ihatemoney-mirror.git - [no description]

Age	Commit message (Collapse)	Author	Files	Lines
2018-08-05	Remove strict_slashes for /	Glandos	1	-1/+1
	I don't know why, but on my setup (nginx + uwsgi), the `strict_slashes` (default to `True`) was causing an infinite loop. I think it could be safely removed for this route only.
2018-02-07	Move member stats computation to a dedicated method	Jocelyn Delalande	1	-14/+1

2018-02-07	Change statistics data structure	Jocelyn Delalande	1	-13/+14
	Clearer data structure, and simpler template This commit has a side effect: sidebar now hides disabled members. IMHO, the disabled members should either be hidden or shown consistently between sidebar and central table. Previous status was: shown in sidebar (if balance ≠ 0) and hidden in central table.
2018-01-05	Include all .j2 files in the packaged version.	Alexis Métaireau	1	-3/+3
	I've also renamed the templates to *.j2 in order to make things clearer to others. Having extensions with the name of the locale doesn't seem to be a good practice, and would need us to add the locales in the MANIFEST file each time we add one. Fix #305
2017-12-21	Use hashed passwords for projects (#286)	0livd	1	-13/+11
	- Remove all occurences of clear text project passwords. - Migrate the database to hash the previously stored passwords. Closes #232
2017-12-15	Use token based auth in invitation e-mails (#280)	0livd	1	-11/+21
	* Use token based auth in invitation e-mails Invitation e-mails no longer contain the clear text project password * Skip invite page after project creation - Replace ``The project identifier is demo, remember it!`` by ``Invite other people to join this project!`` (linking to the invite page) - Encourage users to share the project password via other communication means in the reminder email
2017-11-11	Fix some typos using codespell (#285)	Alexandre Avenel	1	-1/+1

2017-10-26	Use token based auth to reset passwords (#269)	0livd	1	-3/+26
	Send a mail containing a password reset token link instead of sending a clear text password. Ref #232
2017-10-23	Make authentication logic simpler and safer (#270)	0livd	1	-36/+27
	* Fixed exposed password in session The project password was set in clear text in the session cookie. The cookie payload is only base64 encoded so it must not be used to store private information. The password is simply replaced by a boolean. * Simplify authentication logic
2017-09-07	Do not import the whole werkzeug pkg (#271)	0livd	1	-4/+4

2017-09-04	Enhance the dashboard. (#262)	0livd	1	-20/+60
	* Update to a more flexible admin authentication * Admin can now access any project * Add delete and edit options in the dashboard * Add a link to the dashboard in the nav bar This is a rework of the changes proposed by @Olivd, so they can apply on top of the latest master without trouble. All credit goes to him for the code.
2017-08-21	Add a statistics tab (#257)	0livd	1	-0/+22

2017-08-20	Protect admin endpoints against brute force attacks (#249)	0livd	1	-5/+17
	* Protect admin endpoints against brute force attacks Add a throttling mechanism to prevent a client brute forcing the authentication form, based on its ip address Closes #245 * Reset attempt counters if they get memory hungry
2017-07-07	Absolute imports & some other improvements (#243)	Alexis Metaireau	1	-0/+500
	* Use absolute imports and rename package to ihatemoney * Add a ihatemoney command * Factorize application creation logic * Refactor the tests * Update the wsgi.py module with the new create_app() function * Fix some styling thanks to Flake8. * Automate Flake8 check in the CI.