| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
fix #274
|
|
|
|
|
|
|
|
Send a mail containing a password reset
token link instead of sending a clear text
password.
Ref #232
|
|
Can be used to deploy the latest version from
PyPI in a production environment or from the
master branch in a dev environment.
|
|
* Fixed exposed password in session
The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.
* Simplify authentication logic
|
|
Use tox-travis to solve the current issues with Travis-CI
|
|
* Add a command to generate configuration examples
Config files are generated from templates (which remplace previous example files).
- solve the issue of hard-to-explain configuration examples
- ease pkg path seeking (avoid it, actually)
- add working defaults for sqlite and unix socket paths (instead of
/replace/me/path/example)
- move settings comments from default_settings.py to ihatemoney.cfg.j2, as it is
the one that will be facing user.
* Use generate-config command in install doc
Also follow the new working defaults of templates for socket and db path.
* Fix doc settings table
On the long term, plaintext tables might destroy humanity.
* Mention templates dir URL in documentation
As requested by @almet
|
|
|
|
* Fix RST markup
This was formatted as markdown while this is a .rst
* Mention Issue/PR numbers in ChangeLog
* Rephrase changelog entries to be more succint
And clearer, IMHO.
* Move changes to Changed section.
* Remove redundant entry
|
|
To match `budget` name disparition (package got renamed in #243).
This should be mentioned in upgrade guide.
ref #243 #264
|
|
Reality-sync with default_settings.py
Not fixing the whole table layout because
- my text editor doesn't do it ;
- I'm too lazy ;
- #251 is IMHO the real way to this issue :)
|
|
* Update to a more flexible admin authentication
* Admin can now access any project
* Add delete and edit options in the dashboard
* Add a link to the dashboard in the nav bar
This is a rework of the changes proposed by @Olivd, so they can apply on top of
the latest master without trouble. All credit goes to him for the code.
|
|
|
|
|
|
* Protect admin endpoints against brute force attacks
Add a throttling mechanism to prevent a client brute
forcing the authentication form, based on its ip address
Closes #245
* Reset attempt counters if they get memory hungry
|
|
* Fix conf files to reflect module renaming
Python module was renamed budget → ihatemoney (see #243 and 6923367).
Now, "budget" relates to nothing.
* Harmonize `APPLICATION_ROOT` doc with other settings
* Fix link markup
* Switch documentation to recomend pip over git
- Update installation instruction
- Clearly separate dev setup from installation
- Some rewordings/section-ization by the way
* Add a hint on how to find the static path
This is a downside on the pip choice over git for installation.
We will have to ease that a bit. By doc or by code, before next release.
* Make the nginx deployment doc more accurate
* Add a big fat warning about SECRET_KEY in doc
|
|
Bootstrap-datepicker is only included in the
list_bills template but its configuration was
living in the layout template, leading to a
javascript error on every page except list_bills.
Fixes #256
|
|
Closes #253
|
|
In flask's development server, the route handlers
run in a different thread than the main thread
thus an in-memory database created in the main thread
cannot be acccessed by the route handlers.
Switching the default database location to a temporary
file solves the isssue.
See full explanation here:
https://gehrcke.de/2015/05/in-memory-sqlite-database-and-flask-a-threading-trap/
|
|
Some supernatural power erased the configuration
tests, they're now back !
|
|
* Use absolute imports and rename package to ihatemoney
* Add a ihatemoney command
* Factorize application creation logic
* Refactor the tests
* Update the wsgi.py module with the new create_app() function
* Fix some styling thanks to Flake8.
* Automate Flake8 check in the CI.
|
|
* Make all imports relative
* Change the way the application runs in the Makefile
* Import the default settings relatively
* Fix manage.py imports
|
|
* Turn the WSGI file into a python module
* Update conf files to use the new wsgi module
Apache and gunicorn now use the same entrypoint
* Update Changelog
|
|
Additionnal files to be distributed along
with the sources are already specified in
the MANIFEST.in file thus the package_data
entry in the setup script can be safely removed
|
|
Rename delete to deactivate for members. Fixes #177
|
|
|
|
* Use a hashed password for ADMIN_PASSWORD
A generate_password_hash manage.py command is provided
Fixes #233
* Print a console warning for users using a clear text ADMIN_PASSWORD
* Reword ADMIN_PASSWORD doc
* Update changelog
* Update CHANGELOG.rst
- say it out loud
- bump to 2.0 (that's the logic of semantic versioning while introducing breaking changes)
* Bump to 2.0 (breaking change)
* Update hashed password warning message
* Mention the generate password hash in the Changelog
|
|
review
|
|
* Re-organize the documentation
* Fix encoding errors for python 2
* Document the dependencies. Fixes #199
* Add a make update command. Fixes #211
|
|
|
|
|
|
|
|
|
|
|
|
The wsgi file needs to live in the budget dir
if we want it to be installed by setuptools
|
|
Closes #216
|
|
The path no longer needs to be modified in the .wsgi file
|
|
Fix navbar responsiveness on mobile.
|
|
* Add a @requires_admin decorator
It can be used to protect specific endpoints with ADMIN_PASSWORD
(a password that is stored unencrypted in the settings)
The decorator has no effect if ADMIN_PASSWORD is an empty string (default value)
* Require admin permissions to access create project endpoint
When ADMIN_PASSWORD is not empty, project creation form on the
home page will be replaced by a link to the create project endpoint
so one is able to enter the admin password before filling the form
|
|
When set to False (True by default), it deactivates
the demo project
|
|
* Fix rst link formatting in the README
* Use Sphinx 1.5.5 since 1.6b2 is selected otherwise and breaks.
|
|
|
|
Default settings from app's root path are loaded first
Settings are then overriden by /etc/ihatemoney/ihatemoney.cfg
or by another file which path is set in an env var
Fixes #187
|
|
* Move tests to budget.tests
Update tox.ini to call the unittest dicovery module
Closes #196
* Fix typo in Readme
|
|
* Fix Python lookup in the Makefile
* Improve the Makefile
To make sure calling for "make serve"
works straight away, the dependencies are
automatically prepared. A "make clean" has
been added, to test this feature.
|
|
Without this information, I really could not understand where to go next.
|
|
Add the possibilty to run ihatemoney via Apache mod_wsgi
ihatemoney.wsgi is the entry point for mod_wsgi.
A virtualenv can be activated if its path is specified as
an env var in the apache virtual host file
|
|
|
