Nicholas Charriere
2b4a6a4b50
Merge pull request #65 from samueldg/feature/secure_password_storage
...
Feature/secure password storage
2017-05-16 10:08:17 -07:00
Samuel Dion-Girardeau
4ea2195c72
Fix header size for new section
2017-05-16 09:25:03 -04:00
Samuel Dion-Girardeau
68d4c3fc7b
Document security features in the README
2017-05-15 21:34:13 -04:00
Samuel Dion-Girardeau
734336ef67
Fix alphabetical order in main.py
2017-05-15 21:07:28 -04:00
Nicholas Charriere
2fcfc6b8f1
Merge pull request #64 from guewen/add-iframely-sneaky-user-agent
...
Add Iframely in sneaky user-agents
2017-05-12 11:42:28 -07:00
Guewen Baconnier
7b5f804551
Add Iframely in sneaky user-agents
...
This "embeds as a service" is used by many apps/websites. Discovered
when my pass got eaten by the HipChat preview.
2017-05-12 08:27:52 +02:00
Samuel Dion-Girardeau
076b271be2
Use assertEqual, not assertEquals (deprecated)
...
Removes the following warning:
```
tests.py:96: DeprecationWarning: Please use assertEqual instead.
self.assertEquals(rv.status_code, 404)
```
2017-05-11 21:39:26 -04:00
Samuel Dion-Girardeau
e4f5aed4fa
Add tests for the encryption
...
Check that:
- Password is not stored in plain text in Redis;
- The token returned has the expected format;
- The key returned is indeed the decryption key;
- API backwards compatibility is maintained: passwords stored in plain text
can be retrieved via the original URL token.
`test_returned_token_format` superseeds `test_set_password`, which
was only validating the key length.
f
2017-05-11 21:38:43 -04:00
Samuel Dion-Girardeau
dc6054f09c
Encrypt passwords stored in Redis
...
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.
An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
2017-05-11 21:28:22 -04:00
Nicholas Charriere
27928ad833
Merge pull request #62 from samueldg/docs/pypi_badge
...
Docs/pypi badge
2017-05-01 21:03:06 -07:00
Samuel Dion-Girardeau
428c49a1b6
Add PyPI badge
...
Now that the package will be updated
2017-04-30 17:17:14 -04:00
Samuel Dion-Girardeau
2f6afd0e58
Improve Travis badge
...
- Alt text
- Clicking will lead to the build result, not the image.
2017-04-30 17:15:46 -04:00
Nicholas Charriere
b03755969b
Merge pull request #61 from pinterest/bump-version
...
Bump version
2017-04-28 09:55:18 -07:00
Nicholas Charriere
e7da786016
Bump version fixing bumpversion workflow, minor
2017-04-28 09:47:46 -07:00
Nicholas Charriere
d36a91d939
Add files to bumpversion config
2017-04-28 09:46:02 -07:00
Nicholas Charriere
e1b3042ba7
Catchup version bump on release files
2017-04-28 09:42:12 -07:00
Nicholas Charriere
c377e31145
Merge pull request #59 from pinterest/10
...
Prepare for v1.0.0 release
2017-04-23 18:30:44 -07:00
Nicholas Charriere
47f3a31bee
Fix tox env name, flake8 is recognized by the flake8 tool and duplicates setup.cfg
2017-04-23 10:08:49 -07:00
Nicholas Charriere
6d38e2b43e
Add flake8 checking
2017-04-22 22:36:41 -07:00
Nicholas Charriere
47d94630db
Version should be a string
2017-04-22 22:33:08 -07:00
Nicholas Charriere
ee9e996fa1
All Caps for constant vars
2017-04-22 22:29:25 -07:00
Nicholas Charriere
0edacbe037
Prepare for v1.0.0 release
2017-04-22 22:26:20 -07:00
Nicholas Charriere
431ab3b2e1
Merge pull request #57 from samueldg/fix/misc-docs
...
Various documentation fixes and improvements
2017-04-16 10:39:42 -07:00
Samuel Dion-Girardeau
57a40a06af
Use consistent capitalization for "SnapPass"
2017-04-15 12:58:38 -04:00
Samuel Dion-Girardeau
669aa74599
Point to the appropriate Flask doc sections
2017-04-15 12:57:12 -04:00
Samuel Dion-Girardeau
400dc5cc84
Fix typo
2017-04-15 12:56:07 -04:00
Samuel Dion-Girardeau
5026711647
Fix spacing (format warning)
2017-04-15 12:56:07 -04:00
Samuel Dion-Girardeau
14fdeff4f1
Fix broken list formatting in AUTHORS.rst
2017-04-15 12:29:40 -04:00
Jon Parise
9a404d18bc
Switch to SVG-based badges
...
These render a lot better at different resolutions.
2017-04-13 15:00:42 -07:00
Nicholas Charriere
363c2a88b6
Merge pull request #55 from pinterest/add-thanks
...
Add commitors to thank you in AUTHORS.rst
2017-03-12 15:34:56 -07:00
Nicholas Charrière
31ecead007
Add commitors to thank you in AUTHORS.rst
2017-03-04 12:22:21 -08:00
Nicholas Charriere
e7f8a40065
Merge pull request #50 from jameswthorne/no-zero-length
...
Don't allow zero length form submissions
2017-03-04 10:52:09 -08:00
Nicholas Charriere
86ecb49f94
Merge pull request #52 from jameswthorne/more-ui-tweaks
...
Move brief documentation to textarea
2017-03-04 10:50:55 -08:00
Nicholas Charriere
f569856f52
Merge pull request #53 from clmoreno/master
...
Adding skype to SNEAKY_USER_AGENTS
2017-02-18 10:59:38 -08:00
Carlos Moreno
e0a03dc484
added skype to sneaky_bots test
2017-02-17 21:48:10 -06:00
Carlos Moreno
93f6c6c06f
Adding skype to SNEAKY_USER_AGENTS
2017-02-17 21:37:46 -06:00
Carlos Moreno
dfc25491cf
Merge pull request #2 from pinterest/master
...
update
2017-02-17 21:32:09 -06:00
James W Thorne
ef0cdf8e14
Forgot empty function
2017-01-17 18:17:24 -06:00
James W Thorne
21115979c4
Combine checks
2017-01-17 17:44:47 -06:00
James W Thorne
3270e84fed
Move brief documentation to textarea
2017-01-12 19:37:51 -06:00
James W Thorne
d9973c3f29
Don't allow zero length form submissions
2017-01-11 21:42:35 -06:00
Nicholas Charriere
f776c7aa28
Merge pull request #46 from frontfoot/404_to_bots
...
Return 404 to UserAgents matching /bot/
2017-01-10 19:47:16 -08:00
Joseph Boiteau
58f4658154
Fix code according to @jparise comments
...
- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
2017-01-11 13:50:42 +11:00
Joseph Boiteau
1651ac4bd5
Return 404 to UserAgents matching list
...
Empty User-Agent should not break
Add test for 404 response to /bot/
Wrap User-Agent check in `request_is_valid` method
2017-01-11 09:48:54 +11:00
Nicholas Charriere
1f9789edb9
Merge pull request #48 from samueldg/feature/python36
...
Add support for python 3.6
2017-01-09 11:47:49 -08:00
Samuel Dion-Girardeau
a60732d963
Add support for python 3.6
...
- Changed the Dockerfile to use `python:3.6` base image;
- Updated PyPI classifiers to include it;
- Added it to tox/travis environments for CI.
2017-01-08 19:24:10 -05:00
Nicholas Charriere
cfc670f1b1
Merge pull request #45 from frontfoot/multiline_secrets
...
Multiline secrets
2017-01-05 11:37:30 -08:00
Joseph Boiteau
6cdf6f495b
Change wording ‘password’ to ‘secret’
2017-01-05 11:06:42 +11:00
Joseph Boiteau
d330f94967
Change password input for textarea
2017-01-05 11:01:16 +11:00
Nicholas Charriere
ad4012dfbe
Merge pull request #47 from frontfoot/production_environment
...
Run in production mode by default
2017-01-03 11:55:42 -08:00