simono41/snappass
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
299 commits 1 branch 13 tags 1.4 MiB
Commit graph

48 commits

Author SHA1 Message Date
Bert Roelofsen
d178664d0c Add empty translations for de and es 2024-02-16 10:40:13 +01:00
Bert Roelofsen
6d17603016 remove import of flask, g 2024-02-16 09:18:20 +01:00
systeembeheerder
6d294c63fd add i18n to Snappass 2024-02-14 21:38:23 +01:00
Yuru Shao
455db36189
Add health check endpoint (#329) 
* Add health check endpoint

* Add assertion on  status
 2024-02-02 16:14:51 -08:00
vin01
ae2747311a
Use urllib.parse for quoting/unquoting plus instead of deprecated werkzeug.urls (#300) 
Use urllib.parse for quoting/unquoting plus

werkzeug.urls.url_quote_plus and werkzeug.urls.url_unquote_plus were deprecated and are removed in 3.0.0 and newer versions.
 2023-12-01 17:54:51 -08:00
Christian
3fbc018ff8
Adding json-output for api-like functionality (#147) 
* adding json-template for api-like functionality

* removing content-block

* adding test

* changing to flask.jsonify

* deleting template

* change from POST-param to Accept-Header
 2022-04-11 12:37:19 -07:00
Arjen
654d03041b
Add expired explanation page (#145) 2021-12-20 13:05:14 -08:00
Omer Hamerman
40df900dc7
Allowing full host override (#143) 2021-07-29 10:39:47 -07:00
Ron Klein
5c9d3bf3cf
properly parse NO_SSL env var (#126) 
Bug fix:
The default for `NO_SSL` environment variable is `False`.
When the actual value, in runtime, is `True`, the code "ignores" it.
The reason: the code does not parse the given string. So it evaluates a non empty string as "True".
To resolve this, the suggested code parses the given string to a boolean value.
 2020-09-14 08:57:13 -07:00
Jeremiah Lee
2af7037feb
Adds option for two-week timeout. (#120) 
Also includes:

- Updated the versions in the requirements, as MarkupSafe did not install cleanly.
- Integration test that sets a password via the website, and then
verifies the timeout on the backend.
- Basic Makefile, updates to the docs to use the Makefile.

The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions).
 2020-05-08 11:43:54 -07:00
vin01
5747ee2d14 Add url prefix for reverse proxies (#106) 2019-08-09 14:07:49 -07:00
vin01
054c61ae89 Migrate to fakeredis from mockredispy (#108) 2019-08-09 08:37:03 -07:00
Lauri Lubi
1ac262e34e Bots that prefetch should not destroy the secret (#100) 
* Create preview view, remove sneaky-user-agents logic

* unit tests

* rename openSecret to viewSecret

* code clean-up and style

* rename view secret to reveal secret

* update authors list

* bump version to 1.5.0
 2019-03-05 07:47:07 -08:00
Nicholas Charriere
386a378c5d Add prefix to memcache 2018-07-01 10:19:56 -07:00
Nicholas Charriere
173f33f66e
Merge pull request #79 from pinterest/mock-redis 
Mock redis
 2018-05-07 09:13:00 -07:00
Nicholas Charriere
13f294cae5 Use werkzeug quote/unquote functions instead of urllib 2018-05-07 08:21:07 -07:00
Nicholas Charriere
9e7ca474cd py2 and py3 support 2018-05-06 15:07:01 -07:00
Nicholas Charriere
5a0beb1a75 Quote url to fix equal sign breaking outlook clients 2018-05-06 14:57:00 -07:00
Nicholas Charriere
331d421e10 Mock redis in tests using mockredis 2018-05-06 14:29:48 -07:00
Nicholas Charriere
2b4a6a4b50 Merge pull request #65 from samueldg/feature/secure_password_storage 
Feature/secure password storage
 2017-05-16 10:08:17 -07:00
Samuel Dion-Girardeau
734336ef67 Fix alphabetical order in main.py 2017-05-15 21:07:28 -04:00
Guewen Baconnier
7b5f804551 Add Iframely in sneaky user-agents 
This "embeds as a service" is used by many apps/websites. Discovered
when my pass got eaten by the HipChat preview.
 2017-05-12 08:27:52 +02:00
Samuel Dion-Girardeau
dc6054f09c Encrypt passwords stored in Redis 
Using symmetric encryption in the `cryptography`'s `Fernet` class,
we can ensure that no one can snoop the passwords simply by having access
to the Redis store.

An encryption key is sent to the secret receiver, along with the 32 character
Redis key that identifies the secret, which is needed to decrypt the password.
 2017-05-11 21:28:22 -04:00
Nicholas Charriere
ee9e996fa1 All Caps for constant vars 2017-04-22 22:29:25 -07:00
Nicholas Charriere
0edacbe037 Prepare for v1.0.0 release 2017-04-22 22:26:20 -07:00
Nicholas Charriere
e7f8a40065 Merge pull request #50 from jameswthorne/no-zero-length 
Don't allow zero length form submissions
 2017-03-04 10:52:09 -08:00
Carlos Moreno
93f6c6c06f Adding skype to SNEAKY_USER_AGENTS 2017-02-17 21:37:46 -06:00
James W Thorne
ef0cdf8e14 Forgot empty function 2017-01-17 18:17:24 -06:00
James W Thorne
21115979c4 Combine checks 2017-01-17 17:44:47 -06:00
James W Thorne
d9973c3f29 Don't allow zero length form submissions 2017-01-11 21:42:35 -06:00
Nicholas Charriere
f776c7aa28 Merge pull request #46 from frontfoot/404_to_bots 
Return 404 to UserAgents matching /bot/
 2017-01-10 19:47:16 -08:00
Joseph Boiteau
58f4658154
Fix code according to @jparise comments 
- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
 2017-01-11 13:50:42 +11:00
Joseph Boiteau
1651ac4bd5
Return 404 to UserAgents matching list 
Empty User-Agent should not break
Add test for 404 response to /bot/
Wrap User-Agent check in `request_is_valid` method
 2017-01-11 09:48:54 +11:00
Joseph Boiteau
d61c08c7c7
Run in production mode by default 
Use DEBUG environment variable to run debug mode
 2017-01-03 13:36:52 +11:00
Samuel Dion-Girardeau
9e89376416 Set password value and expiration atomically 
Redis has a `SETEX` (http://redis.io/commands/SETEX) method,
which does both setting the value and setting the expiration
atomically.
 2016-10-23 03:11:32 -04:00
Donny Winston
d12d218042 Handle and document use of REDIS_URL env var 2016-09-08 13:44:03 -07:00
Nicholas Charriere
c22c902de6 Merge pull request #23 from pinterest/more-env-vars 
Add ENV variables options
 2016-09-08 09:58:01 -07:00
Brandon Davis
fadd2854e5 Fix for remaining comments. 
- Call function within try/catch
- Syntax clean up
 2016-08-22 21:59:08 -07:00
Brandon Davis
e0ae801b24 Remove TimeoutError import 2016-08-21 21:33:12 -07:00
Brandon Davis
9694d7da7f Switch to use decorator for checking if redis server is up. 
- setup.py removed empty line flake8 was complaining.
 2016-08-21 21:27:00 -07:00
Brandon Davis
c9db491485 Minor cleanup 2016-08-21 11:50:06 -07:00
Brandon Davis
2d6aec17cd Remove unused traceback and code formatting cleanup 2016-08-21 11:24:20 -07:00
Brandon Davis
4feeaef2fd Add exception handling for when redis is down and or not running. 2016-08-21 11:20:00 -07:00
Nicholas Charriere
2855e5b9b6 Add env var options 2016-08-21 09:05:01 +02:00
Samuel Dion-Girardeau
a46fc40aa3 Improve string encoding for password retrieval 
- Prevent the password from displaying as b'...' in the app;
 - Use Flask's `get_data(as_test=True)` to read the data, in the tests;
 - Add test to ensure `get_password` is not returning bytes.
 2016-08-11 22:05:35 -04:00
Nicholas Charriere
d88cf2600e Refactor _id() function to be inline 2016-07-18 13:35:57 -07:00
Nicholas Charriere
db1ef7673e Make flake8 test pass 2016-07-18 11:53:34 -07:00
Dave Dash
eefe2bdc76 Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00
Renamed from app.py (Browse further)