almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
1280 commits 17 branches 26 tags 48 MiB
Commit graph

1280 commits

This branch
This branch
All branches
Author SHA1 Message Date
Baptiste Jonglez
7d30794420 security docs: Clarify what is possible with a token 2023-07-29 14:02:49 +02:00
Baptiste Jonglez
3e5cd9e04e API docs: new current_password field 2023-07-29 14:02:49 +02:00
Baptiste Jonglez
73c8a31dd2 Invite page: document the security implication of all options 
Also move the "invitation link" option first, because it's the preferred
way to give access to people that only need to handle participants and
bills.

Sharing the identifier and private becomes the last option, because it
gives full access to changing settings.
 2023-07-29 14:02:49 +02:00
Baptiste Jonglez
5dc9984577 Better feedback when changing project settings 
We now display a success flash message, and we stay on the same page
(instead of redirecting to the list of bills, which makes little sense)
 2023-07-29 14:02:49 +02:00
Baptiste Jonglez
68e1dac75c Require private code to edit a project settings 
This is something we had documented in our security documentation [1], but
we didn't actually do it...

As mentioned in [1], this has good security properties: you can invite
somebody with an invitation link, and they will be able to access the
project but not change the private code (because they don't know the
current private code).

This new check also applies to all other settings (email address, history
settings, currency), which is desirable.  Only somebody with knowledge of
the private code can now change these settings.

[1] https://ihatemoney.readthedocs.io/en/latest/security.html#giving-access-to-a-project
 2023-07-29 14:02:49 +02:00
Éloi Rivard
b1d4f34193
tests: unit test assertion fixes (#1203) 
`self.assertTrue(200, resp.status_code)` style are always True
and thus are useless. It looks like the original author wanted
`self.assertEqual` there instead.
 2023-07-28 17:44:43 +02:00
Baptiste Jonglez
4d3bcf69d3 Update security docs for the new feed token 2023-07-28 17:34:34 +02:00
Baptiste Jonglez
ad5b108ec0 Fix 404 page crash 
The 404 page crashes when the user is logged in:

      File "/home/zorun/code/ihatemoney/ihatemoney/templates/404.html", line 1, in top-level template code
        {% extends "layout.html" %}
      File "/home/zorun/code/ihatemoney/ihatemoney/templates/layout.html", line 124, in top-level template code
        {{ g.logout_form.hidden_tag() }}
      File "/home/zorun/venv/py3-ihatemoney/lib/python3.9/site-packages/jinja2/environment.py", line 474, in getattr
        return getattr(obj, attribute)
    jinja2.exceptions.UndefinedError: 'flask.ctx._AppCtxGlobals object' has no attribute 'logout_form'

This is because the logout form is defined by a URL processor, and this
does not seem to apply for all pages.

To solve this, simply skip the logout form if it's not defined.
 2023-07-28 17:20:32 +02:00
Baptiste Jonglez
be961e987d Update translation catalog for new strings 2023-07-28 17:20:11 +02:00
Baptiste Jonglez
db04f68652 translations: Avoid splitting strings to make translator's life easier 2023-07-28 17:20:11 +02:00
Nati Lintzer
c9c6795b21 Translated using Weblate (Hebrew) 
Currently translated at 62.7% (170 of 271 strings)

Co-authored-by: Nati Lintzer <nlintzer@gmail.com>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/he/
Translation: I Hate Money/I Hate Money
 2023-07-28 15:23:45 +02:00
Éloi Rivard
8d4584d660 feat: project RSS feed. 2023-07-28 15:22:55 +02:00
Baptiste Jonglez
7c782443d3 Back to development: 6.0.2 2023-07-22 20:02:51 +02:00
Baptiste Jonglez
284fb011f0 Preparing release 6.0.1 2023-07-22 20:02:10 +02:00
Baptiste Jonglez
f6ae1cbf59 Update changelog for next release 2023-07-22 20:01:45 +02:00
Glandos
23d912b703
Migrate existing sessions after conversion to dict (#1194) 
Migrate existing session after #1082

fix #1188
 2023-07-22 19:55:45 +02:00
Nati Lintzer
b150c7adc5 Translated using Weblate (Hebrew) 
Currently translated at 59.0% (160 of 271 strings)

Co-authored-by: Nati Lintzer <nlintzer@gmail.com>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/he/
Translation: I Hate Money/I Hate Money
 2023-07-22 19:49:43 +02:00
Luke
4919266072 Translated using Weblate (German) 
Currently translated at 92.9% (252 of 271 strings)

Co-authored-by: Luke <luke@luporr.de>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/de/
Translation: I Hate Money/I Hate Money
 2023-07-22 19:49:43 +02:00
Baptiste
17a2e14c0e Translated using Weblate (French) 
Currently translated at 100.0% (271 of 271 strings)

Co-authored-by: Baptiste <weblate@bitsofnetworks.org>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
Translation: I Hate Money/I Hate Money
 2023-07-22 19:49:43 +02:00
Glandos
59f3e9bac1 fix #1192 2023-07-15 15:27:34 +02:00
Glandos
d09d19af45 add test to make it fail 2023-07-15 15:27:34 +02:00
Baptiste Jonglez
e61540dbbe Update readthedocs to python 3.11 (should fix #1185) 2023-07-14 16:00:33 +02:00
Baptiste Jonglez
3788b6f5e7 Add support for APPLICATION_ROOT in Docker container 2023-07-14 15:53:43 +02:00
Baptiste Jonglez
5492e9eb6e Regenerate translations 2023-07-14 10:09:34 +02:00
Baptiste Jonglez
f06c49ce74 More consistent translations 2023-07-14 10:09:34 +02:00
Baptiste
9df4f0a3de Translated using Weblate (French) 
Currently translated at 99.6% (272 of 273 strings)

Co-authored-by: Baptiste <weblate@bitsofnetworks.org>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
Translation: I Hate Money/I Hate Money
 2023-07-14 10:00:40 +02:00
Baptiste Jonglez
9f89cce097 Regenerate all translation files 2023-07-13 18:13:42 +02:00
Baptiste Jonglez
bff44ae415 Avoid HTML markup in translation strings 2023-07-13 18:13:42 +02:00
Glandos
7d26870975 Translated using Weblate (French) 
Currently translated at 100.0% (255 of 255 strings)

Co-authored-by: Glandos <bugs-github@antipoul.fr>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
Translation: I Hate Money/I Hate Money
 2023-07-13 18:11:49 +02:00
Baptiste Jonglez
c681fcd4c9 Improve docker-compose file: admin password and volume for database 
Fixes: #1169
 2023-07-13 18:04:04 +02:00
Baptiste Jonglez
7ef954eaad Fix docker-compose example quoting (fix #1164) 2023-07-13 17:05:15 +02:00
Glandos
f2ac083396 Translated using Weblate (French) 
Currently translated at 100.0% (255 of 255 strings)

Co-authored-by: Glandos <bugs-github@antipoul.fr>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/fr/
Translation: I Hate Money/I Hate Money
 2023-07-13 16:57:32 +02:00
Baptiste Jonglez
2a5706df2b Back to development: 6.0.1 2023-07-13 16:16:15 +02:00
Baptiste Jonglez
f699ffcfe8 Preparing release 6.0.0 2023-07-13 16:10:38 +02:00
Baptiste Jonglez
92fd4f265f Update contributors 2023-07-13 00:15:34 +02:00
Baptiste Jonglez
296ee091f2 Update changelog 2023-07-13 00:15:34 +02:00
Baptiste Jonglez
76ab5b4ced Add Catalan, Czech, Spanish, Persian, Hebrew, Hungarian, Kannada, Serbian, Telugu, Thai to default languages 2023-07-13 00:15:34 +02:00
Sebastian Lay
c7df581014 Translated using Weblate (German) 
Currently translated at 100.0% (255 of 255 strings)

Co-authored-by: Sebastian Lay <mail@sebastian-lay.de>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/de/
Translation: I Hate Money/I Hate Money
 2023-07-11 23:17:22 +02:00
Zottelchen
fc3ceba216 Update configuration.md 
Fix minimal typo, tripping me (and most likely others) during setup. (e.g. #854)
 2023-07-11 23:15:27 +02:00
dependabot[bot]
1d861605d4 Bump vermin from 1.5.1 to 1.5.2 
Bumps [vermin](https://github.com/netromdk/vermin) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/netromdk/vermin/releases)
- [Commits](https://github.com/netromdk/vermin/compare/v1.5.1...v1.5.2)

---
updated-dependencies:
- dependency-name: vermin
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-19 09:33:49 +02:00
dependabot[bot]
e11f04c29a Bump docutils from 0.19 to 0.20.1 
Bumps [docutils](https://docutils.sourceforge.io/) from 0.19 to 0.20.1.

---
updated-dependencies:
- dependency-name: docutils
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-16 11:00:57 +02:00
Glandos
59ec85205b Update sphinx 
This is needed for docutils 0.20
 2023-06-16 10:32:01 +02:00
Glandos
d67097ce7f Bump minimal requests 
It's required by Sphinx. Technically, we could have two different requirements in main and doc, but the minimal version is so old that it doesn't really matter.
 2023-06-15 23:02:44 +02:00
Glandos
3003572d5f Also update Sphinx in one shot 2023-06-15 23:02:44 +02:00
Glandos
42512ce907 Update myst dependency 2023-06-15 23:02:44 +02:00
dependabot[bot]
7a09098124 Update email-validator requirement from <2,>=1.0 to >=1.0,<3 
Updates the requirements on [email-validator](https://github.com/JoshData/python-email-validator) to permit the latest version.
- [Release notes](https://github.com/JoshData/python-email-validator/releases)
- [Changelog](https://github.com/JoshData/python-email-validator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/JoshData/python-email-validator/commits)

---
updated-dependencies:
- dependency-name: email-validator
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-19 15:57:46 +02:00
dependabot[bot]
25c1fcc48a Bump black from 23.1.0 to 23.3.0 
Bumps [black](https://github.com/psf/black) from 23.1.0 to 23.3.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/23.1.0...23.3.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-19 15:48:15 +02:00
Egor Dubenetskiy
e00cd8ad1c Translated using Weblate (Russian) 
Currently translated at 100.0% (255 of 255 strings)

Co-authored-by: Egor Dubenetskiy <egor@banka.space>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/ru/
Translation: I Hate Money/I Hate Money
 2023-05-19 15:47:55 +02:00
MurkBRA
9f8eb0af8b Translated using Weblate (Portuguese) 
Currently translated at 99.6% (254 of 255 strings)

Translated using Weblate (Portuguese (Brazil))

Currently translated at 98.4% (251 of 255 strings)

Co-authored-by: MurkBRA <anjo1077@gmail.com>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pt/
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/pt_BR/
Translation: I Hate Money/I Hate Money
 2023-05-19 15:47:55 +02:00
Gergely Kocsis
f009533e82 Translated using Weblate (Hungarian) 
Currently translated at 27.8% (71 of 255 strings)

Co-authored-by: Gergely Kocsis <koger23@gmail.com>
Translate-URL: https://hosted.weblate.org/projects/i-hate-money/i-hate-money/hu/
Translation: I Hate Money/I Hate Money
 2023-05-19 15:47:55 +02:00