In one case, we were not catching a family of possible exceptions
(socket.error), and in the two other cases there was no error handling at
all. Sending emails can easily fail if no email server is configured, so
it is really necessary to handle these errors instead of crashing with a
HTTP 500 error.
Refactor email sending code and add proper error handling.
Show alert messages that tell the user if an email was sent or if there
was an error.
When sending a password reminder email or inviting people by email, we
don't proceed to the next step in case of error, because sending emails is
the whole point of these actions.
Now each project can have a currency, default to None.
Each bill can use a different currency, and a conversion to project default currency is done on settle.
Fix#512
* Fix user-facing string and update translation catalog
In the flash message confirming member creation, change "member had been
added" into the correct form "member has been added".
No translation has been changed. Some translators seem to have already
spotted the mistake while translating, but I can't tell for all languages.
* Change "Person" to "Participant" in history view
Currently, the main user-facing term is "Participant", as seen for
instance in the "Add participant" form. "Person" is not used anywhere in
the interface.
See #302 for a more general discussion on choosing the right terminology.
* Fix obsolete translations.
Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
Co-authored-by: Rémy HUBSCHER <hubscher.remy@gmail.com>
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
All project activity can be tracked, using SQLAlchemy-continuum.
IP addresses can optionally be recorded.
Fix#417
* New tab upload
* Extract data from JSON
* Add users
* Black format
* Try to add bill
* Import bills
* Add french translation msg
* Black reformat missing
* Deactivated users are supported
* Test import
* Remove temp file in upload_json()
* Incomplete tests
* tests import
* Update ihatemoney/translations/fr/LC_MESSAGES/messages.po
Co-Authored-By: Rémy HUBSCHER <hubscher.remy@gmail.com>
* Remove useless variable and check json format
* Use String.IO and test for wrong json
* Remove coma
Co-authored-by: Rémy HUBSCHER <hubscher.remy@gmail.com>
Create a new route with a new generic page that display a title and a message on a <p> tag. This route will be triggered after succesfully submit password reminder form
See issue #455
When double-clicking on the delete button, the first click actually
deletes the bill, and the second click does the same action again. But
as the bill is already deleted, it displays a 404 page which can be
misleading.
This fix makes the app trigger a redirect when the bill seem to doesn't
exist, fixing this strange behaviour.
I don't know why, but on my setup (nginx + uwsgi), the `strict_slashes` (default to `True`) was causing an infinite loop.
I think it could be safely removed for this route only.
Clearer data structure, and simpler template
This commit has a side effect: sidebar now hides disabled members.
IMHO, the disabled members should either be hidden or shown consistently between
sidebar and central table. Previous status was: shown in sidebar (if balance ≠
0) and hidden in central table.
I've also renamed the templates to *.j2 in order to make things clearer
to others. Having extensions with the name of the locale doesn't seem to
be a good practice, and would need us to add the locales in the MANIFEST
file each time we add one.
Fix#305
* Use token based auth in invitation e-mails
Invitation e-mails no longer contain the clear
text project password
* Skip invite page after project creation
- Replace ``The project identifier is demo, remember it!``
by ``Invite other people to join this project!``
(linking to the invite page)
- Encourage users to share the project password via other
communication means in the reminder email
* Fixed exposed password in session
The project password was set in clear text
in the session cookie. The cookie payload is
only base64 encoded so it must not be used to
store private information. The password is
simply replaced by a boolean.
* Simplify authentication logic
* Update to a more flexible admin authentication
* Admin can now access any project
* Add delete and edit options in the dashboard
* Add a link to the dashboard in the nav bar
This is a rework of the changes proposed by @Olivd, so they can apply on top of
the latest master without trouble. All credit goes to him for the code.
* Protect admin endpoints against brute force attacks
Add a throttling mechanism to prevent a client brute
forcing the authentication form, based on its ip address
Closes#245
* Reset attempt counters if they get memory hungry
* Use absolute imports and rename package to ihatemoney
* Add a ihatemoney command
* Factorize application creation logic
* Refactor the tests
* Update the wsgi.py module with the new create_app() function
* Fix some styling thanks to Flake8.
* Automate Flake8 check in the CI.
