disable scopes for a management command
 2019-06-17 10:46:55 +02:00
Raphael Michel
ae298bddb8 Make FakeRedis play nice with metrics 2019-04-18 09:17:55 +02:00
Lukas Bockstaller
a643abe293 Prevent email enumeration (#1000) 
Here is my attempt to prevent user enumeration. 
I've made the following changes:

**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages 
- adds logging for attempted password resets of unknown users
- adds logging for failing emails

**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email 
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. 

Please excuse the commit mess. I am currently fighting with my tooling.
 2018-08-31 10:28:39 +02:00
Raphael Michel
a284e0c2f7 Add auditable superuser mode (#824) 
* Remove is_superuser everywhere

* Session handling

* List of sessions, relative timeout

* Absolute timeout

* Optionally pseudo-force audit comments

* Fix failing tests

* Add tests

* Add docs

* Rebsae migration

* Typos

* Fix tests
 2018-03-28 14:16:58 +02:00
Raphael Michel
072f2a0ee9 Pin sessions to the user agent in use 2018-02-19 13:02:55 +01:00
Raphael Michel
f6b1bd9fe8 [SECURITY] Fix handling of session timeouts 2017-11-25 19:18:40 +01:00
Raphael Michel
2f15d410fe Add optional timeouts for backend sessions 2017-09-04 19:50:32 +02:00
Raphael Michel
d2ce002305 Fix further problems with py.test 2016-11-08 15:25:38 +01:00
Raphael Michel
503f6dd06f Use consistent flake8 settings everywhere and fix flake8 issues 2016-10-13 22:57:57 +02:00
Raphael Michel
2611b7619e 2FA: Added tests 2016-10-09 12:59:43 +02:00
Raphael Michel
d8a84e762f Replaced first selenium tests with bs4 2016-08-14 12:15:57 +02:00
Jason Estibeiro
e685f8e819 Added basic Django password validations and updated .gitignore (#136) 2016-05-11 13:38:31 +02:00
Raphael Michel
c47008cc18 Added password reset to control.auth 2015-10-04 13:52:08 +02:00
Raphael Michel
109e18e891 Added unit tests for authentication forms 2015-09-29 01:00:54 +02:00
Raphael Michel
7def097dcd Refs #96 -- Completely removed local users 2015-09-17 00:55:00 +02:00
Raphael Michel
e828d711bd Used isort to order all import statements 2015-07-19 20:46:34 +02:00
Raphael Michel
2fce883230 Move tests to directory outside of the main package 2015-03-14 00:57:09 +01:00