* Use a hashed password for ADMIN_PASSWORD
A generate_password_hash manage.py command is provided
Fixes#233
* Print a console warning for users using a clear text ADMIN_PASSWORD
* Reword ADMIN_PASSWORD doc
* Update changelog
* Update CHANGELOG.rst
- say it out loud
- bump to 2.0 (that's the logic of semantic versioning while introducing breaking changes)
* Bump to 2.0 (breaking change)
* Update hashed password warning message
* Mention the generate password hash in the Changelog
* Add a @requires_admin decorator
It can be used to protect specific endpoints with ADMIN_PASSWORD
(a password that is stored unencrypted in the settings)
The decorator has no effect if ADMIN_PASSWORD is an empty string (default value)
* Require admin permissions to access create project endpoint
When ADMIN_PASSWORD is not empty, project creation form on the
home page will be replaced by a link to the create project endpoint
so one is able to enter the admin password before filling the form
Default settings from app's root path are loaded first
Settings are then overriden by /etc/ihatemoney/ihatemoney.cfg
or by another file which path is set in an env var
Fixes#187
Removes py3-only warning (this alias might be removed in future py3 version):
> DeprecationWarning: encodestring() is a deprecated alias, use encodebytes()
> ('%s:%s' % (username, password)).encode('utf-8')).decode('utf-8').replace('\n', '')
py2-compatible change.
It is a bare alias of StringField (thus, no alembic migration is required),
deprecated since wtforms v2.0 (2013).
Removes the following warning:
> DeprecationWarning: The TextField alias for StringField has been deprecated and will be removed in WTForms 3.0
Ref f07729dd45
That noisy warning was everywhere in our test/CI logs before that commit:
> ./home/travis/build/spiral-project/ihatemoney/.tox/py27/lib/python2.7/site-packages/flask_sqlalchemy/__init__.py:839: FSADeprecationWarning: SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhead and will be disabled by default in the future. Set it to True or False to suppress this warning.
>
> 'SQLALCHEMY_TRACK_MODIFICATIONS adds significant overhe
- modal classes and hierarchy changed since BS2
- striped tables are now handled by css3 pseudo-class rather than classes
- fix placement/alignment for the button and comment above the table
Also fixed some weird alignment issues.
I think this will need more work later (revamp the navbar layout to avoid that
sensation of thing which are floating at random places in the navbar).
- Adapt to BS4 class names and hierarchy
- Redesign some forms to have the label above the input (mobile-friendly)
- For the remaining inline form (add bill), use the grid, as BS no longer
provides inline form alignment helpers
