CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,646 Commits 307 Branches 192 Tags
3c86fc697b5f4c5a07422e4623b3bc6ebf3e0eb8
Commit Graph

30 Commits

Author SHA1 Message Date
Raphael Michel
8a6a515b6a Refs #775 -- Pluggable authentication backends (#1447) 
* Drag-and-drop: Force csrf_token to be present

* Rough design

* Missing file

* b.visble

* Forms

* Docs

* Tests

* Fix variable
 2019-10-17 09:11:03 +02:00
Raphael Michel
4ade9d39cd Add "back" parameter to logout view 2019-10-06 11:35:29 +02:00
Raphael Michel
2c4ee3b3c7 Replace U2F with WebAuthn (#1392) 
* Replace U2F with WebAuthn

* Imports

* Fix backwards compatibility

* Add explanatory comment

* Fix tests
 2019-09-10 09:58:31 +02:00
Raphael Michel
01a6861453 Always query emails case-insensitively 2019-01-02 15:12:48 +01:00
Raphael Michel
5c8d9c4dca Fix incorrect feedback on invite form 2018-11-16 14:13:44 +01:00
Raphael Michel
c2b7d9a257 Fix transaction handling in invite form 2018-09-30 14:07:14 +02:00
Lukas Bockstaller
a643abe293 Prevent email enumeration (#1000) 
Here is my attempt to prevent user enumeration. 
I've made the following changes:

**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages 
- adds logging for attempted password resets of unknown users
- adds logging for failing emails

**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email 
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. 

Please excuse the commit mess. I am currently fighting with my tooling.
 2018-08-31 10:28:39 +02:00
Raphael Michel
afd766999c Upgrade to Django 2.1 (#710) 
* Upgrade to Django 2.0

* more models

* i18n foo

* Update setup.py

* Fix Sentry exception PRETIXEU-JC

* Enforce slug uniqueness

* Import sorting

* Upgrade to Django 2.1

* Travis config

* Try to fix PostgreSQL failure

* Smaller test matrix

* staticfiles→static

* Include request in all authenticate() calls
 2018-08-06 12:48:46 +02:00
Raphael Michel
035a4b0928 Add next parameter to logout view 2018-02-14 11:49:16 +01:00
Raphael Michel
3a713541a2 User management UI for system administrators 2018-01-29 12:25:11 +01:00
Raphael Michel
2f15d410fe Add optional timeouts for backend sessions 2017-09-04 19:50:32 +02:00
Raphael Michel
d08a0bdb00 Refs #39 -- New concept of "teams" (#478) 
* New models

* CRUD UI

* UI for adding/removing team members

* Log display for teams

* Fix invitations, move frontend

* Drop old models (incomplete)

* Drop more old stuff

* Drop even more old stuff

* Fix tests

* Fix permission test

* flake8 fix

* Add tests fore the new code

* Rebase migrations
 2017-05-03 16:55:37 +02:00
Raphael Michel
c7676cd17a Refs #39 -- Add permission editor for organizers 2017-01-07 14:10:31 +01:00
Raphael Michel
d134dcf6a9 Added team invitations 2017-01-07 13:05:36 +01:00
Raphael Michel
888aba5714 2FA: Require recent authentication to change settings 2016-10-09 12:59:43 +02:00
Raphael Michel
2611b7619e 2FA: Added tests 2016-10-09 12:59:43 +02:00
Raphael Michel
d7719d0bc7 2FA: Login via U2F 2016-10-09 12:59:43 +02:00
Raphael Michel
582d9dca25 2FA: Implement emergency tokens 2016-10-09 12:59:43 +02:00
Raphael Michel
68a9f98f23 2FA: Login using a TOTP token 2016-10-09 12:59:43 +02:00
Raphael Michel
3e318d0dcf Django 1.10: User.is_authenticated is now a property 2016-09-27 10:25:20 +02:00
Tobias Kunze
3c8f9f5a62 Catch and display mail sending errors (#215) 2016-08-30 16:49:52 +02:00
Raphael Michel
a7647d8de2 Allow to disable login/password reset 2016-06-06 23:07:49 +02:00
Jason Estibeiro
e685f8e819 Added basic Django password validations and updated .gitignore (#136) 2016-05-11 13:38:31 +02:00
Raphael Michel
d5feeb77d1 Fixed #5 -- Added a spam protection feature to password resets 2016-02-22 22:10:25 +01:00
Raphael Michel
58b85819bc Added logging for all basic operations 2015-12-12 22:53:11 +01:00
Raphael Michel
c47008cc18 Added password reset to control.auth 2015-10-04 13:52:08 +02:00
Raphael Michel
7def097dcd Refs #96 -- Completely removed local users 2015-09-17 00:55:00 +02:00
Raphael Michel
e828d711bd Used isort to order all import statements 2015-07-19 20:46:34 +02:00
Raphael Michel
1cea51eb10 Added basic global registration 2015-06-15 22:36:47 +02:00
Raphael Michel
077413f41c Restructure our python module. A lot. 2015-02-14 17:55:13 +01:00