Here is my attempt to prevent user enumeration.
I've made the following changes:
**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages
- adds logging for attempted password resets of unknown users
- adds logging for failing emails
**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered.
Please excuse the commit mess. I am currently fighting with my tooling.
* Add data shredders for PII
* First working shredder
* Add more shredders
* Add new shredders and download confirmation
* tmp
* PayPal, Stripe, banktransfer
* Add icon to logs
* Untested payment log shredders
* Add waiting list shredder
* First tests
* Add tests for shredders
* Improve templats, link to shredder
* Test payment info shredders
* More tests
* Documentation
* Fix enabled flag in payment provider overview
* Fix minor issues
* Checking for the last date in the event series before deleting a date. Last date in a event series should never be delted.
* Adding check to ensure that last date in a event series is not deleted. Editing unit test around deleting subevent to assert on alert-danger
* Increasing the scope of test_delete. We are now creating 2 subevents and testing deleting one and ensuring that the last one is not deleted
* Fixing alert text. Removing a redundant if condition for checking subevent count
* Adding assert for second event to ensure its not deleted
* Minor fixes and rebase
* First stab at notification settings
* Add "global" setting for notification levels
* Trigger notification task
* Get users with permission for event
* Actually send notification emails
* More notifications
* Allow to turn off notifications
* Link in email to pause all notifications
* Add NotificationType to wordlist
* Add notification tests
* Add documentation
* Rebase fixes
* Data model and migration
* Some backwards compatibility
* CRUD for checkin lists
* Show and perform checkins
* Correct numbers in table and dashboard widget
* event creation and cloning
* Allow to link specific exports and pass options per query
* Play with the CSV export
* PDF export
* Collapse exports by default
* Improve PDF exporter
* Addon stuff
* Subevent stuff, pretixdroid tests
* pretixdroid tests
* Add CRUD API
* Test compatibility
* Fix test
* DB-independent sorting behavior
* Add CRUD and coyp tests
* Re-enable pretixdroid plugin
* pretixdroid config
* Tests & fixes
* [WIP] manual check-in of attendees
This enables manual check-in of attendees. The post-code was heavily
copied from the APIRedeemView of the pretixdroid, thus so far this seems
to be working, but I have a few questions:
The checkin-Objects generated by the pretixdroid-app have a nonce.
Should the checkin object generated here have a nonce, too?
Should the result of the check-in be noted in any other way than by the
change of the status?
* addressed review comments
* implement unit test for manual checkin
* fix style-issues
* Slight layout change
* Log who did the manual check-in
* Improve unit test to check the result of the action
* New concept for fee handling
* More usages
* Remove all usages, make all tests pass
* API changes
* Small fixes
* Fix order of invoice lines
* Rebase migration
* added fields and logic for adding quota in creation of product
* added section for selecting quota option
* logic for hiding quota selections when needed
* fixed logic for quota selection
* formatting, removed print statements
* styling
* tests for adding quotas in product form
* cleaned up
* added divs
* reworked to include translatable text, readable values for quota options
* quota_add_existing form assignment to str(q.pk)
* made changes for radio buttons, added in sliding animation
* moved string constants for quota options, changed quota options to RadioSelect from Select
