CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
5,157 Commits 307 Branches 192 Tags
f8433b5cc9db81ca1f9042f032d574c39ac10b1f
Commit Graph

20 Commits

Author SHA1 Message Date
Raphael Michel
8a6a515b6a Refs #775 -- Pluggable authentication backends (#1447) 
* Drag-and-drop: Force csrf_token to be present

* Rough design

* Missing file

* b.visble

* Forms

* Docs

* Tests

* Fix variable
 2019-10-17 09:11:03 +02:00
Raphael Michel
2c4ee3b3c7 Replace U2F with WebAuthn (#1392) 
* Replace U2F with WebAuthn

* Imports

* Fix backwards compatibility

* Add explanatory comment

* Fix tests
 2019-09-10 09:58:31 +02:00
Martin Gross
0a1429ed60 Add setting for enforcing 2FA (#1259) 
* Add setting for enforcing 2FA

* Changes after code-review

* Add Test-Cases for Obligatory 2FA
 2019-06-17 17:08:27 +02:00
Raphael Michel
d85ddb5bda Integrate django-scopes (#1319) 
* Install django-scopes

* Fix tests.api

* Update tasks and cronjobs

* Fix remaining tests

* Remove unused import

* Fix tests after rebase

* Disable scopes for get_Events_with_any_permission

* Disable scopes for a management command
 2019-06-17 10:46:55 +02:00
Raphael Michel
ae298bddb8 Make FakeRedis play nice with metrics 2019-04-18 09:17:55 +02:00
Lukas Bockstaller
a643abe293 Prevent email enumeration (#1000) 
Here is my attempt to prevent user enumeration. 
I've made the following changes:

**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages 
- adds logging for attempted password resets of unknown users
- adds logging for failing emails

**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email 
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered. 

Please excuse the commit mess. I am currently fighting with my tooling.
 2018-08-31 10:28:39 +02:00
Raphael Michel
a284e0c2f7 Add auditable superuser mode (#824) 
* Remove is_superuser everywhere

* Session handling

* List of sessions, relative timeout

* Absolute timeout

* Optionally pseudo-force audit comments

* Fix failing tests

* Add tests

* Add docs

* Rebsae migration

* Typos

* Fix tests
 2018-03-28 14:16:58 +02:00
Raphael Michel
072f2a0ee9 Pin sessions to the user agent in use 2018-02-19 13:02:55 +01:00
Raphael Michel
f6b1bd9fe8 [SECURITY] Fix handling of session timeouts 2017-11-25 19:18:40 +01:00
Raphael Michel
2f15d410fe Add optional timeouts for backend sessions 2017-09-04 19:50:32 +02:00
Raphael Michel
d2ce002305 Fix further problems with py.test 2016-11-08 15:25:38 +01:00
Raphael Michel
503f6dd06f Use consistent flake8 settings everywhere and fix flake8 issues 2016-10-13 22:57:57 +02:00
Raphael Michel
2611b7619e 2FA: Added tests 2016-10-09 12:59:43 +02:00
Raphael Michel
d8a84e762f Replaced first selenium tests with bs4 2016-08-14 12:15:57 +02:00
Jason Estibeiro
e685f8e819 Added basic Django password validations and updated .gitignore (#136) 2016-05-11 13:38:31 +02:00
Raphael Michel
c47008cc18 Added password reset to control.auth 2015-10-04 13:52:08 +02:00
Raphael Michel
109e18e891 Added unit tests for authentication forms 2015-09-29 01:00:54 +02:00
Raphael Michel
7def097dcd Refs #96 -- Completely removed local users 2015-09-17 00:55:00 +02:00
Raphael Michel
e828d711bd Used isort to order all import statements 2015-07-19 20:46:34 +02:00
Raphael Michel
2fce883230 Move tests to directory outside of the main package 2015-03-14 00:57:09 +01:00