vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
46544 commits 1 branch 0 tags 587 MiB
Commit graph

168 commits

Author SHA1 Message Date
Akhil Narang
68fd322955
fix: bypass IP restriction for the methods required for our socketio backend 
Those requests are made from a separate backend, not by the user.

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-05-31 16:31:02 +05:30
paurosello
c19e6a8732
feat: pre-login hook (#26394) 2024-05-13 13:41:06 +05:30
Ankush Menat
bef9bdc5ee
fix: log out reliability (#25865) 
* fix: Avoid possible cache eviction issue

Clear cache after removing data from DB, so a concurrent request can't put stale data in cache.

* fix: explicitly login as guest after logging out

Avoids problem with some other code potentially re-adding current
session in cache or DB.

* test: avoid hard coded admin pw

* test: reset user after running tests

* fix: only login as guest if in request

Background jobs, some other user disabling someone else etc
 2024-04-09 18:56:52 +05:30
Ankush Menat
c58ac809ac fix: Flag impersonated sessions 2024-02-24 18:25:09 +05:30
Akhil Narang
3f1e19de85
refactor(treewide): enable RUF rules 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-21 16:20:28 +05:30
Akhil Narang
26ae0f3460
fix: ruff fixes 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2024-02-07 17:04:31 +05:30
Ankush Menat
de9ac89748 style: re-format with ruff 2024-02-05 18:53:33 +05:30
Ankush Menat
7487df22c9 refactor: use frappe.get_system_settings 
because it's cached and doesn't hit frappe.db at all.
 2024-02-02 18:43:43 +05:30
Ankush Menat
70a6a8334f
fix: set same cookie expiry as client side (#24560) 2024-01-29 05:52:40 +00:00
Hussain Nagaria
8d2137c265 docs: consistent doc strings 2023-12-18 18:27:39 +05:30
mergify[bot]
514ea6e259
Merge pull request #23309 from akhilnarang/drop-redundant-bool 
refactor(treewide): code cleanup
 2023-11-23 11:20:55 +00:00
Akhil Narang
f007f16ce9
fix: handle invalid passwords better (#23377) 
* chore(login): show a message for response code 500 as well

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

* refactor: reject passwords > 512 characters

Signed-off-by: Akhil Narang <me@akhilnarang.dev>

---------

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 15:35:37 +05:30
Akhil Narang
fbc88a4d24
refactor(treewide): code cleanup 
Drop redundant bool conversion

Signed-off-by: Akhil Narang <me@akhilnarang.dev>
 2023-11-23 13:57:51 +05:30
Ankush Menat
17ff6998da fix: ignore invalid token so auth hooks can apply 
The error will still be raised some 2-3 lines of execution later
 2023-11-20 10:16:29 +05:30
Ankush Menat
5ba53b05fb fix: Revert possibly breaking behaviour 
Auth hooks should always run regardless of auth headers. These are
supposed to be generic hooks without any expectation on what it's
supposed to do.
 2023-11-18 11:24:54 +05:30
Revant Nandgaonkar
693d079f16 fix: validate only authorization headers 2023-11-17 15:17:37 +00:00
Revant Nandgaonkar
7666ea74f1 fix: validate_auth hooks for non Authorization headers 2023-11-17 19:26:28 +05:30
Revant Nandgaonkar
b37ac30dc6 fix: raise error on validate keys 2023-11-17 13:48:18 +00:00
Revant Nandgaonkar
5fc4400eee fix: revert raise error 
internal function get_decrypted_password raises error
no point in removing error from call
 2023-11-17 15:55:55 +05:30
Revant Nandgaonkar
8ea2803fbe fix: remove raised exceptions and fail in validate_auth 2023-11-17 09:52:07 +00:00
Revant Nandgaonkar
1ecb60f1b0 fix: call auth hooks before validate auth 2023-11-17 14:10:37 +05:30
Revant Nandgaonkar
fea87d09dc fix: call auth hooks before raising error 2023-11-17 12:48:49 +05:30
Ankush Menat
c4815ff987 fix!: Don't silently fail API auth 2023-11-01 17:51:23 +05:30
Ankush Menat
f4f6d97d06 refactor: make login tracker support arbitrary keys 2023-10-17 17:18:11 +05:30
Ankush Menat
768d4ba4b0 feat: rate limit logins based on IP too 
Co-Authored-By: Aditya Hase <aditya@adityahase.com>
 2023-10-17 17:18:08 +05:30
Ankush Menat
e0f87dc4e1 refactor!: move OAuth and token auth code to auth.py 
This doesn't belong in api.py
 2023-10-16 18:12:53 +05:30
Ankush Menat
ad79c9d180 chore: remove broken call to geoip 
This has never worked afaik
 2023-07-01 20:07:05 +05:30
Ankush Menat
fa6dc03cc8
refactor: frappe.cache() usage to frappe.cache (#21282) 2023-06-08 11:47:17 +05:30
Ankush Menat
1f6fdebff6
fix: login before check should be inclusive (#19974) 
e.g. if login_before hour is 6 and it's 6:30 then it should be blocked.

related :) - https://fhur.me/posts/always-use-closed-open-intervals
 2023-02-10 20:04:54 +05:30
Gavin D'souza
d357af1533 refactor: Add a maxsplit limit to string splits 2023-01-24 19:22:51 +05:30
Ankush Menat
57c81b2f42
fix: log unknown usernames too for failed attempts (#19199) 
[skip ci]
 2022-12-08 17:41:47 +05:30
Sagar Vora
f20fa69282
fix!: remove relaxations for Cordova (#18728) 2022-11-04 17:24:26 +05:30
Ankush Menat
e1253e8299 fix: remove ad-hoc maintenance mode implementation 2022-09-09 17:34:46 +05:30
Ankush Menat
3e92bab1d0
perf: duplicate database initialization (#18049) 2022-09-07 11:32:00 +05:30
Nikhil Kothari
89b2e5133f
feat: option to disable user pass based login (#18000) 
* Added checkbox to disable pass login in settings

* Added user_pass disable option in Login page context

* Hide user-pass fields when option disabled

* Added check for social login key and LDAP

* feat: Disable API based usr-pwd login

* style: format with black

* refactor: simpify auth validation

No need for else clause

* refactor: fixup sys setting json and move field

* refactor: sys settings validation

* refactor: simpler imports

* chore: undo unintional changes

* test: add test for disabled user pass

Co-authored-by: Ankush Menat <ankush@frappe.io>
 2022-09-06 13:48:00 +05:30
Ankush Menat
f5b8e5f015
perf: short-circuit guest connection and basic perf tests (#17988) 
* perf: reorder condition to avoid redis call

* test: basic perf tests
 2022-08-30 16:30:25 +05:30
Ankush Menat
f2b6c937c9 fix: pop pwd from form dict, disable auth loggin 
- This prevents accidental logging of this info somewhere down the line.
- Disable exception logging for auth failures
 2022-08-18 15:32:42 +05:30
Ankush Menat
1f9a6b010a
perf: add __slots__ to most used classes (#17421) 
Added slots for these classes:

- Session - Created on EACH request
- LoginManager - Created on each request
- Monitor - Created on each request if monitor is enabled (usually in
  prod setup)
 2022-07-07 11:15:50 +05:30
Ankush Menat
81b37cb7d2
refactor: clean up code to py310 supported features (#17367) 
refactor: clean up code to py39+ supported syntax

- f-strings instead of format
- latest typing support instead of pre 3.9 TitleCase
- remove UTF-8 declarations.
- many more changes

Powered by https://github.com/asottile/pyupgrade/ + manual cleanups
 2022-07-01 11:51:05 +05:30
Ankush Menat
5c9421b750 perf: use redis cache for user_info 2022-05-26 18:22:31 +05:30
Ankush Menat
8557cff2bb perf: faster auth ~ validate_ip_address from redis 2022-05-26 18:22:31 +05:30
Suraj Shetty
c0c5b2ebdd
style: format all python files using black (#16453) 
Co-authored-by: Frappe Bot <developers@frappe.io>
 2022-04-12 10:59:25 +05:30
barredterra
dac9349aef refactor: use is bool instead of == bool 2022-01-17 15:40:33 +01:00
Rushabh Mehta
853287f49d fix: load user_info on-demand 2022-01-13 16:39:24 +05:30
Sagar Vora
77e0b59525
fix: minor fixes to whitelisted methods (#14569) 2021-11-07 19:13:26 +05:30
Gavin D'souza
450d4e489b refactor(lang): frappe.translate.get_language 
User.language should be given higher priority in terms of
authenticated user since they chose it. Even higher than the
browser they're using...even if the system locales aren't set
properly and browser isn't configured properly
 2021-07-30 18:59:57 +05:30
Gavin D'souza
0598ddf70e fix: Clear preferred_language cookie post login 
If preferred_language was set in cookie pre login, clear it after a
successful login so that User or Site specific settings can be applied
 2021-07-14 12:21:12 +05:30
Gavin D'souza
736c6c9b8a fix: Don't redefine datetime 
* Sort imports
* Update file header
 2021-07-14 12:21:12 +05:30
Gavin D'souza
76ec9e44e4 refactor: Rename guess_language as get_language 
Guess suggests there's some AI involvement. The get_language function
has a defined priority. It is deterministic, hence teh name change.
 2021-07-14 12:21:12 +05:30
Gavin D'souza
c47cbfd2ef refactor: Set Language in HTTPHeader 
Order of priority for setting language:
1. Form Dict => _lang
2. Cookie => preferred_language
3. Request Header => Accept-Language
4. User document => language
5. System Settings => language

Cookie is placed at #2 since the language picker in the navbar depends
on it. And the Accept-Language header sends values based on the client's locales.

---

Form Dict _lang now accepts language codes too. Previously, language
names were used...for whatever reason.
 2021-07-14 12:21:12 +05:30