Here is my attempt to prevent user enumeration.
I've made the following changes:
**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages
- adds logging for attempted password resets of unknown users
- adds logging for failing emails
**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered.
Please excuse the commit mess. I am currently fighting with my tooling.
* [WIP] Fix#599 -- Add API to create orders
* Add more validation logic
* Add docs and some validation
* Fix test on MySQl
* Validation is fun, let's do more of it!
* Fix live_issues
* Add data shredders for PII
* First working shredder
* Add more shredders
* Add new shredders and download confirmation
* tmp
* PayPal, Stripe, banktransfer
* Add icon to logs
* Untested payment log shredders
* Add waiting list shredder
* First tests
* Add tests for shredders
* Improve templats, link to shredder
* Test payment info shredders
* More tests
* Documentation
* Fix enabled flag in payment provider overview
* Fix minor issues
* MKBDIGI-185: Added update/create to events
* MKBDIGI-185: Added validation for 'slug, 'live' on event endpoint
* MKBDIGI-185: Code formatting
* MKBDIGI-185: Added 'plugins' to 'event' endpoint
* MKBDIGI-185: Merge migrations
* MKBDIGI-185: Cleaned up static methods
* EBILL-5: Added delete endpoint for event
* EBILL-5: Merge migrations
* EBILL-5: Fixed imports
* EBILL-5: Changed plugins to only list plugins enabled for the event
* EBILL-5: Added clone event endpoint
* EBILL-5: Removed permissions check API test for events
* EBILL-5: Merged master, updated migrations
* EBILL-5: Updated api permissions check for CRUD on events
* EBILL-5: Removed 'unique_together' constraint on event model
* EBILL-5: Removed call to changed static methods in test
* EBILL-5: Changed Event 'has_paid_things' to a property for consistency
* EBILL-5: Fixed created response code in documentation
* EBILL-6: Documentation fixes
* EBILL-6: Fixed typo
* EBILL-6: Fixed permissions
* EBILL-6: Added note on copying settings to documentation
* EBILL-6: Created model method for deleting sub objects on event before delete
* EBILL-6: Fixed typo
* EBILL-6: Re-added meta_data as read-only
* EBILL-6: Fixed permissions test
* EBILL-6: Added plugins issues check before live. Moved issues property from form to Event model.
* EBILL-6: Upped version number in documentation
* Add write support for MetaDataField
* EBILL-6: Expanded documentation for the clone endpoint, made behaviour of 'is_public' similar to 'plugins' for consistency
* EBILL-6: Re-added EventCRUDPermission
* EBILL-16: Updated documentation with permission model for the API
* EBILL-16: Added 'has_subevents' validation to ensure it cannot be changed once event is created.
* EBILL-16: Fixed event clone not differentiating between "not set" and "deliberately set to False"
* EBILL-16: Fixed event live validation
* EBILL-16: Added logging of live activated/deactivated
* EBILL-16: Fixed create event bug when no 'meta_data' supplied
* EBILL-16: Typo fixed
* EBILL-16: Added log display for "event created"
* EBILL-16: Enabling a plugin now calls 'installed' if applicable and log entries are added
* EBILL-16: Updated tests for events
* Do not allow enabling restricted plugins via the API
* Remove unused code
