Commit graph

279 commits

Author SHA1 Message Date
coyotwill
30791342c8 Use SIGINT to grecefully shutdown flask 2017-05-24 14:02:23 -04:00
Nicholas Charriere
1a0546f035 Merge pull request #68 from samueldg/fix/setup_cryptography
Add cryptography in setup.py
2017-05-16 10:47:36 -07:00
Samuel Dion-Girardeau
75639357ab Add cryptography in setup.py 2017-05-16 13:33:23 -04:00
Nicholas Charriere
2b4a6a4b50 Merge pull request #65 from samueldg/feature/secure_password_storage
Feature/secure password storage
2017-05-16 10:08:17 -07:00
Samuel Dion-Girardeau
4ea2195c72 Fix header size for new section 2017-05-16 09:25:03 -04:00
Samuel Dion-Girardeau
68d4c3fc7b Document security features in the README 2017-05-15 21:34:13 -04:00
Samuel Dion-Girardeau
734336ef67 Fix alphabetical order in main.py 2017-05-15 21:07:28 -04:00
Nicholas Charriere
2fcfc6b8f1 Merge pull request #64 from guewen/add-iframely-sneaky-user-agent
Add Iframely in sneaky user-agents
2017-05-12 11:42:28 -07:00
Guewen Baconnier
7b5f804551 Add Iframely in sneaky user-agents
This "embeds as a service" is used by many apps/websites. Discovered
when my pass got eaten by the HipChat preview.
2017-05-12 08:27:52 +02:00
Samuel Dion-Girardeau
076b271be2 Use assertEqual, not assertEquals (deprecated)
Removes the following warning:

```
tests.py:96: DeprecationWarning: Please use assertEqual instead.
  self.assertEquals(rv.status_code, 404)
```
2017-05-11 21:39:26 -04:00
Samuel Dion-Girardeau
e4f5aed4fa Add tests for the encryption
Check that:

- Password is not stored in plain text in Redis;
- The token returned has the expected format;
- The key returned is indeed the decryption key;
- API backwards compatibility is maintained: passwords stored in plain text
  can be retrieved via the original URL token.

`test_returned_token_format` superseeds `test_set_password`, which
was only validating the key length.

f
2017-05-11 21:38:43 -04:00
Samuel Dion-Girardeau
dc6054f09c Encrypt passwords stored in Redis
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.

An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
2017-05-11 21:28:22 -04:00
Nicholas Charriere
27928ad833 Merge pull request #62 from samueldg/docs/pypi_badge
Docs/pypi badge
2017-05-01 21:03:06 -07:00
Samuel Dion-Girardeau
428c49a1b6 Add PyPI badge
Now that the package will be updated
2017-04-30 17:17:14 -04:00
Samuel Dion-Girardeau
2f6afd0e58 Improve Travis badge
- Alt text
- Clicking will lead to the build result, not the image.
2017-04-30 17:15:46 -04:00
Nicholas Charriere
b03755969b Merge pull request #61 from pinterest/bump-version
Bump version
2017-04-28 09:55:18 -07:00
Nicholas Charriere
e7da786016 Bump version fixing bumpversion workflow, minor 2017-04-28 09:47:46 -07:00
Nicholas Charriere
d36a91d939 Add files to bumpversion config 2017-04-28 09:46:02 -07:00
Nicholas Charriere
e1b3042ba7 Catchup version bump on release files 2017-04-28 09:42:12 -07:00
Nicholas Charriere
c377e31145 Merge pull request #59 from pinterest/10
Prepare for v1.0.0 release
2017-04-23 18:30:44 -07:00
Nicholas Charriere
47f3a31bee Fix tox env name, flake8 is recognized by the flake8 tool and duplicates setup.cfg 2017-04-23 10:08:49 -07:00
Nicholas Charriere
6d38e2b43e Add flake8 checking 2017-04-22 22:36:41 -07:00
Nicholas Charriere
47d94630db Version should be a string 2017-04-22 22:33:08 -07:00
Nicholas Charriere
ee9e996fa1 All Caps for constant vars 2017-04-22 22:29:25 -07:00
Nicholas Charriere
0edacbe037 Prepare for v1.0.0 release 2017-04-22 22:26:20 -07:00
Nicholas Charriere
431ab3b2e1 Merge pull request #57 from samueldg/fix/misc-docs
Various documentation fixes and improvements
2017-04-16 10:39:42 -07:00
Samuel Dion-Girardeau
57a40a06af Use consistent capitalization for "SnapPass" 2017-04-15 12:58:38 -04:00
Samuel Dion-Girardeau
669aa74599 Point to the appropriate Flask doc sections 2017-04-15 12:57:12 -04:00
Samuel Dion-Girardeau
400dc5cc84 Fix typo 2017-04-15 12:56:07 -04:00
Samuel Dion-Girardeau
5026711647 Fix spacing (format warning) 2017-04-15 12:56:07 -04:00
Samuel Dion-Girardeau
14fdeff4f1 Fix broken list formatting in AUTHORS.rst 2017-04-15 12:29:40 -04:00
Jon Parise
9a404d18bc Switch to SVG-based badges
These render a lot better at different resolutions.
2017-04-13 15:00:42 -07:00
Nicholas Charriere
363c2a88b6 Merge pull request #55 from pinterest/add-thanks
Add commitors to thank you in AUTHORS.rst
2017-03-12 15:34:56 -07:00
Nicholas Charrière
31ecead007 Add commitors to thank you in AUTHORS.rst 2017-03-04 12:22:21 -08:00
Nicholas Charriere
e7f8a40065 Merge pull request #50 from jameswthorne/no-zero-length
Don't allow zero length form submissions
2017-03-04 10:52:09 -08:00
Nicholas Charriere
86ecb49f94 Merge pull request #52 from jameswthorne/more-ui-tweaks
Move brief documentation to textarea
2017-03-04 10:50:55 -08:00
Nicholas Charriere
f569856f52 Merge pull request #53 from clmoreno/master
Adding skype to SNEAKY_USER_AGENTS
2017-02-18 10:59:38 -08:00
Carlos Moreno
e0a03dc484 added skype to sneaky_bots test 2017-02-17 21:48:10 -06:00
Carlos Moreno
93f6c6c06f Adding skype to SNEAKY_USER_AGENTS 2017-02-17 21:37:46 -06:00
Carlos Moreno
dfc25491cf Merge pull request #2 from pinterest/master
update
2017-02-17 21:32:09 -06:00
James W Thorne
ef0cdf8e14 Forgot empty function 2017-01-17 18:17:24 -06:00
James W Thorne
21115979c4 Combine checks 2017-01-17 17:44:47 -06:00
James W Thorne
3270e84fed Move brief documentation to textarea 2017-01-12 19:37:51 -06:00
James W Thorne
d9973c3f29 Don't allow zero length form submissions 2017-01-11 21:42:35 -06:00
Nicholas Charriere
f776c7aa28 Merge pull request #46 from frontfoot/404_to_bots
Return 404 to UserAgents matching /bot/
2017-01-10 19:47:16 -08:00
Joseph Boiteau
58f4658154
Fix code according to @jparise comments
- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
2017-01-11 13:50:42 +11:00
Joseph Boiteau
1651ac4bd5
Return 404 to UserAgents matching list
Empty User-Agent should not break
Add test for 404 response to /bot/
Wrap User-Agent check in `request_is_valid` method
2017-01-11 09:48:54 +11:00
Nicholas Charriere
1f9789edb9 Merge pull request #48 from samueldg/feature/python36
Add support for python 3.6
2017-01-09 11:47:49 -08:00
Samuel Dion-Girardeau
a60732d963 Add support for python 3.6
- Changed the Dockerfile to use `python:3.6` base image;
- Updated PyPI classifiers to include it;
- Added it to tox/travis environments for CI.
2017-01-08 19:24:10 -05:00
Nicholas Charriere
cfc670f1b1 Merge pull request #45 from frontfoot/multiline_secrets
Multiline secrets
2017-01-05 11:37:30 -08:00