CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
10,574 Commits 308 Branches 192 Tags
cfd63769362709be098fa0da0fb342a942fc8a0f
Commit Graph

39 Commits

Author SHA1 Message Date
Raphael Michel
e75dc74661 Allow consecutive password resets 2022-12-21 10:01:25 +01:00
Raphael Michel
7b58ddbfde Don't use Django's redirect() for user-supplied paths 2022-11-17 11:46:03 +01:00
Raphael Michel
8e79eb570e Customer accounts & Memberships (#2024) 2021-05-04 16:56:06 +02:00
Raphael Michel
a93287207b pretix Community Edition moves to AGPLv3-based license (#2023) 2021-04-12 10:33:47 +02:00
Raphael Michel
7c0df5b755 [SECURITY] Rate limiting for login 2020-12-22 10:47:47 +01:00
Raphael Michel
a3dd015c23 [SECURITY] Fix unvalidated redirect 2020-12-22 10:47:47 +01:00
Raphael Michel
d224b5387d Replace Travis with GitHub actions and fix many typos (#1657) 
* Create django.yml

* Fix working directory

* ..

* .

* ..

* a.

* ..

* .

* Fix typo

* Install hunspell

* maxfail

* Fix install

* .

* Reduce number of typos

* Even less typos

* Postgres debug

* Spelling fixes, yet again

* Postgres with PW

* Fix failing test

* New workflows

* Fix syntax error

* Install gettext

* Test aginst python 3.6 as well

* Clean up strategies

* Add badge, do not ignore migrations

* Use pip cache
 2020-04-22 12:07:58 +02:00
Raphael Michel
af23d6e4bf Upgrade to Django 3.0 and other dependencies (#1568) 
* Upgrade Django to 3.0 and other dependencies to recent versions

* Fix otp version contsraint

* Remove six dependency

* Resolve some warnings

* Fix failing tests

* Update django-countries

* Resolve all RemovedInDjango31Warnings in test suite

* Run isort

* Fix import

* Update PostgreSQL version on travis
 2020-03-23 15:02:20 +01:00
Maico Timmerman
9a32668ee1 Make next url authentication backend dependent (#1609) 
* Make next url authentication backend dependent

* Rename authentication next_url to get_next_url.

* Add test for custom authentication backend get_next_url.

* Fix typo in docstring of authentication backend get_next_url.
 2020-03-15 11:05:57 +01:00
Raphael Michel
8a6a515b6a Refs #775 -- Pluggable authentication backends (#1447) 
* Drag-and-drop: Force csrf_token to be present

* Rough design

* Missing file

* b.visble

* Forms

* Docs

* Tests

* Fix variable
 2019-10-17 09:11:03 +02:00
Raphael Michel
4ade9d39cd Add "back" parameter to logout view 2019-10-06 11:35:29 +02:00
Raphael Michel
2c4ee3b3c7 Replace U2F with WebAuthn (#1392) 
* Replace U2F with WebAuthn

* Imports

* Fix backwards compatibility

* Add explanatory comment

* Fix tests
 2019-09-10 09:58:31 +02:00
Raphael Michel
01a6861453 Always query emails case-insensitively 2019-01-02 15:12:48 +01:00
Raphael Michel
5c8d9c4dca Fix incorrect feedback on invite form 2018-11-16 14:13:44 +01:00
Raphael Michel
c2b7d9a257 Fix transaction handling in invite form 2018-09-30 14:07:14 +02:00
Lukas Bockstaller
a643abe293 Prevent email enumeration (#1000) 
Here is my attempt to prevent user enumeration. 
I've made the following changes:

**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages 
- adds logging for attempted password resets of unknown users
- adds logging for failing emails

**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email 
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. 

Please excuse the commit mess. I am currently fighting with my tooling.
 2018-08-31 10:28:39 +02:00
Raphael Michel
afd766999c Upgrade to Django 2.1 (#710) 
* Upgrade to Django 2.0

* more models

* i18n foo

* Update setup.py

* Fix Sentry exception PRETIXEU-JC

* Enforce slug uniqueness

* Import sorting

* Upgrade to Django 2.1

* Travis config

* Try to fix PostgreSQL failure

* Smaller test matrix

* staticfiles→static

* Include request in all authenticate() calls
 2018-08-06 12:48:46 +02:00
Raphael Michel
035a4b0928 Add next parameter to logout view 2018-02-14 11:49:16 +01:00
Raphael Michel
3a713541a2 User management UI for system administrators 2018-01-29 12:25:11 +01:00
Raphael Michel
2f15d410fe Add optional timeouts for backend sessions 2017-09-04 19:50:32 +02:00
Raphael Michel
d08a0bdb00 Refs #39 -- New concept of "teams" (#478) 
* New models

* CRUD UI

* UI for adding/removing team members

* Log display for teams

* Fix invitations, move frontend

* Drop old models (incomplete)

* Drop more old stuff

* Drop even more old stuff

* Fix tests

* Fix permission test

* flake8 fix

* Add tests fore the new code

* Rebase migrations
 2017-05-03 16:55:37 +02:00
Raphael Michel
c7676cd17a Refs #39 -- Add permission editor for organizers 2017-01-07 14:10:31 +01:00
Raphael Michel
d134dcf6a9 Added team invitations 2017-01-07 13:05:36 +01:00
Raphael Michel
888aba5714 2FA: Require recent authentication to change settings 2016-10-09 12:59:43 +02:00
Raphael Michel
2611b7619e 2FA: Added tests 2016-10-09 12:59:43 +02:00
Raphael Michel
d7719d0bc7 2FA: Login via U2F 2016-10-09 12:59:43 +02:00
Raphael Michel
582d9dca25 2FA: Implement emergency tokens 2016-10-09 12:59:43 +02:00
Raphael Michel
68a9f98f23 2FA: Login using a TOTP token 2016-10-09 12:59:43 +02:00
Raphael Michel
3e318d0dcf Django 1.10: User.is_authenticated is now a property 2016-09-27 10:25:20 +02:00
Tobias Kunze
3c8f9f5a62 Catch and display mail sending errors (#215) 2016-08-30 16:49:52 +02:00
Raphael Michel
a7647d8de2 Allow to disable login/password reset 2016-06-06 23:07:49 +02:00
Jason Estibeiro
e685f8e819 Added basic Django password validations and updated .gitignore (#136) 2016-05-11 13:38:31 +02:00
Raphael Michel
d5feeb77d1 Fixed #5 -- Added a spam protection feature to password resets 2016-02-22 22:10:25 +01:00
Raphael Michel
58b85819bc Added logging for all basic operations 2015-12-12 22:53:11 +01:00
Raphael Michel
c47008cc18 Added password reset to control.auth 2015-10-04 13:52:08 +02:00
Raphael Michel
7def097dcd Refs #96 -- Completely removed local users 2015-09-17 00:55:00 +02:00
Raphael Michel
e828d711bd Used isort to order all import statements 2015-07-19 20:46:34 +02:00
Raphael Michel
1cea51eb10 Added basic global registration 2015-06-15 22:36:47 +02:00
Raphael Michel
077413f41c Restructure our python module. A lot. 2015-02-14 17:55:13 +01:00