vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
48464 commits 1 branch 0 tags 587 MiB
Commit graph

179 commits

Author SHA1 Message Date
Ankush Menat
cbb39d463a perf: Don't query redirects on existing session 
This is only used for a new user. After that it's never used but still
present in EVERY request!

https://ankush.dev/p/flamegraph-missing-forest-for-trees

towards https://github.com/frappe/caffeine/issues/15
 2025-01-01 14:29:36 +05:30
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30
Corentin Forler
e0c08fab4e
fix: Fix typo in build_domain_restriced function names 2024-11-20 13:52:19 +01:00
David Arnold
d4382dc020
feat: add allowed referrers to loosen csrf prevention (#27841) 
* fix: add allowed referrers to loosen csrf prevention

* feat: Add test case for is_allowed_referrer functionality
 2024-11-15 12:09:53 +05:30
David Arnold
8cfeb156df
devx: add deprecation dumpster (#27887) 
* feat: Add deprecation_dumpster.py file

* docs: add jovial and jocose docstring for frappe/deprecation_dumpster.py

* refactor: fill the dumpster with its own kind

* refactor: move to the deprecation dumpster

* chore: color coding class

* fix: only check import error when import errors
 2024-10-08 18:56:10 +02:00
David Arnold
1214763b25
Merge pull request #26737 from blaggacao/feat/cache-control 
feat: add cache control
 2024-09-11 23:32:57 +02:00
Shariq Ansari
f2e8f05558 fix: redirect to /app if no apps are installed 2024-08-30 16:23:24 +05:30
Shariq Ansari
a7543a5b24 fix: consider default path for Website User if applicable 2024-08-30 15:42:58 +05:30
David
1619cc0e58
feat: add cache control 2024-08-30 09:08:42 +02:00
Shariq Ansari
3f5d6d2c7f feat: added default app selector in user doctype 2024-08-08 19:54:02 +05:30
Shariq Ansari
9c03bcce5b fix: redirect to default path on login 2024-08-08 18:29:16 +05:30
Akhil Narang
68fd322955
fix: bypass IP restriction for the methods required for our socketio backend 
Those requests are made from a separate backend, not by the user.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-05-31 16:31:02 +05:30
paurosello
c19e6a8732
feat: pre-login hook (#26394) 2024-05-13 13:41:06 +05:30
Ankush Menat
bef9bdc5ee
fix: log out reliability (#25865) 
* fix: Avoid possible cache eviction issue

Clear cache after removing data from DB, so a concurrent request can't put stale data in cache.

* fix: explicitly login as guest after logging out

Avoids problem with some other code potentially re-adding current
session in cache or DB.

* test: avoid hard coded admin pw

* test: reset user after running tests

* fix: only login as guest if in request

Background jobs, some other user disabling someone else etc
 2024-04-09 18:56:52 +05:30
Ankush Menat
c58ac809ac fix: Flag impersonated sessions 2024-02-24 18:25:09 +05:30
Akhil Narang
3f1e19de85
refactor(treewide): enable RUF rules 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-21 16:20:28 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Ankush Menat
7487df22c9 refactor: use frappe.get_system_settings 
because it's cached and doesn't hit frappe.db at all.
 2024-02-02 18:43:43 +05:30
Ankush Menat
70a6a8334f
fix: set same cookie expiry as client side (#24560) 2024-01-29 05:52:40 +00:00
Hussain Nagaria
8d2137c265 docs: consistent doc strings 2023-12-18 18:27:39 +05:30
mergify[bot]
514ea6e259
Merge pull request #23309 from akhilnarang/drop-redundant-bool 
refactor(treewide): code cleanup
 2023-11-23 11:20:55 +00:00
Akhil Narang
f007f16ce9
fix: handle invalid passwords better (#23377) 
* chore(login): show a message for response code 500 as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* refactor: reject passwords > 512 characters

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 15:35:37 +05:30
Akhil Narang
fbc88a4d24
refactor(treewide): code cleanup 
Drop redundant bool conversion

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 13:57:51 +05:30
Ankush Menat
17ff6998da fix: ignore invalid token so auth hooks can apply 
The error will still be raised some 2-3 lines of execution later
 2023-11-20 10:16:29 +05:30
Ankush Menat
5ba53b05fb fix: Revert possibly breaking behaviour 
Auth hooks should always run regardless of auth headers. These are
supposed to be generic hooks without any expectation on what it's
supposed to do.
 2023-11-18 11:24:54 +05:30
Revant Nandgaonkar
693d079f16 fix: validate only authorization headers 2023-11-17 15:17:37 +00:00
Revant Nandgaonkar
7666ea74f1 fix: validate_auth hooks for non Authorization headers 2023-11-17 19:26:28 +05:30
Revant Nandgaonkar
b37ac30dc6 fix: raise error on validate keys 2023-11-17 13:48:18 +00:00
Revant Nandgaonkar
5fc4400eee fix: revert raise error 
internal function get_decrypted_password raises error
no point in removing error from call
 2023-11-17 15:55:55 +05:30
Revant Nandgaonkar
8ea2803fbe fix: remove raised exceptions and fail in validate_auth 2023-11-17 09:52:07 +00:00
Revant Nandgaonkar
1ecb60f1b0 fix: call auth hooks before validate auth 2023-11-17 14:10:37 +05:30
Revant Nandgaonkar
fea87d09dc fix: call auth hooks before raising error 2023-11-17 12:48:49 +05:30
Ankush Menat
c4815ff987 fix!: Don't silently fail API auth 2023-11-01 17:51:23 +05:30
Ankush Menat
f4f6d97d06 refactor: make login tracker support arbitrary keys 2023-10-17 17:18:11 +05:30
Ankush Menat
768d4ba4b0 feat: rate limit logins based on IP too 
Co-Authored-By: Aditya Hase <aditya@adityahase.com>
 2023-10-17 17:18:08 +05:30
Ankush Menat
e0f87dc4e1 refactor!: move OAuth and token auth code to auth.py 
This doesn't belong in api.py
 2023-10-16 18:12:53 +05:30
Ankush Menat
ad79c9d180 chore: remove broken call to geoip 
This has never worked afaik
 2023-07-01 20:07:05 +05:30
Ankush Menat
fa6dc03cc8
refactor: frappe.cache() usage to frappe.cache (#21282) 2023-06-08 11:47:17 +05:30
Ankush Menat
1f6fdebff6
fix: login before check should be inclusive (#19974) 
e.g. if login_before hour is 6 and it's 6:30 then it should be blocked.

related :) - https://fhur.me/posts/always-use-closed-open-intervals
 2023-02-10 20:04:54 +05:30
Gavin D'souza
d357af1533 refactor: Add a maxsplit limit to string splits 2023-01-24 19:22:51 +05:30
Ankush Menat
57c81b2f42
fix: log unknown usernames too for failed attempts (#19199) 
[skip ci]
 2022-12-08 17:41:47 +05:30
Sagar Vora
f20fa69282
fix!: remove relaxations for Cordova (#18728) 2022-11-04 17:24:26 +05:30
Ankush Menat
e1253e8299 fix: remove ad-hoc maintenance mode implementation 2022-09-09 17:34:46 +05:30
Ankush Menat
3e92bab1d0
perf: duplicate database initialization (#18049) 2022-09-07 11:32:00 +05:30
Nikhil Kothari
89b2e5133f
feat: option to disable user pass based login (#18000) 
* Added checkbox to disable pass login in settings

* Added user_pass disable option in Login page context

* Hide user-pass fields when option disabled

* Added check for social login key and LDAP

* feat: Disable API based usr-pwd login

* style: format with black

* refactor: simpify auth validation

No need for else clause

* refactor: fixup sys setting json and move field

* refactor: sys settings validation

* refactor: simpler imports

* chore: undo unintional changes

* test: add test for disabled user pass

Co-authored-by: Ankush Menat <ankush@frappe.io>
 2022-09-06 13:48:00 +05:30
Ankush Menat
f5b8e5f015
perf: short-circuit guest connection and basic perf tests (#17988) 
* perf: reorder condition to avoid redis call

* test: basic perf tests
 2022-08-30 16:30:25 +05:30
Ankush Menat
f2b6c937c9 fix: pop pwd from form dict, disable auth loggin 
- This prevents accidental logging of this info somewhere down the line.
- Disable exception logging for auth failures
 2022-08-18 15:32:42 +05:30
Ankush Menat
1f9a6b010a
perf: add __slots__ to most used classes (#17421) 
Added slots for these classes:

- Session - Created on EACH request
- LoginManager - Created on each request
- Monitor - Created on each request if monitor is enabled (usually in
  prod setup)
 2022-07-07 11:15:50 +05:30
Ankush Menat
81b37cb7d2
refactor: clean up code to py310 supported features (#17367) 
refactor: clean up code to py39+ supported syntax

- f-strings instead of format
- latest typing support instead of pre 3.9 TitleCase
- remove UTF-8 declarations.
- many more changes

Powered by https://github.com/asottile/pyupgrade/ + manual cleanups
 2022-07-01 11:51:05 +05:30