vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
49735 commits 1 branch 0 tags 587 MiB
Commit graph

194 commits

Author SHA1 Message Date
sokumon
4900d60a35 fix: show request ip for easier debugging 2025-05-23 14:55:16 +05:30
gavin
7321a8ce76
style: Rename variable & indents for readability 
To appease the pre-commit overlords
 2025-04-02 13:45:02 +02:00
Snehit Gunjikar
10873ad49f fix: check if user is diabled during api authentication 2025-03-20 20:12:00 +05:30
Gavin D'souza
bc81e340c7
fix: Move on_session_creation hook after session is created 2025-03-05 11:27:21 +01:00
Akhil Narang
5731f448c9
Revert "Merge pull request #30896 from dhiashalabi/fix/reorder-setlang-initialization" (#31225) 
This reverts commit 60aa2f918a, reversing
changes made to d54f5e575a.
 2025-02-11 15:19:36 +05:30
Akhil Narang
60aa2f918a
Merge pull request #30896 from dhiashalabi/fix/reorder-setlang-initialization 
fix: reorder session initialization in HTTPRequest to Fix Language Handling
 2025-01-29 11:49:35 +05:30
Akhil Narang
baf884d31f
Merge pull request #29888 from akhilnarang/bench-browse-updates 
feat: fixed session duration + better visibility of changes done via `bench browse`
 2025-01-28 11:22:54 +05:30
DHia' A. SHalabi
8560764910 fix: reorder session initialization in HTTPRequest class 2025-01-27 18:49:13 +03:00
Soham Kulkarni
c067fd4b62
fix: remove whitespace from restrict ip and always check request_ip (#29867) 
* fix: remove whitespace in restrict ip in validate

* fix: added check for request_ip

* fix: return if no restrict ip

* fix: set to localhost if none, refactor validate_ip_addr

* fix: validate ip_address cleanup and removed uncessary comments

* fix: validate ip_addr cleanup

* fix: remove unecessary check
 2025-01-24 13:12:58 +00:00
Akhil Narang
a9c1c49fff
refactor: use an alternate key for handling expiry 
This allows for less changes to update() + allows impersonated sessions to not end later

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 18:27:44 +05:30
Akhil Narang
15065a93e3
refactor: don't use impersonate directly, use similar logic 
This will allow impersonating as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Akhil Narang
332e22f00b
refactor: fix typo in impersonated 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Akhil Narang
a121b90d7f
feat: allow created a session for a fixed duration via bench browse 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2025-01-24 17:20:12 +05:30
Ankush Menat
800ff70af1
perf: Do not set same cookies on every request (#29218) 2025-01-17 09:20:32 +00:00
Ankush Menat
110e6225fc
perf: speedup sessions code (#29076) 
* refactor: simplify user IP validation code

The comment suggests this way of doing it has some perf benefit, it does not.

Just fetch the entire cached doc.

* perf: remove duplicate language resolution

WHY???

* perf: avoid fetching system settings for ip-validated users

get_system_settings is client-cached

* perf: perform easier checks first

No need to fetch system settings if IP address is already matching.
 2025-01-17 13:53:49 +05:30
Ankush Menat
cbb39d463a perf: Don't query redirects on existing session 
This is only used for a new user. After that it's never used but still
present in EVERY request!

https://ankush.dev/p/flamegraph-missing-forest-for-trees

towards https://github.com/frappe/caffeine/issues/15
 2025-01-01 14:29:36 +05:30
Akhil Narang
84ef6ec677
refactor: fixup with ruff 0.8.1 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-12-04 13:18:04 +05:30
Corentin Forler
e0c08fab4e
fix: Fix typo in build_domain_restriced function names 2024-11-20 13:52:19 +01:00
David Arnold
d4382dc020
feat: add allowed referrers to loosen csrf prevention (#27841) 
* fix: add allowed referrers to loosen csrf prevention

* feat: Add test case for is_allowed_referrer functionality
 2024-11-15 12:09:53 +05:30
David Arnold
8cfeb156df
devx: add deprecation dumpster (#27887) 
* feat: Add deprecation_dumpster.py file

* docs: add jovial and jocose docstring for frappe/deprecation_dumpster.py

* refactor: fill the dumpster with its own kind

* refactor: move to the deprecation dumpster

* chore: color coding class

* fix: only check import error when import errors
 2024-10-08 18:56:10 +02:00
David Arnold
1214763b25
Merge pull request #26737 from blaggacao/feat/cache-control 
feat: add cache control
 2024-09-11 23:32:57 +02:00
Shariq Ansari
f2e8f05558 fix: redirect to /app if no apps are installed 2024-08-30 16:23:24 +05:30
Shariq Ansari
a7543a5b24 fix: consider default path for Website User if applicable 2024-08-30 15:42:58 +05:30
David
1619cc0e58
feat: add cache control 2024-08-30 09:08:42 +02:00
Shariq Ansari
3f5d6d2c7f feat: added default app selector in user doctype 2024-08-08 19:54:02 +05:30
Shariq Ansari
9c03bcce5b fix: redirect to default path on login 2024-08-08 18:29:16 +05:30
Akhil Narang
68fd322955
fix: bypass IP restriction for the methods required for our socketio backend 
Those requests are made from a separate backend, not by the user.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-05-31 16:31:02 +05:30
paurosello
c19e6a8732
feat: pre-login hook (#26394) 2024-05-13 13:41:06 +05:30
Ankush Menat
bef9bdc5ee
fix: log out reliability (#25865) 
* fix: Avoid possible cache eviction issue

Clear cache after removing data from DB, so a concurrent request can't put stale data in cache.

* fix: explicitly login as guest after logging out

Avoids problem with some other code potentially re-adding current
session in cache or DB.

* test: avoid hard coded admin pw

* test: reset user after running tests

* fix: only login as guest if in request

Background jobs, some other user disabling someone else etc
 2024-04-09 18:56:52 +05:30
Ankush Menat
c58ac809ac fix: Flag impersonated sessions 2024-02-24 18:25:09 +05:30
Akhil Narang
3f1e19de85
refactor(treewide): enable RUF rules 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-21 16:20:28 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Ankush Menat
7487df22c9 refactor: use frappe.get_system_settings 
because it's cached and doesn't hit frappe.db at all.
 2024-02-02 18:43:43 +05:30
Ankush Menat
70a6a8334f
fix: set same cookie expiry as client side (#24560) 2024-01-29 05:52:40 +00:00
Hussain Nagaria
8d2137c265 docs: consistent doc strings 2023-12-18 18:27:39 +05:30
mergify[bot]
514ea6e259
Merge pull request #23309 from akhilnarang/drop-redundant-bool 
refactor(treewide): code cleanup
 2023-11-23 11:20:55 +00:00
Akhil Narang
f007f16ce9
fix: handle invalid passwords better (#23377) 
* chore(login): show a message for response code 500 as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* refactor: reject passwords > 512 characters

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 15:35:37 +05:30
Akhil Narang
fbc88a4d24
refactor(treewide): code cleanup 
Drop redundant bool conversion

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 13:57:51 +05:30
Ankush Menat
17ff6998da fix: ignore invalid token so auth hooks can apply 
The error will still be raised some 2-3 lines of execution later
 2023-11-20 10:16:29 +05:30
Ankush Menat
5ba53b05fb fix: Revert possibly breaking behaviour 
Auth hooks should always run regardless of auth headers. These are
supposed to be generic hooks without any expectation on what it's
supposed to do.
 2023-11-18 11:24:54 +05:30
Revant Nandgaonkar
693d079f16 fix: validate only authorization headers 2023-11-17 15:17:37 +00:00
Revant Nandgaonkar
7666ea74f1 fix: validate_auth hooks for non Authorization headers 2023-11-17 19:26:28 +05:30
Revant Nandgaonkar
b37ac30dc6 fix: raise error on validate keys 2023-11-17 13:48:18 +00:00
Revant Nandgaonkar
5fc4400eee fix: revert raise error 
internal function get_decrypted_password raises error
no point in removing error from call
 2023-11-17 15:55:55 +05:30
Revant Nandgaonkar
8ea2803fbe fix: remove raised exceptions and fail in validate_auth 2023-11-17 09:52:07 +00:00
Revant Nandgaonkar
1ecb60f1b0 fix: call auth hooks before validate auth 2023-11-17 14:10:37 +05:30
Revant Nandgaonkar
fea87d09dc fix: call auth hooks before raising error 2023-11-17 12:48:49 +05:30
Ankush Menat
c4815ff987 fix!: Don't silently fail API auth 2023-11-01 17:51:23 +05:30
Ankush Menat
f4f6d97d06 refactor: make login tracker support arbitrary keys 2023-10-17 17:18:11 +05:30