vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
54854 commits 1 branch 0 tags 587 MiB
Commit graph

206 commits

Author SHA1 Message Date
UmakanthKaspa
d675d05010 fix: reject OAuth tokens for disabled users 2026-02-27 16:03:04 +00:00
Akhil Narang
4f305d7a0d
fix: allow one session per user should override simultaneous sessions (for non-admins) 
Update description to match

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2026-02-24 17:08:08 +05:30
sokumon
55c2270889 fix: redirect system users to role home page 2026-02-16 19:24:55 +05:30
Harsh Patadia
af628d70c8
fix: Unpacking of NoneType returned from frappe.get_cached_value() and parenthesized multiple exception syntax (#37008) 
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
 2026-02-16 10:19:15 +00:00
Aditya Patil
35909f5c45
refactor: removed usage of cmd for login (#36801) 
* refactor: removed usage of `cmd` for login

* refactor: use `set_request` in activity log tests
 2026-02-16 14:09:48 +05:30
sokumon
49714e916f chore: rename from app to desk 2025-11-14 23:05:13 +05:30
Akhil Narang
2fc4778cdd
fix: tighten allowed referrer checks 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-10-15 18:22:12 +05:30
Akhil Narang
355d218f8e
Merge pull request #34162 from akhilnarang/bump-ruff 
refactor(treewide): bump ruff
 2025-09-26 17:44:11 +05:30
Akhil Narang
6ca4d4d167
refactor(treewide): ruff format 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-26 13:16:43 +05:30
Akhil Narang
3dd7466c66
fix: try setting request IP from request.remote_addr if possible 
Some misconfigured setups don't have the IP set in the headers

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-09-26 12:36:08 +05:30
Raffael Meyer
4983c3fc34
fix: prevent logout due to empty "Password" field (#29158) 
* fix: prevent logout due to empty "Password" field

* fix: validate_api_key_secret

- We don't want get decrypted password to raise a ValidationError
- If api_key, api_secret or doc_secret are empty, we want an AuthenticationError
 2025-07-28 10:04:10 +05:30
Hussain Nagaria
ffe9ff5290
fix: handle user does not exist when session resume (#33334) 2025-07-15 12:28:21 +05:30
sokumon
4900d60a35 fix: show request ip for easier debugging 2025-05-23 14:55:16 +05:30
gavin
7321a8ce76
style: Rename variable & indents for readability 
To appease the pre-commit overlords
 2025-04-02 13:45:02 +02:00
Snehit Gunjikar
10873ad49f fix: check if user is diabled during api authentication 2025-03-20 20:12:00 +05:30
Gavin D'souza
bc81e340c7
fix: Move on_session_creation hook after session is created 2025-03-05 11:27:21 +01:00
Akhil Narang
5731f448c9
Revert "Merge pull request #30896 from dhiashalabi/fix/reorder-setlang-initialization" (#31225) 
This reverts commit 60aa2f918a, reversing
changes made to d54f5e575a.
 2025-02-11 15:19:36 +05:30
Akhil Narang
60aa2f918a
Merge pull request #30896 from dhiashalabi/fix/reorder-setlang-initialization 
fix: reorder session initialization in HTTPRequest to Fix Language Handling
 2025-01-29 11:49:35 +05:30
Akhil Narang
baf884d31f
Merge pull request #29888 from akhilnarang/bench-browse-updates 
feat: fixed session duration + better visibility of changes done via `bench browse`
 2025-01-28 11:22:54 +05:30
DHia' A. SHalabi
8560764910 fix: reorder session initialization in HTTPRequest class 2025-01-27 18:49:13 +03:00
Soham Kulkarni
c067fd4b62
fix: remove whitespace from restrict ip and always check request_ip (#29867) 
* fix: remove whitespace in restrict ip in validate

* fix: added check for request_ip

* fix: return if no restrict ip

* fix: set to localhost if none, refactor validate_ip_addr

* fix: validate ip_address cleanup and removed uncessary comments

* fix: validate ip_addr cleanup

* fix: remove unecessary check
 2025-01-24 13:12:58 +00:00
Akhil Narang
a9c1c49fff
refactor: use an alternate key for handling expiry 
This allows for less changes to update() + allows impersonated sessions to not end later

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 18:27:44 +05:30
Akhil Narang
15065a93e3
refactor: don't use impersonate directly, use similar logic 
This will allow impersonating as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Akhil Narang
332e22f00b
refactor: fix typo in impersonated 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Akhil Narang
a121b90d7f
feat: allow created a session for a fixed duration via bench browse 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Ankush Menat
800ff70af1
perf: Do not set same cookies on every request (#29218) 2025-01-17 09:20:32 +00:00
Ankush Menat
110e6225fc
perf: speedup sessions code (#29076) 
* refactor: simplify user IP validation code

The comment suggests this way of doing it has some perf benefit, it does not.

Just fetch the entire cached doc.

* perf: remove duplicate language resolution

WHY???

* perf: avoid fetching system settings for ip-validated users

get_system_settings is client-cached

* perf: perform easier checks first

No need to fetch system settings if IP address is already matching.
 2025-01-17 13:53:49 +05:30
Ankush Menat
cbb39d463a perf: Don't query redirects on existing session 
This is only used for a new user. After that it's never used but still
present in EVERY request!

https://ankush.dev/p/flamegraph-missing-forest-for-trees

towards https://github.com/frappe/caffeine/issues/15
 2025-01-01 14:29:36 +05:30
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30
Corentin Forler
e0c08fab4e
fix: Fix typo in build_domain_restriced function names 2024-11-20 13:52:19 +01:00
David Arnold
d4382dc020
feat: add allowed referrers to loosen csrf prevention (#27841) 
* fix: add allowed referrers to loosen csrf prevention

* feat: Add test case for is_allowed_referrer functionality
 2024-11-15 12:09:53 +05:30
David Arnold
8cfeb156df
devx: add deprecation dumpster (#27887) 
* feat: Add deprecation_dumpster.py file

* docs: add jovial and jocose docstring for frappe/deprecation_dumpster.py

* refactor: fill the dumpster with its own kind

* refactor: move to the deprecation dumpster

* chore: color coding class

* fix: only check import error when import errors
 2024-10-08 18:56:10 +02:00
David Arnold
1214763b25
Merge pull request #26737 from blaggacao/feat/cache-control 
feat: add cache control
 2024-09-11 23:32:57 +02:00
Shariq Ansari
f2e8f05558 fix: redirect to /app if no apps are installed 2024-08-30 16:23:24 +05:30
Shariq Ansari
a7543a5b24 fix: consider default path for Website User if applicable 2024-08-30 15:42:58 +05:30
David
1619cc0e58
feat: add cache control 2024-08-30 09:08:42 +02:00
Shariq Ansari
3f5d6d2c7f feat: added default app selector in user doctype 2024-08-08 19:54:02 +05:30
Shariq Ansari
9c03bcce5b fix: redirect to default path on login 2024-08-08 18:29:16 +05:30
Akhil Narang
68fd322955
fix: bypass IP restriction for the methods required for our socketio backend 
Those requests are made from a separate backend, not by the user.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-05-31 16:31:02 +05:30
paurosello
c19e6a8732
feat: pre-login hook (#26394) 2024-05-13 13:41:06 +05:30
Ankush Menat
bef9bdc5ee
fix: log out reliability (#25865) 
* fix: Avoid possible cache eviction issue

Clear cache after removing data from DB, so a concurrent request can't put stale data in cache.

* fix: explicitly login as guest after logging out

Avoids problem with some other code potentially re-adding current
session in cache or DB.

* test: avoid hard coded admin pw

* test: reset user after running tests

* fix: only login as guest if in request

Background jobs, some other user disabling someone else etc
 2024-04-09 18:56:52 +05:30
Ankush Menat
c58ac809ac fix: Flag impersonated sessions 2024-02-24 18:25:09 +05:30
Akhil Narang
3f1e19de85
refactor(treewide): enable RUF rules 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-21 16:20:28 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Ankush Menat
7487df22c9 refactor: use frappe.get_system_settings 
because it's cached and doesn't hit frappe.db at all.
 2024-02-02 18:43:43 +05:30
Ankush Menat
70a6a8334f
fix: set same cookie expiry as client side (#24560) 2024-01-29 05:52:40 +00:00
Hussain Nagaria
8d2137c265 docs: consistent doc strings 2023-12-18 18:27:39 +05:30
mergify[bot]
514ea6e259
Merge pull request #23309 from akhilnarang/drop-redundant-bool 
refactor(treewide): code cleanup
 2023-11-23 11:20:55 +00:00
Akhil Narang
f007f16ce9
fix: handle invalid passwords better (#23377) 
* chore(login): show a message for response code 500 as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* refactor: reject passwords > 512 characters

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 15:35:37 +05:30