Commit graph

79 commits

Author SHA1 Message Date
Arjen
654d03041b
Add expired explanation page (#145) 2021-12-20 13:05:14 -08:00
Omer Hamerman
40df900dc7
Allowing full host override (#143) 2021-07-29 10:39:47 -07:00
Jon Parise
feab2f69a5
Prepare the 1.5.0 release (#127) 2020-09-15 09:22:49 -07:00
Ron Klein
5c9d3bf3cf
properly parse NO_SSL env var (#126)
Bug fix:
The default for `NO_SSL` environment variable is `False`.
When the actual value, in runtime, is `True`, the code "ignores" it.
The reason: the code does not parse the given string. So it evaluates a non empty string as "True".
To resolve this, the suggested code parses the given string to a boolean value.
2020-09-14 08:57:13 -07:00
Jeremiah Lee
2af7037feb
Adds option for two-week timeout. (#120)
Also includes:

- Updated the versions in the requirements, as MarkupSafe did not install cleanly.
- Integration test that sets a password via the website, and then
verifies the timeout on the backend.
- Basic Makefile, updates to the docs to use the Makefile.

The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions).
2020-05-08 11:43:54 -07:00
vin01
5747ee2d14 Add url prefix for reverse proxies (#106) 2019-08-09 14:07:49 -07:00
vin01
054c61ae89 Migrate to fakeredis from mockredispy (#108) 2019-08-09 08:37:03 -07:00
Nicholas Charriere
234f43b889 Bump version: 1.4.1 → 1.4.2 2019-06-05 08:18:28 -07:00
Nicholas Charriere
e0b996d3d3 Make current version correct 2019-06-02 12:36:43 -07:00
Nicholas Charriere
37f5d2b658 Set autocomplete=off on form to avoid back history; make textarea required 2019-06-01 09:34:58 -07:00
Lauri Lubi
1ac262e34e Bots that prefetch should not destroy the secret (#100)
* Create preview view, remove sneaky-user-agents logic

* unit tests

* rename openSecret to viewSecret

* code clean-up and style

* rename view secret to reveal secret

* update authors list

* bump version to 1.5.0
2019-03-05 07:47:07 -08:00
Jon Parise
0bd2b4e8d9 Prepare the 1.4.1 release
- Update the changelog
- Include our Code of Conduct and Adopters documents
2018-10-31 15:50:49 -07:00
Brennen Smith
25e10ef8a1 Use local assets for fontawesome for isolated environments.
Currently FontAwesome uses Cloudflare to serve font assets, however all
of the other assets are delivered locally. This standardizes the assets
to use all local assets from `/static/`.
2018-07-05 16:43:14 -07:00
Nicholas Charriere
04ead0da32 Bump version: 1.3.0 → 1.4.0 2018-07-03 08:22:23 -07:00
Nicholas Charriere
386a378c5d Add prefix to memcache 2018-07-01 10:19:56 -07:00
Nicholas Charriere
6fe4733baa
Merge pull request #81 from pinterest/bumpversion-1.3.0
Bump version to 1.3.0
2018-05-07 09:45:54 -07:00
Nicholas Charriere
e45feb1cfd Bump version to 1.3.0 2018-05-07 09:23:51 -07:00
Nicholas Charriere
173f33f66e
Merge pull request #79 from pinterest/mock-redis
Mock redis
2018-05-07 09:13:00 -07:00
Nicholas Charriere
13f294cae5 Use werkzeug quote/unquote functions instead of urllib 2018-05-07 08:21:07 -07:00
Nicholas Charriere
9e7ca474cd py2 and py3 support 2018-05-06 15:07:01 -07:00
Nicholas Charriere
5a0beb1a75 Quote url to fix equal sign breaking outlook clients 2018-05-06 14:57:00 -07:00
Nicholas Charriere
331d421e10 Mock redis in tests using mockredis 2018-05-06 14:29:48 -07:00
Nicholas Charriere
4cf28fb4cc Bump version: 1.1.1 → 1.2.0 2017-05-25 14:08:04 -07:00
Nicholas Charriere
9e5507e9f5 Bump version: 1.1.0 → 1.1.1 2017-05-25 14:07:56 -07:00
Nicholas Charriere
2b4a6a4b50 Merge pull request #65 from samueldg/feature/secure_password_storage
Feature/secure password storage
2017-05-16 10:08:17 -07:00
Samuel Dion-Girardeau
734336ef67 Fix alphabetical order in main.py 2017-05-15 21:07:28 -04:00
Guewen Baconnier
7b5f804551 Add Iframely in sneaky user-agents
This "embeds as a service" is used by many apps/websites. Discovered
when my pass got eaten by the HipChat preview.
2017-05-12 08:27:52 +02:00
Samuel Dion-Girardeau
dc6054f09c Encrypt passwords stored in Redis
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.

An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
2017-05-11 21:28:22 -04:00
Nicholas Charriere
e7da786016 Bump version fixing bumpversion workflow, minor 2017-04-28 09:47:46 -07:00
Nicholas Charriere
47d94630db Version should be a string 2017-04-22 22:33:08 -07:00
Nicholas Charriere
ee9e996fa1 All Caps for constant vars 2017-04-22 22:29:25 -07:00
Nicholas Charriere
0edacbe037 Prepare for v1.0.0 release 2017-04-22 22:26:20 -07:00
Nicholas Charriere
e7f8a40065 Merge pull request #50 from jameswthorne/no-zero-length
Don't allow zero length form submissions
2017-03-04 10:52:09 -08:00
Nicholas Charriere
86ecb49f94 Merge pull request #52 from jameswthorne/more-ui-tweaks
Move brief documentation to textarea
2017-03-04 10:50:55 -08:00
Carlos Moreno
93f6c6c06f Adding skype to SNEAKY_USER_AGENTS 2017-02-17 21:37:46 -06:00
James W Thorne
ef0cdf8e14 Forgot empty function 2017-01-17 18:17:24 -06:00
James W Thorne
21115979c4 Combine checks 2017-01-17 17:44:47 -06:00
James W Thorne
3270e84fed Move brief documentation to textarea 2017-01-12 19:37:51 -06:00
James W Thorne
d9973c3f29 Don't allow zero length form submissions 2017-01-11 21:42:35 -06:00
Nicholas Charriere
f776c7aa28 Merge pull request #46 from frontfoot/404_to_bots
Return 404 to UserAgents matching /bot/
2017-01-10 19:47:16 -08:00
Joseph Boiteau
58f4658154
Fix code according to @jparise comments
- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
2017-01-11 13:50:42 +11:00
Joseph Boiteau
1651ac4bd5
Return 404 to UserAgents matching list
Empty User-Agent should not break
Add test for 404 response to /bot/
Wrap User-Agent check in `request_is_valid` method
2017-01-11 09:48:54 +11:00
Joseph Boiteau
6cdf6f495b
Change wording ‘password’ to ‘secret’ 2017-01-05 11:06:42 +11:00
Joseph Boiteau
d330f94967
Change password input for textarea 2017-01-05 11:01:16 +11:00
Nicholas Charriere
ad4012dfbe Merge pull request #47 from frontfoot/production_environment
Run in production mode by default
2017-01-03 11:55:42 -08:00
Joseph Boiteau
d61c08c7c7
Run in production mode by default
Use DEBUG environment variable to run debug mode
2017-01-03 13:36:52 +11:00
James W Thorne
f8f672f934 Added back autocomplete=off 2016-11-11 16:39:08 -06:00
James W Thorne
6b88315603 Grammar changes 2016-11-06 09:12:21 -06:00
James W Thorne
3bb3a4949d Removed npm.js and reverted to original copy 2016-11-06 09:05:05 -06:00
James W Thorne
483448051e UI improvements
* Cleaned up UI
* Updated Twitter Bootstrap to v3.3.7
* Updated jquery to 1.12.4
* Added mobile view port
2016-11-02 21:31:50 -05:00