| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* allow basic math ops in amount field for bills form
* docs: changing compile-translations to build-translations
|
|
|
|
Closes #390
|
|
|
|
|
|
As there is a lot of stuff in « fixed », might be a bit clearer to group them
loosely.
Clean room for next release :-).
|
|
* Remove unwanted space in utils.py
* Fix email validation when sending invites
|
|
I don't know why, but on my setup (nginx + uwsgi), the `strict_slashes` (default to `True`) was causing an infinite loop.
I think it could be safely removed for this route only.
|
|
|
|
|
|
|
|
PyMySQL is more difficult to install since its version 0.9 since it now depends
on *cryptography* lib, which in turns depends on OpenSSL and Python dev files.
See https://github.com/PyMySQL/PyMySQL/issues/697
|
|
|
|
|
|
|
|
|
|
|
|
The flask-rest custom json encoder is still needed
and thus was added to ihatemoney's utils.
Closes #298
|
|
* Make sidebar scrollable
Make sidebar scrollable.
* Update CHANGELOG.rst
Fixes #318
|
|
|
|
|
|
This makes it inconsistent with our own generated passwords. Only check
that the password has been hashed.
Fixes #310.
|
|
The script was relying on the presence of an environment variable, which
is only set when the virtualenv is activated. But a virtualenv does not
have to be activated to work (it's possible to call the python command
directly).
This fixes it by relying on `sys.executable` which should be correct at
all times.
Fixes #306
|
|
|
|
|
|
|
|
* Fix PUT api/project/:code/members/:id
Before that commit, every PUT *must* change the name of the members, so that was :
- no idempotence,
- no ability to change only weight
fix #295
* Remove redundant comment
|
|
* Remove the password from API GET responses
While keeping it for POST/PUT.
fix #289
* Add a test to check password change via API
|
|
- Remove all occurences of clear text project passwords.
- Migrate the database to hash the previously stored passwords.
Closes #232
|
|
* Use token based auth in invitation e-mails
Invitation e-mails no longer contain the clear
text project password
* Skip invite page after project creation
- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
|
|
fix #274
|
|
Send a mail containing a password reset
token link instead of sending a clear text
password.
Ref #232
|
|
Can be used to deploy the latest version from
PyPI in a production environment or from the
master branch in a dev environment.
|
|
* Fixed exposed password in session
The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.
* Simplify authentication logic
|
|
* Add a command to generate configuration examples
Config files are generated from templates (which remplace previous example files).
- solve the issue of hard-to-explain configuration examples
- ease pkg path seeking (avoid it, actually)
- add working defaults for sqlite and unix socket paths (instead of
/replace/me/path/example)
- move settings comments from default_settings.py to ihatemoney.cfg.j2, as it is
the one that will be facing user.
* Use generate-config command in install doc
Also follow the new working defaults of templates for socket and db path.
* Fix doc settings table
On the long term, plaintext tables might destroy humanity.
* Mention templates dir URL in documentation
As requested by @almet
|
