aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-12-27Silent stderr output during app init for some commands (#293)JocelynDelalande1-0/+12
Avoid confusing the user for the commands outputing text to the user. fix #277
2017-12-27Require flask-rest 1.3 minimum.Alexis Métaireau1-1/+1
Fixes #294
2017-12-27Add tests for #294Alexis Métaireau1-1/+7
2017-12-27Position flash messages with CSS rather than JS (#292)JocelynDelalande2-6/+11
Visual result is exactly the same, but less black magic :-).
2017-12-27 Fix PUT api/project/:code/members/:id (#297)JocelynDelalande3-3/+17
* Fix PUT api/project/:code/members/:id Before that commit, every PUT *must* change the name of the members, so that was : - no idempotence, - no ability to change only weight fix #295 * Remove redundant comment
2017-12-23Remove un-needed sidebar block (#291)JocelynDelalande1-1/+0
{% block sidebar %} is used by sidebar_table_layout.html and its children, not by layout.html nor its direct children. This is dead code removal.
2017-12-22Remove API password (#290)JocelynDelalande3-7/+18
* Remove the password from API GET responses While keeping it for POST/PUT. fix #289 * Add a test to check password change via API
2017-12-21Replace some CSS by some JS (#288)JocelynDelalande2-14/+3
2017-12-21Use hashed passwords for projects (#286)0livd8-31/+75
- Remove all occurences of clear text project passwords. - Migrate the database to hash the previously stored passwords. Closes #232
2017-12-21Add missing properties in API docs (#287)JocelynDelalande1-13/+19
* Mention weights in API doc Because this is reality :-) * Mention balance property in API doc Still because this is reality.
2017-12-15Use token based auth in invitation e-mails (#280)0livd13-57/+98
* Use token based auth in invitation e-mails Invitation e-mails no longer contain the clear text project password * Skip invite page after project creation - Replace ``The project identifier is demo, remember it!`` by ``Invite other people to join this project!`` (linking to the invite page) - Encourage users to share the project password via other communication means in the reminder email
2017-11-11Fix some typos using codespell (#285)Alexandre Avenel5-6/+6
2017-11-02Add a database revision makefile recipe (#281)0livd1-0/+4
2017-11-01Print out when pip is missing.Alexis Métaireau1-1/+1
2017-11-01Merge pull request #279 from JocelynDelalande/jd-upgrade-docJocelynDelalande4-0/+82
Add an upgrade guide
2017-11-01Add an upgrade guideJocelyn Delalande4-0/+82
fix #274
2017-11-01Parse requirements.txt in setup.py. Fix #273 (#284)Alexis Metaireau2-24/+16
2017-11-01Add some information about Yunohost in the documentation. (#283)Alexis Metaireau1-0/+9
2017-11-01Update installation doc to include doc about production values, fix #266. (#282)Lucas Verney2-6/+28
2017-10-26Use token based auth to reset passwords (#269)0livd15-16/+156
Send a mail containing a password reset token link instead of sending a clear text password. Ref #232
2017-10-25Add a DockerFile (#272)0livd4-1/+93
Can be used to deploy the latest version from PyPI in a production environment or from the master branch in a dev environment.
2017-10-23Make authentication logic simpler and safer (#270)0livd3-38/+30
* Fixed exposed password in session The project password was set in clear text in the session cookie. The cookie payload is only base64 encoded so it must not be used to store private information. The password is simply replaced by a boolean. * Simplify authentication logic
2017-10-23Fix Travis-CI integration (#276)Alexis Metaireau2-7/+13
Use tox-travis to solve the current issues with Travis-CI
2017-10-23Enhance install process by generating config files from templates (#275)JocelynDelalande12-119/+197
* Add a command to generate configuration examples Config files are generated from templates (which remplace previous example files). - solve the issue of hard-to-explain configuration examples - ease pkg path seeking (avoid it, actually) - add working defaults for sqlite and unix socket paths (instead of /replace/me/path/example) - move settings comments from default_settings.py to ihatemoney.cfg.j2, as it is the one that will be facing user. * Use generate-config command in install doc Also follow the new working defaults of templates for socket and db path. * Fix doc settings table On the long term, plaintext tables might destroy humanity. * Mention templates dir URL in documentation As requested by @almet
2017-09-07Do not import the whole werkzeug pkg (#271)0livd1-4/+4
2017-09-06Normalize changelog (#265)JocelynDelalande1-18/+24
* Fix RST markup This was formatted as markdown while this is a .rst * Mention Issue/PR numbers in ChangeLog * Rephrase changelog entries to be more succint And clearer, IMHO. * Move changes to Changed section. * Remove redundant entry
2017-09-06BREAKING CHANGE: Rename supervisor program (#268)JocelynDelalande1-1/+1
To match `budget` name disparition (package got renamed in #243). This should be mentioned in upgrade guide. ref #243 #264
2017-09-06Fix default SQLALCHEMY_DATABASE_URI value in doc (#267)JocelynDelalande1-6/+6
Reality-sync with default_settings.py Not fixing the whole table layout because - my text editor doesn't do it ; - I'm too lazy ; - #251 is IMHO the real way to this issue :)
2017-09-04Enhance the dashboard. (#262)0livd13-58/+193
* Update to a more flexible admin authentication * Admin can now access any project * Add delete and edit options in the dashboard * Add a link to the dashboard in the nav bar This is a rework of the changes proposed by @Olivd, so they can apply on top of the latest master without trouble. All credit goes to him for the code.
2017-08-24Add doc building instructions (#263)JocelynDelalande1-0/+16
2017-08-21Add a statistics tab (#257)0livd8-0/+154
2017-08-20Protect admin endpoints against brute force attacks (#249)0livd6-9/+93
* Protect admin endpoints against brute force attacks Add a throttling mechanism to prevent a client brute forcing the authentication form, based on its ip address Closes #245 * Reset attempt counters if they get memory hungry
2017-08-20Streamline installation doc, now using pip (#252)JocelynDelalande6-40/+106
* Fix conf files to reflect module renaming Python module was renamed budget → ihatemoney (see #243 and 6923367). Now, "budget" relates to nothing. * Harmonize `APPLICATION_ROOT` doc with other settings * Fix link markup * Switch documentation to recomend pip over git - Update installation instruction - Clearly separate dev setup from installation - Some rewordings/section-ization by the way * Add a hint on how to find the static path This is a downside on the pip choice over git for installation. We will have to ease that a bit. By doc or by code, before next release. * Make the nginx deployment doc more accurate * Add a big fat warning about SECRET_KEY in doc
2017-08-20Fix misplaced datepicker configuration (#258)0livd2-7/+7
Bootstrap-datepicker is only included in the list_bills template but its configuration was living in the layout template, leading to a javascript error on every page except list_bills. Fixes #256
2017-08-20Add python 3.6 support (#259)0livd7-7/+8
Closes #253
2017-08-06Fix #248: Database creation issue (#254)0livd2-2/+2
In flask's development server, the route handlers run in a different thread than the main thread thus an in-memory database created in the main thread cannot be acccessed by the route handlers. Switching the default database location to a temporary file solves the isssue. See full explanation here: https://gehrcke.de/2015/05/in-memory-sqlite-database-and-flask-a-threading-trap/
2017-07-09Revert configuration tests deletion (#250)0livd1-4/+26
Some supernatural power erased the configuration tests, they're now back !
2017-07-07Absolute imports & some other improvements (#243)Alexis Metaireau82-524/+613
* Use absolute imports and rename package to ihatemoney * Add a ihatemoney command * Factorize application creation logic * Refactor the tests * Update the wsgi.py module with the new create_app() function * Fix some styling thanks to Flake8. * Automate Flake8 check in the CI.
2017-06-28Make all imports relative (#229)Alexis Metaireau9-27/+36
* Make all imports relative * Change the way the application runs in the Makefile * Import the default settings relatively * Fix manage.py imports
2017-06-28Turn the WSGI file into a python module (#240)0livd4-2/+5
* Turn the WSGI file into a python module * Update conf files to use the new wsgi module Apache and gunicorn now use the same entrypoint * Update Changelog
2017-06-27Remove unused option in the setup script (#239)0livd2-3/+3
Additionnal files to be distributed along with the sources are already specified in the MANIFEST.in file thus the package_data entry in the setup script can be safely removed
2017-06-27Merge pull request #226 from spiral-project/rename-delete-to-deactivateJocelynDelalande4-4/+10
Rename delete to deactivate for members. Fixes #177
2017-06-27Warn user when using default 'not-so-secret' secret-key.Alexis Métaireau1-1/+9
2017-06-27Use a hashed password for ADMIN_PASSWORD (#236)0livd6-25/+54
* Use a hashed password for ADMIN_PASSWORD A generate_password_hash manage.py command is provided Fixes #233 * Print a console warning for users using a clear text ADMIN_PASSWORD * Reword ADMIN_PASSWORD doc * Update changelog * Update CHANGELOG.rst - say it out loud - bump to 2.0 (that's the logic of semantic versioning while introducing breaking changes) * Bump to 2.0 (breaking change) * Update hashed password warning message * Mention the generate password hash in the Changelog
2017-06-26Explain better what is a deactivation of a member, per @JocelynDelalande's ↵Alexis Métaireau3-3/+5
review
2017-06-21Re-organize the documentation (#223)Alexis Metaireau11-439/+232
* Re-organize the documentation * Fix encoding errors for python 2 * Document the dependencies. Fixes #199 * Add a make update command. Fixes #211
2017-06-21Add meta viewport tag. Fixes #219. (#231)Lucas Verney1-0/+1
2017-06-21Rename delete to deactivate for members. Fixes #177Alexis Métaireau3-1/+5
2017-06-20Back to development: 1.1Jocelyn Delalande2-1/+7
2017-06-20Preparing release 1.0Jocelyn Delalande2-2/+2
generated by cgit v1.1 at 2025-12-06 15:55:05 +0000