Commit Graph

329 Commits

Author SHA1 Message Date
thomas girod
fbff38c5c3 repair name of protected files
Depuis l'implémentation de l'envoi des fichiers par le reverse-proxy, le nom des fichiers n'était plus envoyé.
2024-08-30 10:27:03 +02:00
Sli
cc5df9b171 Better form for user submiting images, fix potential attack vector on bad file being resized and treated as an image 2024-08-27 17:05:37 +02:00
thomas girod
d295cc5223 move vendored files into their own folder 2024-08-26 22:34:32 +02:00
thomas girod
4036bfd703
Merge pull request #775 from ae-utbm/user-pictures-ajax
Render user picture page with ajax to improve performances
2024-08-18 12:40:07 +02:00
thomas girod
7a0fa9f1a0 remove doku/bbcode to markdown 2024-08-10 14:23:01 +02:00
Sli
0eeaf1ce21 Render user picture page with ajax to improve performances 2024-08-09 18:09:58 +02:00
thomas girod
0b9ccf6a57 paginate GET /api/sas/picture 2024-08-08 11:50:45 +02:00
thomas girod
62bb15317c T2 ruff rule 2024-08-06 11:42:10 +02:00
thomas girod
a637742bb0 apply review comment 2024-08-05 10:52:15 +02:00
thomas girod
a5e4db99fb Use X-Accel-Redirect to send files in prod 2024-08-05 10:52:15 +02:00
thomas girod
a9f66e2cd9 extract sent_from_logged_counter(request) 2024-08-05 10:52:15 +02:00
Sli
181e74b1d1 Add antispam app
* update_spam_database command to update suspicious domains from an
   external provider
* Add a AntiSpamEmailField that deny emails from suspicious domains
* Update documentation
2024-08-04 22:34:40 +02:00
thomas girod
e5434961de
Merge pull request #736 from ae-utbm/better-scss
Better scss
2024-07-28 16:35:12 +02:00
thomas girod
2737cae4ab update django-phonenumber-field 2024-07-26 21:45:18 +02:00
thomas girod
63b6b262c6 repair BASE_DIR 2024-07-26 18:21:57 +02:00
thomas girod
424639ea80 better scss 2024-07-26 15:55:15 +02:00
thomas girod
3c76c5e0f1 fix grouping 2024-07-26 00:39:29 +02:00
thomas girod
d348e6314a fix the pictures order (not just the album) 2024-07-26 00:39:29 +02:00
thomas girod
b3fa6f352b fix album order for user pictures 2024-07-26 00:39:29 +02:00
Sli
15f51fb03f Create an NFC button for browser supporting NFC API 2024-07-25 07:18:39 +02:00
thomas girod
04e7f65e8e
Merge pull request #725 from ae-utbm/drop-jquery-calendar
Remove jquery datetimepicker
2024-07-25 01:20:41 +02:00
thomas girod
9295325d21 remove jquery datetime picker 2024-07-23 23:26:48 +02:00
thomas girod
3046438cb1 replace drf by django-ninja 2024-07-23 19:57:33 +02:00
thomas girod
8c69a94488 use google convention for docstrings 2024-07-21 00:57:04 +02:00
thomas girod
e15bcfae07 Send an email when creating an account via POST /register 2024-07-10 17:21:07 +02:00
Sli
72cf5a3d5e Introduce honeypot for login/registering/password changing 2024-07-10 14:51:39 +02:00
thomas girod
2ac578c3ad ruff rule DJ
Co-authored-by: Bartuccio Antoine <klmp200@users.noreply.github.com>
2024-07-08 15:37:10 +02:00
thomas girod
171a1cb876 ruff rule FBT 2024-07-08 15:37:09 +02:00
thomas girod
cfc19434d0 ruff rules UP008 and UP009 2024-07-08 15:37:09 +02:00
thomas girod
688871a680 ruff rule A 2024-07-08 15:37:08 +02:00
thomas girod
3143d3d91a reorganize imports with ruff 2024-06-26 12:35:38 +02:00
thomas girod
9bdf3fc4ac use ruff for formating
Co-authored-by: Bartuccio Antoine <klmp200@users.noreply.github.com>
2024-06-26 12:35:14 +02:00
Sli
e1bf7caa9a Fix CVE-2023-31047 2024-06-24 13:27:22 +02:00
Julien Constant
b30ee0a27a
[FIX] Correction de bugs (#617)
* Fix #600

* Fix #602

* Fixes & améliorations du nouveau CSS (#616)

* Fix #604

* should fix #605

* Fix #608

* Update core/views/site.py

Co-Authored-By: thomas girod <56346771+imperosol@users.noreply.github.com>

* Added back the permission denied

* Should fix #609

* Fix failing test when 2 user are merged

* Should fix #610

* Should fix #627

* Should fix #109

Block les URLs suivantes lorsque le fichier se trouve dans le dir `profiles` ou `SAS` :
- `/file/<id>/`
- `/file/<id>/[delete|prop|edit]`

> Les urls du SAS restent accessiblent pour les roots & les admins SAS
> Les urls de profiles sont uniquement accessiblent aux roots

* Fix root dir of SAS being unnaccessible for sas admins

⚠️ need to edit the SAS directory & save it (no changes required in sas directory properties)

* Remove overwritten code

* Should fix duplicated albums in user profile (wtf)

* Fix typo

* Extended profiles picture access to board members

* Should fix #607

* Fix keyboard navigation not working properly

* Fix user tagged pictures section inside python rather than in the template

* Update utils.py

* Apply suggested changes

* Fix #604

* Fix #608

* Added back the permission denied

* Should fix duplicated albums in user profile (wtf)

* Fix user tagged pictures section inside python rather than in the template

* Apply suggested changes

---------

Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com>
2023-05-02 13:07:36 +02:00
thomas girod
ef968f3673
Better usage of cache for groups and clubs related operations (#634)
* Better usage of cache for group retrieval

* Cache clearing on object deletion or update

* replace signals by save and delete override

* add is_anonymous check in is_owned_by

Add in many is_owned_by(self, user) methods that user is not anonymous. Since many of those functions do db queries, this should reduce a little bit the load of the db.

* Stricter usage of User.is_in_group

Constrain the parameters that can be passed to the function to make sure only a str or an int can be used. Also force to explicitly specify if the group id or the group name is used.

* write test and correct bugs

* remove forgotten populate commands

* Correct test
2023-05-02 12:36:59 +02:00
thomas girod
b5a40cfda9
Mise à jour de Black vers la version 23.3 (#629) 2023-04-22 15:32:31 +02:00
Julien Constant
8e7c025e47
[FIX] Broken link in readme and license fix (& update) (#591) 2023-04-04 18:39:45 +02:00
Julien Constant
28f397574f
Amélioration des pages utilisateurs pour les petits écrans (#578, #520)
- Refonte de l'organisation des pages utilisateurs (principalement du front)
  - Page des parrains/fillots
  - Page d'édition du profil
  - Page du profil
  - Page des outils
  - Page des préférences
  - Page des stats utilisateurs

- Refonte du CSS / organisation de la navbar principale (en haut de l'écran)
- Refonte du CSS de la navbar bleu clair (le menu)
- Refonte du CSS du SAS :
  - Page de photo
  - Page d'albums
2023-03-30 14:38:40 +02:00
Théo DURR
773808fa59
Disabled Galaxy button & Removed 404 exception display 2023-03-08 12:50:52 +01:00
Théo DURR
c1e59a0676
Disabled galaxy feature (only visually) 2023-03-07 21:32:37 +01:00
Théo DURR
05febc60bd
Merge branch 'master' into taiste 2023-03-04 16:35:41 +01:00
Skia
b7f20fed6c
Galaxy (#575)
Co-authored-by: Skia <florent.jacquet@eshard.com>
2023-03-02 15:11:23 +01:00
Skia
585923c827
Add galaxy (#562)
* style.scss: lint

* style.scss: add 'th' padding

* core: populate: add much more data for development

* Add galaxy
2023-02-07 12:08:25 +01:00
thomas girod
99827e005b
upgrade re_path to path (#533) 2023-01-09 22:07:03 +01:00
thomas girod
73305c0b28
Implémentation 3DSv2 + résolution bugs eboutic + amélioration pages admin (#558)
Eboutic :
- Implémentation de la norme 3DSecure v2 pour les paiement par carte bancaire
- Amélioration générale de l'interface utilisateur
- Résolution du problème avec les caractères spéciaux dans le panier sur Safari
- Réparation du cookie du panier de l'eboutic qui n'était pas fonctionnel

Autre :
- Mise à jour de la documentation
- Mise à jour des dépendances Javascript
- Suppression du code inutilisé dans `subscription/models.py`
- Amélioration des pages administrateur (back-office Django)

Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com>
Co-authored-by: Théo DURR <git@theodurr.fr>
Co-authored-by: Julien Constant <julienconstant190@gmail.com>
2023-01-09 20:53:12 +01:00
Thomas Girod
fe9e5ce861 integration of 3D secure v2 for eboutic bank payment 2022-11-30 22:52:56 +01:00
Sli
47a332445c Add feature to download all of your pictures as a user 2022-08-07 16:08:56 +02:00
Sli
4f00224f0d Update dependencies, apply black and fix wrong default SITH_COUNTER_OFFICES values 2022-08-04 18:42:29 +02:00
Sli
98bfc308a7 Minimal working version
* Upgrade dependencies
* Fix ugettext
* Fix bad urls
2022-08-04 00:28:09 +02:00
Skia
a0e4e9e8e3 Update 'black' version 2022-02-28 10:01:32 +01:00
Cyrille
b630742fd4 #113: bug fixed 2021-11-30 17:54:51 +01:00
Ailé
d8b69e9b45
Updated text and translations to be more inclusive 2021-11-18 16:24:14 +01:00
Cyrille Stroesser
5195352975 fixed black pipeline 2021-11-18 15:14:39 +01:00
Cyrille Stroesser
deb8f865df fix #110 2021-11-18 15:04:25 +01:00
Ailé
707459acd6
Changed word 'Godfather' to 'Family' 2021-11-05 21:01:19 +01:00
Celeste
677a9da469 Merge branch 'master' into gender_options 2021-10-11 17:13:06 +02:00
Céleste
1f7752d457 Add pronouns to profile ; Update gender settings
Add pronouns to option list in profile
Modify "Sex" translation to "Genre"
Added "Other" to sex option list (alongside Man and Woman)

update DB,add default value to Pronouns field

Update views.py
2021-10-06 14:12:34 +02:00
tleb
49a0ade315 core: create TzAwareDateTimeField to replace forms.DateTimeField 2021-09-29 15:24:06 +02:00
tleb
a38ab57ddf search: sort by User.last_update 2021-09-28 01:44:15 +02:00
tleb
30091ef69c search: ascii everywhere and unformalized whitespace 2021-09-28 01:44:15 +02:00
f34f5fe693
Upgrade black and format accordingly 2020-08-27 15:59:42 +02:00
5c8fa1b9e7
core: add UserIsRootMixin and an admin delete view for memberships 2019-11-24 19:23:43 +01:00
Sli
4d04b21f04 Merge branch 'cleanup-forms' into 'master'
Remove unused multiple-select library

See merge request ae/Sith!250
2019-10-17 14:46:02 +02:00
9278419345
core: rename GenericContentPermission into GenericContentPermissionMixinBuilder 2019-10-17 11:56:02 +02:00
a6088c0e4a
core: refactor permissions mixins 2019-10-17 11:24:51 +02:00
fe9164bfef
core: don't use try/except to catch type of view in permissions mixins 2019-10-16 19:28:32 +02:00
tleb
ad3f003fbb Remove unused multiple-select library 2019-10-16 14:28:53 +02:00
d7075eb762
django2.2: fix breaking change for getting uploaded files size 2019-10-08 22:46:38 +02:00
cf3f5ea60c
django2.2: fix django server crash because of breaking change in widget rendering method 2019-10-08 22:46:37 +02:00
59185ab2a8
django2.2: rewrite login and password stack because of removed API 2019-10-08 22:46:37 +02:00
308cf30a5a
django2.2: replace deprecated login view 2019-10-08 22:46:37 +02:00
97c316b62e
django2.2: replace removed is_anonymous() and is_authenticated to their now used counterparts 2019-10-08 22:46:03 +02:00
00bd60ef4f
django2.2: add exception parameter in forbidden and not_found views 2019-10-08 22:46:02 +02:00
2616e8b24c
django2.2: relpace django.core.urlresolvers by django.urls 2019-10-08 22:46:01 +02:00
db10f7b963
documentation: tutorial about rights management 2019-10-07 23:51:37 +02:00
Sli
411c117f0f Merge branch 'performances' into 'master'
Improve performances on forum and SAS

See merge request ae/Sith!235
2019-09-16 14:23:52 +02:00
63ec5d68f4
core: fix error 500 when editing properties of user without linked customer 2019-09-15 17:05:07 +02:00
1f86827e46
core: improve performances on not found images 2019-09-15 16:22:13 +02:00
f1b3a174b6
core: improve performances on notification reads and display 2019-09-09 00:45:08 +02:00
Cyl
9e0c4e70d4 [COM] Make the news visible for non-authenticated user and birthday visible for subriber only 2019-08-28 20:40:31 +02:00
9b7b96a310 core: add UserIsLoggedMixin to check if an user is not anonymous 2019-07-15 12:27:19 +02:00
b18746e769
core: fix error 500 when accessing user tools with anonymous user 2019-07-13 04:58:23 +02:00
616b7ccfc8
Nice user interface and permission rework 2019-05-20 17:52:39 +02:00
Sli
9f2a0deeb9 Merge branch 'mailing' into 'master'
Enhance mailing list edition for clubs with brand new form

See merge request ae/Sith!200
2019-05-20 17:39:43 +02:00
Sli
8ebf5af3d6 Merge branch 'markdown-editor' into 'master'
core: replace simplemde with easymde

See merge request ae/Sith!202
2019-05-18 02:49:36 +02:00
Cyl
355a51d2ce core: fix special caracter in user and forum search 2019-05-09 19:51:55 +02:00
Cyl
ad6f17d309 core: replace simplemde with easymde 2019-05-06 20:42:35 +02:00
Cyl
bf06aea680 core: fix whitespaces in user and forum search 2019-05-06 20:11:49 +02:00
a0e39b8904 clubs: rewrite MailingForm to include everything in one place
Everything is handled on the same view, no more redirection hacks

Remove get_context_data in DetailFormView since it's already done by django
2019-05-01 15:49:30 +02:00
96e33815f5
Group: simplify GroupTemplateView and better group display 2019-04-22 22:55:55 +02:00
ee89327742
Group: add translations 2019-04-22 22:55:55 +02:00
b693ee32f2
Group: add a label on users to delete 2019-04-22 22:55:54 +02:00
08d03087a4
core: create a DetailFormView 2019-04-22 22:55:54 +02:00
34459f83ec
Group: Groups: allow bulk removing of users from a group 2019-04-22 22:55:54 +02:00
5cc0760e2c
Groups: allow bulk import of users on a group 2019-04-22 22:55:54 +02:00
f6553a8f52
Group management enhacement 2019-04-22 22:55:53 +02:00
19c1361e47 core: fix heading in MarkdownInput 2018-12-19 14:10:39 +01:00
542a2ede32 core: translations for MarkdownInupt 2018-12-19 14:02:45 +01:00
775f456c40 core: introduce new markdown input
To fix
* Avoid blinking in preview
* Don't insert stupid space on empty textarea
2018-12-14 16:24:11 +01:00
e421a2b4cd forum: increase search speed by optimizing permission filter 2018-12-13 20:33:34 +01:00