CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,908 Commits 310 Branches 192 Tags
8dc241934d46ea09b697927bf24e55ccead28b50
Commit Graph

54 Commits

Author SHA1 Message Date
Raphael Michel
3e0ff1e6ed Send security notification when recovery code is used or created by admin (#5719) 
* Send security notification when recovery code is used or created by admin

"Where to store recovery codes" is one of these problems there is no
right answer to, so many people store them in a less-than-optimal place.
If that's the reality we live in, this PR adds at least a little
security so one notices when they get used :)

* Add sentence
 2026-01-26 10:01:07 +01:00
Raphael Michel
815e31d9a0 Resolve syntax warning in Pyton 3.14 2026-01-20 12:15:49 +01:00
Raphael Michel
5583298322 Auto-verify user email addresses on accepting invites (#5609) 
* Auto-verify user email addresses on accepting invites

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

---------

Co-authored-by: Richard Schreiber <schreiber@rami.io>
 2025-11-14 09:55:18 +01:00
Raphael Michel
177a7d07fc Update license header (#5540) 2025-10-10 15:32:46 +02:00
Raphael Michel
03d3c389da Fix #1674 -- Change spelling of e-mail to email (#4636) 
* Fix #1674 -- Change spelling of e-mail to email

* Conflicts and word list

* Add MobilePay to wordlist

* fix usage in tests
 2024-11-18 17:21:29 +01:00
Felix Schäfer
1dda2eb4fb Fix reauth loops with redirect style authentication plugins (#4512) 
* Test reauth with redirect style auth #4498

* Fix reauth loops with redirect style auth #4498
 2024-10-09 09:24:49 +02:00
Raphael Michel
a3139944f6 Send notifications about login with new client or country (#4032) 
* Send notifications about login with new client or country

* Rebase migration

* Remove immediately

* Fix isort

* Text update
 2024-04-03 11:19:20 +02:00
Raphael Michel
f3f42a8a42 Login: Add logging for incorrect JS hostnames 2024-04-02 11:34:43 +02:00
Raphael Michel
fb49046ac1 Log and count user logins (#4020) 
* Log and count user logins

* Allow metrics without label

---------

Co-authored-by: Mira Weller <weller@rami.io>
 2024-03-28 17:18:51 +01:00
Raphael Michel
57738f19bf Update webauthn requirement from ==0.4.* to ==2.0.* (#3880) 
* Get rid of unmaintained dependency python-u2flib-server

* Update webauthn requirement from ==0.4.* to ==2.0.*

* Fix tests

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/auth.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

* Update src/pretix/control/views/user.py

Co-authored-by: Richard Schreiber <schreiber@rami.io>

---------

Co-authored-by: Richard Schreiber <schreiber@rami.io>
 2024-02-14 13:27:24 +01:00
Raphael Michel
12a898476e Replace redirect() with redirect_to_url() if we don't need Django's resolution 2023-12-08 15:38:50 +01:00
Raphael Michel
6f6def88a3 Fix password recovery even when reset is disabled 2023-11-20 11:36:54 +01:00
Raphael Michel
db9049130c Do not send password-reset for non-native users 2023-11-13 12:43:13 +01:00
Raphael Michel
65b74d0483 Do not allow password reset for disabled users 2023-11-13 12:43:13 +01:00
Raphael Michel
6267767ce7 Password reset: Set needs_password_change to false 2023-10-25 09:35:04 +02:00
Raphael Michel
e75dc74661 Allow consecutive password resets 2022-12-21 10:01:25 +01:00
Raphael Michel
7b58ddbfde Don't use Django's redirect() for user-supplied paths 2022-11-17 11:46:03 +01:00
Raphael Michel
8e79eb570e Customer accounts & Memberships (#2024) 2021-05-04 16:56:06 +02:00
Raphael Michel
a93287207b pretix Community Edition moves to AGPLv3-based license (#2023) 2021-04-12 10:33:47 +02:00
Raphael Michel
7c0df5b755 [SECURITY] Rate limiting for login 2020-12-22 10:47:47 +01:00
Raphael Michel
a3dd015c23 [SECURITY] Fix unvalidated redirect 2020-12-22 10:47:47 +01:00
Raphael Michel
d224b5387d Replace Travis with GitHub actions and fix many typos (#1657) 
* Create django.yml

* Fix working directory

* ..

* .

* ..

* a.

* ..

* .

* Fix typo

* Install hunspell

* maxfail

* Fix install

* .

* Reduce number of typos

* Even less typos

* Postgres debug

* Spelling fixes, yet again

* Postgres with PW

* Fix failing test

* New workflows

* Fix syntax error

* Install gettext

* Test aginst python 3.6 as well

* Clean up strategies

* Add badge, do not ignore migrations

* Use pip cache
 2020-04-22 12:07:58 +02:00
Raphael Michel
af23d6e4bf Upgrade to Django 3.0 and other dependencies (#1568) 
* Upgrade Django to 3.0 and other dependencies to recent versions

* Fix otp version contsraint

* Remove six dependency

* Resolve some warnings

* Fix failing tests

* Update django-countries

* Resolve all RemovedInDjango31Warnings in test suite

* Run isort

* Fix import

* Update PostgreSQL version on travis
 2020-03-23 15:02:20 +01:00
Maico Timmerman
9a32668ee1 Make next url authentication backend dependent (#1609) 
* Make next url authentication backend dependent

* Rename authentication next_url to get_next_url.

* Add test for custom authentication backend get_next_url.

* Fix typo in docstring of authentication backend get_next_url.
 2020-03-15 11:05:57 +01:00
Raphael Michel
8a6a515b6a Refs #775 -- Pluggable authentication backends (#1447) 
* Drag-and-drop: Force csrf_token to be present

* Rough design

* Missing file

* b.visble

* Forms

* Docs

* Tests

* Fix variable
 2019-10-17 09:11:03 +02:00
Raphael Michel
4ade9d39cd Add "back" parameter to logout view 2019-10-06 11:35:29 +02:00
Raphael Michel
2c4ee3b3c7 Replace U2F with WebAuthn (#1392) 
* Replace U2F with WebAuthn

* Imports

* Fix backwards compatibility

* Add explanatory comment

* Fix tests
 2019-09-10 09:58:31 +02:00
Raphael Michel
01a6861453 Always query emails case-insensitively 2019-01-02 15:12:48 +01:00
Raphael Michel
5c8d9c4dca Fix incorrect feedback on invite form 2018-11-16 14:13:44 +01:00
Raphael Michel
c2b7d9a257 Fix transaction handling in invite form 2018-09-30 14:07:14 +02:00
Lukas Bockstaller
a643abe293 Prevent email enumeration (#1000) 
Here is my attempt to prevent user enumeration. 
I've made the following changes:

**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages 
- adds logging for attempted password resets of unknown users
- adds logging for failing emails

**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email 
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. 

Please excuse the commit mess. I am currently fighting with my tooling.
 2018-08-31 10:28:39 +02:00
Raphael Michel
afd766999c Upgrade to Django 2.1 (#710) 
* Upgrade to Django 2.0

* more models

* i18n foo

* Update setup.py

* Fix Sentry exception PRETIXEU-JC

* Enforce slug uniqueness

* Import sorting

* Upgrade to Django 2.1

* Travis config

* Try to fix PostgreSQL failure

* Smaller test matrix

* staticfiles→static

* Include request in all authenticate() calls
 2018-08-06 12:48:46 +02:00
Raphael Michel
035a4b0928 Add next parameter to logout view 2018-02-14 11:49:16 +01:00
Raphael Michel
3a713541a2 User management UI for system administrators 2018-01-29 12:25:11 +01:00
Raphael Michel
2f15d410fe Add optional timeouts for backend sessions 2017-09-04 19:50:32 +02:00
Raphael Michel
d08a0bdb00 Refs #39 -- New concept of "teams" (#478) 
* New models

* CRUD UI

* UI for adding/removing team members

* Log display for teams

* Fix invitations, move frontend

* Drop old models (incomplete)

* Drop more old stuff

* Drop even more old stuff

* Fix tests

* Fix permission test

* flake8 fix

* Add tests fore the new code

* Rebase migrations
 2017-05-03 16:55:37 +02:00
Raphael Michel
c7676cd17a Refs #39 -- Add permission editor for organizers 2017-01-07 14:10:31 +01:00
Raphael Michel
d134dcf6a9 Added team invitations 2017-01-07 13:05:36 +01:00
Raphael Michel
888aba5714 2FA: Require recent authentication to change settings 2016-10-09 12:59:43 +02:00
Raphael Michel
2611b7619e 2FA: Added tests 2016-10-09 12:59:43 +02:00
Raphael Michel
d7719d0bc7 2FA: Login via U2F 2016-10-09 12:59:43 +02:00
Raphael Michel
582d9dca25 2FA: Implement emergency tokens 2016-10-09 12:59:43 +02:00
Raphael Michel
68a9f98f23 2FA: Login using a TOTP token 2016-10-09 12:59:43 +02:00
Raphael Michel
3e318d0dcf Django 1.10: User.is_authenticated is now a property 2016-09-27 10:25:20 +02:00
Tobias Kunze
3c8f9f5a62 Catch and display mail sending errors (#215) 2016-08-30 16:49:52 +02:00
Raphael Michel
a7647d8de2 Allow to disable login/password reset 2016-06-06 23:07:49 +02:00
Jason Estibeiro
e685f8e819 Added basic Django password validations and updated .gitignore (#136) 2016-05-11 13:38:31 +02:00
Raphael Michel
d5feeb77d1 Fixed #5 -- Added a spam protection feature to password resets 2016-02-22 22:10:25 +01:00
Raphael Michel
58b85819bc Added logging for all basic operations 2015-12-12 22:53:11 +01:00
Raphael Michel
c47008cc18 Added password reset to control.auth 2015-10-04 13:52:08 +02:00