aboutsummaryrefslogtreecommitdiff
path: root/ihatemoney/tests
AgeCommit message (Collapse)AuthorFilesLines
2017-12-27Add tests for #294Alexis Métaireau1-1/+7
2017-12-27 Fix PUT api/project/:code/members/:id (#297)JocelynDelalande1-2/+11
* Fix PUT api/project/:code/members/:id Before that commit, every PUT *must* change the name of the members, so that was : - no idempotence, - no ability to change only weight fix #295 * Remove redundant comment
2017-12-22Remove API password (#290)JocelynDelalande1-6/+16
* Remove the password from API GET responses While keeping it for POST/PUT. fix #289 * Add a test to check password change via API
2017-12-21Use hashed passwords for projects (#286)0livd1-11/+15
- Remove all occurences of clear text project passwords. - Migrate the database to hash the previously stored passwords. Closes #232
2017-12-15Use token based auth in invitation e-mails (#280)0livd1-0/+23
* Use token based auth in invitation e-mails Invitation e-mails no longer contain the clear text project password * Skip invite page after project creation - Replace ``The project identifier is demo, remember it!`` by ``Invite other people to join this project!`` (linking to the invite page) - Encourage users to share the project password via other communication means in the reminder email
2017-11-11Fix some typos using codespell (#285)Alexandre Avenel1-2/+2
2017-10-26Use token based auth to reset passwords (#269)0livd1-0/+24
Send a mail containing a password reset token link instead of sending a clear text password. Ref #232
2017-10-23Make authentication logic simpler and safer (#270)0livd1-2/+2
* Fixed exposed password in session The project password was set in clear text in the session cookie. The cookie payload is only base64 encoded so it must not be used to store private information. The password is simply replaced by a boolean. * Simplify authentication logic
2017-09-04Enhance the dashboard. (#262)0livd1-3/+28
* Update to a more flexible admin authentication * Admin can now access any project * Add delete and edit options in the dashboard * Add a link to the dashboard in the nav bar This is a rework of the changes proposed by @Olivd, so they can apply on top of the latest master without trouble. All credit goes to him for the code.
2017-08-21Add a statistics tab (#257)0livd1-0/+62
2017-08-20Protect admin endpoints against brute force attacks (#249)0livd1-0/+23
* Protect admin endpoints against brute force attacks Add a throttling mechanism to prevent a client brute forcing the authentication form, based on its ip address Closes #245 * Reset attempt counters if they get memory hungry
2017-08-06Fix #248: Database creation issue (#254)0livd1-1/+1
In flask's development server, the route handlers run in a different thread than the main thread thus an in-memory database created in the main thread cannot be acccessed by the route handlers. Switching the default database location to a temporary file solves the isssue. See full explanation here: https://gehrcke.de/2015/05/in-memory-sqlite-database-and-flask-a-threading-trap/
2017-07-09Revert configuration tests deletion (#250)0livd1-4/+26
Some supernatural power erased the configuration tests, they're now back !
2017-07-07Absolute imports & some other improvements (#243)Alexis Metaireau4-0/+1193
* Use absolute imports and rename package to ihatemoney * Add a ihatemoney command * Factorize application creation logic * Refactor the tests * Update the wsgi.py module with the new create_app() function * Fix some styling thanks to Flake8. * Automate Flake8 check in the CI.
generated by cgit v1.1 at 2025-12-06 10:16:13 +0000