ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
936 commits 4 branches 22 tags 15 MiB
Commit graph

396 commits

Author SHA1 Message Date
ReAnzu
d9b3160437 Fixed existing tests, added new tests around endpoints, authentication, and password hash hardening 2018-02-27 22:29:38 -06:00
ReAnzu
187ab77ebd Resolved a few failing tests due to config issues 2018-02-27 19:29:58 -06:00
ReAnzu
70a42c9df2 Resolved the logout issue for when users:create:any is executed. 
* Resolved an issue where user_tokens:*:any permissions didn't operate on the correct user.
* Updated user_token -> user_tokens permissions to mirror other permissions.
 2018-02-27 18:34:37 -06:00
ReAnzu
05d2785ec6 Added a Manage tokens tab to the user panel 2018-02-27 18:14:07 -06:00
ReAnzu
22cf806220 Added versioning, cleaned up API documentation, fixed endpoints, resolved logout diplay update issue 2018-02-26 21:47:01 -06:00
ReAnzu
d0b423e91c Updated API documentation for the new user-token endpoints 2018-02-26 20:45:51 -06:00
ReAnzu
deb70e5f28 Tokens now correctly delete themselves 2018-02-26 19:53:56 -06:00
ReAnzu
f11f4e9313 Revert "Cleanup func imports, and small formatting changes." 
This reverts commit 796563f
 2018-02-26 19:52:02 -06:00
ReAnzu
796563f772 Cleanup func imports, and small formatting changes. 2018-02-25 17:30:48 -06:00
ReAnzu
a526a56767 Users are only authenticated against their password on login, and to retrieve a token. 
* Passwords are wiped from the app and cookies after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option, the token is stored in the cookie
* A user interface to revoke tokens will be added
 2018-02-25 04:44:02 -06:00
ReAnzu
d6ee744777 Added migration to support new password_hash format 2018-02-25 00:05:15 -06:00
ReAnzu
0e5fbde097 Changed password setup to use libsodium and argon2id 
* regular SHA256 is not secure
* added code to auto migrate old passwords to the new password_hash if the existing password_hash matches either of the old password generation schemes.
 2018-02-24 23:45:00 -06:00
ReAnzu
838ced3aae Delete thumbnails and post images immediately on post delete 2018-02-24 01:57:31 -06:00
ReAnzu
4f612a6f64 Allow for thumbnails to be generated even on ffmpeg warnings 2018-02-24 01:48:10 -06:00
ReAnzu
90044eacd2 Added auto conversion option for gif to mp4,webm 
* webm conversion is slow, but better quality than mp4 conversion and with a typically smaller filesize
 2018-02-24 01:06:11 -06:00
ReAnzu
bc947a14ae Working on adding functionality for administrators to directly add users to the application 2018-02-23 22:05:58 -06:00
ReAnzu
a5211d9483 Added the ability to disable registration in the config file 2018-02-23 18:09:37 -06:00
rr-
a1fbeb91a0 server/users: fix checking passwords with colons 2018-02-10 14:04:02 +01:00
rr-
f8c7375b01 server/tags: allow uppercase tag category colors 
i.e. colors such as "#FF0000"
 2017-10-08 21:38:38 +02:00
rr-
1c4c5c5f91 remove tags.json 2017-10-01 21:48:00 +02:00
rr-
674d6c35d7 server/posts: add posts:view:featured privilege 2017-08-24 17:17:09 +02:00
rr-
4afece8d50 server/posts: add non-guessable IDs to post URLs 2017-08-24 17:17:09 +02:00
rr-
3c138685ea server/images: handle resizing errors 2017-05-03 12:10:04 +02:00
rr-
a1b762c65f api: fix getting cached disk usage with empty dirs 2017-05-01 20:26:53 +02:00
rr-
4bc58a3c95 server: lint 2017-04-24 23:30:53 +02:00
rr-
467b4a7630 server/tags: fix nondeterministic siblings order 2017-04-24 22:48:11 +02:00
rr-
8e5798ab8c server/tests: fix content sync tests on postgres 2017-04-24 22:36:41 +02:00
rr-
e4aa38f159 server/search: fix errors on negative page offsets 2017-04-24 22:12:12 +02:00
rr-
ba4df16499 server/search: add search term escaping 2017-04-24 21:59:38 +02:00
rr-
9814b132c3 server/search: fix searching for --- 
Allow only one negation sign.
Also throw an error if user searches only for "-".
 2017-04-24 19:55:02 +02:00
rr-
0014721053 server/tags: fix retrieving many tags 2017-04-19 14:44:54 +02:00
rr-
7044d2aaee server/posts: ignore old elasticsearch results 2017-03-12 18:30:42 +01:00
rr-
5681fd11ef server/net: make the user-agent configurable 
Fixes #127
 2017-03-03 17:27:23 +01:00
rr-
fdad08e176 server: use index-based paging (#123) 2017-02-09 22:40:00 +01:00
Alice Ryhl
a3b3532ca4 server/api: patch timing attack on password reset form 2017-02-07 20:29:37 +01:00
rr-
7f09306dde server/api: fix unicode urls (#121) 2017-02-07 18:03:35 +01:00
rr-
74c583f11d server/build: fix alembic environment script 2017-02-05 23:29:21 +01:00
rr-
72056e0cd2 server/requirements: fix skimage package name... 
Brain fart during previous commit...
 2017-02-05 23:27:59 +01:00
rr-
ee6b66329b server/posts: fix search by aspect ratio 
It was being rounded to nearest integer because of the width/height
columns' data type.
 2017-02-05 23:21:43 +01:00
rr-
49e5975254 server/model: use new sqlalchemy import style 2017-02-05 23:21:43 +01:00
rr-
f40a8875c4 server/files: fix import for Py3.5 
os.DirEntry is available only from Python3.6+.
 2017-02-05 22:38:55 +01:00
rr-
4caa980bf8 server/build: add missing dependency 
Althought szurubooru is now no longer dependent from image-match, the
pulled code still needs the skimage library.
 2017-02-05 22:38:05 +01:00
rr-
00c3a4320b server/posts: support aspect-ratio search query 2017-02-05 22:09:33 +01:00
rr-
0b21d98c9b server/posts: support note-text search query 2017-02-05 21:51:53 +01:00
rr-
e725f4f99c server/api: extra validation of list fields 2017-02-05 16:34:45 +01:00
rr-
705967d0fb server/scripts: remove lint 
Any configuration for pycodestyle should go to the new setup.cfg file.
 2017-02-05 16:34:45 +01:00
rr-
350e9dd331 server/scripts: replace ./test with setup.cfg 2017-02-05 16:34:45 +01:00
rr-
e490080347 server/scripts: remove migration script 
It was unmaintained for months (years?) anyway
 2017-02-05 16:34:45 +01:00
rr-
ad842ee8a5 server: refactor + add type hinting 
- Added type hinting (for now, 3.5-compatible)
- Split `db` namespace into `db` module and `model` namespace
- Changed elastic search to be created lazily for each operation
- Changed to class based approach in entity serialization to allow
  stronger typing
- Removed `required` argument from `context.get_*` family of functions;
  now it's implied if `default` argument is omitted
- Changed `unalias_dict` implementation to use less magic inputs
 2017-02-05 16:34:45 +01:00
rr-
abf1fc2b2d server: make linters happier 2017-02-03 22:42:14 +01:00