dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,481 Commits 18 Branches 72 Tags
admin2
Commit Graph

509 Commits

Author SHA1 Message Date
mdipierro 9a079e092f fixed typo in auth 2016-02-26 14:24:21 -06:00
mdipierro 218817753a myconf.take, myconf.get 2016-02-26 14:20:18 -06:00
rafaelol ba2cb811be Changes encoding of text and subject on Mail.send() 
On the previous commit we changed text and subject from unicode
to str. After a better solution from @cassiobotaro, we're using
unicode again, selecting the encoding as the one passed via encoding
parameter.
 2016-01-07 14:59:58 -02:00
rafaelol 6a7c0525f5 Fix bug on Mail.send() when text or input are Unicode 
On PR #964 @matclab forced the encoding of both subject and
text variables to unicode.

After merging it, matclab realized that when we send Unicode
text to the method it raises an exception and asked if he should
change the commit. Unfortunately this thing was kept untouched.

This problem exists because we previously encode the unicode variables
to utf-8 (for instance here https://github.com/web2py/web2py/blob/master/gluon/tools.py#L478-L481) and then force again to unicode. This piece of code shows what happens:

```
>>> a = u'áéí'
>>> a
u'\xe1\xe9\xed'
>>> b = a.encode('utf-8')
>>> b
'\xc3\xa1\xc3\xa9\xc3\xad'
>>> unicode(a)
u'\xe1\xe9\xed'
>>> unicode(b)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 0: ordinal not in range(128)
```

If we force to str, just like @matclab suggested, we solve this issue.
 2016-01-07 11:47:29 -02:00
niphlod d57428e8f0 fixes #1156 and other few issues 2016-01-01 20:48:55 +01:00
niphlod d4bca008a8 better docstrings 2015-12-30 14:55:37 +01:00
niphlod e94946d3d5 bultin constant time checking 
- if hmac.compare_digest is there, we should use it instead of our own
fallback.
- jwt handler has been updated to use utils.compare (reported in
#web2py-users)
- includes the same mods as https://github.com/web2py/web2py/pull/1146
 2015-12-30 10:37:14 +01:00
mdipierro 463d643e2c fmerged 2015-12-23 23:11:34 -06:00
Richard Vézina 0259ea3d29 no more deprecated .has_key(...) 2015-12-22 15:39:32 -05:00
mdipierro 2344386f77 better docstring for Auth.jwt 2015-12-18 19:19:43 -06:00
mdipierro b5e12031c5 added Auth(db,jwt=dict(secret_key='secret')) and auth.allows_jwt() before auth.requires_login() 2015-12-18 19:12:41 -06:00
mdipierro 931daaff89 fixed security issue in reset password when registration_requires_authorization, thanks Giovanni Verde 2015-12-18 04:11:26 -06:00
mdipierro c6550f0adc fixed a condition that allows reset_password if a reset link is sent before a user is blocked 2015-12-18 03:40:12 -06:00
mdipierro 22c89d8dcc version 2.13.1 2015-12-17 21:19:08 -06:00
Mathieu Clabaut 5b90f3f532 Convert attachments to a list if necessary. 
Also corrects a typo that was apparently silenced by the bug.
This closes issue #1123
 2015-12-09 14:46:05 +01:00
mdipierro ada9353a7e removed unwanted referene to jwt in tools 2015-12-04 15:10:25 -06:00
mdipierro eb7017fd9a fixed auth.settings.register_onaccept is not firing when signing up through third-party #1081 2015-12-04 12:14:39 -06:00
mdipierro f960c8f6df fixed add_membership, del_membership, add_membership = IntegrityError (when auth.enable_record_versioning) #1087 2015-12-04 11:42:06 -06:00
mdipierro 6b880fb455 fixed class concatenation 2015-12-04 10:46:20 -06:00
mdipierro 5d8ff8ba2c removed login_once_after_registration 2015-11-11 09:14:05 -06:00
mdipierro 503cd59adc auth.settings.login_once_after_registration 2015-11-11 09:03:54 -06:00
mdipierro 430163f70b fixed conflict 2015-10-30 23:10:25 -05:00
mdipierro e180e69467 fixed a typo, thanks James Burke 2015-10-30 23:06:00 -05:00
engeens 5c9d197f93 issue #1095. Added two-factor authentication methods and onvalidation. Fixed last attempt two-factor retry login 
issue #1095. Added return user for two_factor_onvalidation
 2015-10-30 15:09:51 +01:00
mdipierro 199f93f262 fixed typo in tools.py, thanks James Burke 2015-10-29 20:56:40 -05:00
Leonel Câmara b99fb7dedf Fixes #721 
Fixes a bug where auth.wiki was not respecting the extra keyword argument
 2015-09-29 00:21:01 +01:00
mdipierro 0fa0dbaeea Merge branch 'master' of github.com:web2py/web2py 2015-09-20 14:07:06 -05:00
mdipierro b47511c896 token default = web2py_uuid 2015-09-20 14:07:01 -05:00
niphlod ac02d52f05 fixes typo in wiki. As usual, lack of unittests made this possible. 
We should really make each developer "adopt" a piece of web2py to test
and care if we don't want to write unittests.
 2015-09-03 17:56:45 +02:00
mdipierro d4270373e1 fixed bug in redirect to cas service, thanks Fernando González 2015-09-01 23:07:18 -05:00
mdipierro 692791a518 Merge pull request #1053 from BuhtigithuB/feature/redirect-next-var-when-logged-on-page-reload 
No credentials request if logged in and URL contains user/login?_next=
 2015-08-30 00:58:27 -05:00
Richard Vézina 61f685d225 Improve PEP8 gluon/tools.py 2015-08-20 17:16:13 -04:00
Richard Vézina c56fc2f6a0 Improve proposed enhancement #1052 2015-08-20 15:23:59 -04:00
Richard Vézina 08b6832809 No credentials request if logged in and URL contains user/login?_next= 2015-08-19 14:47:21 -04:00
mdipierro 04c86f07ef Merge pull request #1032 from dsk7/allow_requires_login_to_be_determined_dynamically 
Allow to specify a function for requires_login at auth decoration.
 2015-08-18 11:03:37 -05:00
mdipierro e31e4e236f prettydate can do UTC, fixes #1036 2015-08-07 02:04:07 -05:00
dsk7 f94bc250eb Allow to specify a function for requires_login at auth decoration. 2015-08-02 13:21:20 +02:00
mdipierro d7caaf04cc fixed issue #933, wiki bug 2015-07-26 14:24:53 -05:00
mdipierro e95115deb4 fixed order of confirm-password field 2015-07-26 10:18:45 -05:00
mdipierro 34a9d72cde mail.settings.server='logging:filename' 2015-07-06 04:45:14 -05:00
pallav_fdsi f9cd7e4ef4 Open redirect attacks should be caught for all functions that use the _next variable (for example: logout()) instead of just for the login() function. 2015-07-01 18:38:43 -04:00
mdipierro 00608e4f04 auth.settings.enable_tokens and header web2py_user_token 2015-06-29 13:38:54 -05:00
mdipierro ef433da190 improvements to token logic, thanks Niphlod 2015-06-28 17:01:21 -05:00
mdipierro 044b2331c3 bulk_register_enabled=False 2015-06-28 10:30:05 -05:00
mdipierro c89614ada6 more strict conditions on bulk_register 2015-06-28 10:20:33 -05:00
mdipierro f0aba167b4 _token, not token 2015-06-28 09:51:45 -05:00
mdipierro 9a1229470a support for api_tokens 2015-06-28 09:48:08 -05:00
mdipierro fa32b7577b fixed a bug and added support for user/bulk_register 2015-06-28 09:01:10 -05:00
mdipierro 33f12d91a5 Merge pull request #992 from btreecat/master 
Fixed authentication using different login methods.
 2015-06-07 21:47:08 -05:00
mdipierro 0e9c5caf4d added request_reset_password_on... 2015-06-07 21:28:18 -05:00