a7e6919b96
Fixes confirm email slow and adds test
2023-07-16 05:55:38 -07:00
11f1a4662e
Don't allow invalid account reactivation
2023-06-21 15:47:20 -07:00
89478ac87e
Merge pull request #2491 from chdorner/register-tz-support
...
Detect preferred timezone via JavaScript on register
2022-12-11 14:49:29 -08:00
Christof Dorner
13b262bb7b
Detect preferred timezone via JavaScript on register
2022-12-11 23:32:07 +01:00
50a42dc0a2
Use user.reactivate when a user confirms their email address
...
This is cleaner and easier to maintain.
2022-12-11 11:44:04 -08:00
70d639440e
Show impressum
2022-11-25 12:06:32 -08:00
eae1866992
Allow users to temporarily deactivate their accounts ( #2324 )
2022-11-10 13:40:54 -08:00
79b04c2240
various 2fa improvements
...
- cleaner code
- use TWO_FACTOR_LOGIN_MAX_SECONDS instead of hardcoded number
- render qrcode properly
- use nginx to rate limit login attempts
- do not throw error if session user is undefined
2022-10-15 07:47:20 +11:00
28329c1781
use string for datetime in session
...
It seemed to work when testing manually, but both pytest and the django documentation indicate that you can't pass datetimes around as session values.
2022-10-15 07:47:20 +11:00
6db4fb39ed
improve security and fix error msg
...
- Instead of passing the user as a hidden form element, we use a session variable.
- Introduces a 60 second limit on completing the login, and an exponentially increasing delay to attempt to login with 2FA if the code is entered incorrectly.
- use proper Django form error when incorrect otp value entered
2022-10-15 07:47:20 +11:00
9d12b7caff
make pylint stop grumbling
2022-10-15 07:47:20 +11:00
1d13f0ab4f
lint
2022-10-15 07:47:20 +11:00
8837495ffd
redirect login to 2fa check if active
2022-10-15 07:47:20 +11:00
6947f3b787
Uses class method to get list of instance admins
...
Re-writing this query over and over is a bad approach
2022-09-19 10:43:52 -07:00
8e2a8ec6e0
Removes improperly places csrf_exempt decorator
2022-07-29 13:40:40 -07:00
3846b201bd
Updates reset password flow to use validators
2022-07-15 11:39:18 -07:00
5ecd75ee24
Remove redirecting to "next"
...
This wasn't even particularly working
2022-07-14 12:54:02 -07:00
69728439c8
Remove error reporting on resend to invalid email address
2022-07-14 12:23:43 -07:00
7a772c7d3e
Use POST instead of GET for logout function
2022-07-10 09:30:39 -07:00
fd5e513ad6
Update password reset copy so as not to reveal whether the email exists
...
A malicious user could use this to test which email addresses are in the
user database.
2022-07-06 19:34:00 -07:00
a6cb46356f
Show clearer behavior when no email confirmation is needed after all
2022-04-26 08:14:31 -07:00
78ac252dae
Python formatting
2022-03-19 12:08:57 -07:00
4386d2ddb9
Switches resend email to modal
2022-03-19 12:00:16 -07:00
23d0d3e2b7
Register admin user
2022-02-17 11:25:11 -08:00
b4e0749f73
Disallow registration in install mode and adds redirects
2022-02-17 10:52:12 -08:00
4ba375892a
Merge pull request #1793 from bookwyrm-social/more-caches
...
More caches
2022-01-10 11:25:26 -08:00
0a182e8150
Caches query for landing page books
2022-01-09 13:04:41 -08:00
599c79917e
Makes query to get admins unique
2022-01-08 18:44:32 -08:00
26928252cd
Use cache
2022-01-08 11:44:04 -08:00
bb4b724b1a
Updates queries
2022-01-08 11:26:15 -08:00
a1e3ef1c79
Fixes pylint complaint
2022-01-06 18:47:14 -08:00
e4be6a98e8
do not cache registration form
...
Fixes #1777
Caching the Landing view also caches the registration form, including the CSRF value.
This moves the caching into the recently reviewed books landing template which is presumably what we're trying to cache here, instead of caching the whole view.
NOTE: this fixes the problem with registration, I haven't done enough testing to be sure it actually still caches the recent reviews data.
2022-01-07 13:13:56 +11:00
0f09759662
Separate out landing and about views files
2022-01-06 09:51:38 -08:00
b8c72d75e5
Python formatting
2022-01-06 09:48:36 -08:00
461bfd0ce7
Link to books
2022-01-06 09:47:46 -08:00
d690224559
Use weighted averages
2022-01-06 09:39:51 -08:00
840746754d
Fixes superlatives
2022-01-06 09:22:10 -08:00
4caa68200f
Adds more info to the about page
2022-01-06 09:04:59 -08:00
b855464396
Expands about pages
2022-01-05 21:42:41 -08:00
b0fef8f0e3
Cache landing page
2022-01-05 15:53:01 -08:00
14601a0c31
Don't error out on invalid login POST
...
Thanks, log4j exploit scanners, for catching this one
2021-12-28 14:50:28 -08:00
290039ac66
Moves landing views into directory
2021-10-16 11:45:55 -07:00
