Adrià Casajús
faeddc365c
Display recovery codes for mfa only once ( #1317 )
...
* Recovery codes can only be shown after adding a 2FA code and cannot be seen afterwards
* Added recovery codes fix
* Updated models and script
* Formatting
* Format
* Added base code
* Updated wording
* Set the config by default
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-10-03 12:32:45 +02:00
Adrià Casajús
b5aff490ef
Store session in redis if redis is enabled ( #1288 )
...
* Store sesions in redis to prevent saving old cookies
* Format
* Rename sid to session_id
* Logout session completely
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-09-21 11:11:17 +02:00
Carlos Quintana
ba06852dc2
Do not crash if action is unknown ( #1231 )
2022-08-12 15:02:00 +02:00
Carlos Quintana
7eb44a5947
Fixes for connect with proton on mobile ( #1230 )
...
* Fixes for connect with proton on mobile
* Added a test
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-08-12 13:17:21 +02:00
Carlos Quintana
596dd0b1ee
Support next with Proton Link ( #1226 )
...
* Support next with Proton Link
* Add support for double next
* Fix bug on account relink
2022-08-11 10:38:44 +02:00
Adrià Casajús
3a75686898
Generate a web session from an api key ( #1224 )
...
* Create a token to exchange for a cookie
* Added Route to exchange token for cookie
* add missing migration
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-08-10 18:48:32 +02:00
Adrià Casajús
bd044304f0
Added rate limit to resend activation email ( #1192 )
...
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-26 14:57:26 +02:00
Adrià Casajús
f4c5198055
Remove ResetCodes after email change ( #1191 )
...
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-26 14:43:31 +02:00
Son Nguyen Kim
97805173cb
remove envs used for proton beta link ( #1189 )
...
* remove envs used for proton beta link
* remove is_connect_with_proton_enabled()
2022-07-26 12:38:18 +02:00
Carlos Quintana
827e3a1acb
Implement mode for Login with Proton ( #1186 )
2022-07-26 09:55:24 +02:00
Adrià Casajús
82d0f44cab
Fix: Check if required session headers exist ( #1145 )
...
* Check session keys exist
* Update message
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-05 22:26:48 +02:00
Carlos Quintana
38d305da23
Bypass 2FA if Login with Proton ( #1142 )
...
* Bypass 2FA if Login with Proton
* Fix formatting of template
2022-07-04 16:24:49 +02:00
Adrià Casajús
c2bb6488e4
Allow to login with proton to enter sudo mode ( #1141 )
...
* Allow to login with proton to enter sudo mode
* Updated wording
* lint
* Only enabled if the user has the account linked
* Add exit-sudo route for tests
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-07-04 16:09:36 +02:00
Carlos Quintana
e2f9ea4ae1
Capture exception on Login with Proton ( #1140 )
2022-07-04 15:40:17 +02:00
Adrià Casajús
8b89a428e0
Fix: clear next in the session before triggering a login ( #1129 )
...
* Fix: clear next in the session before triggering a login
* Format
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-30 15:41:50 +02:00
Adrià Casajús
99ce10a1bc
Send email to users with a subscription and a partner plan upgrade ( #1101 )
...
* Send email to users with a subscription and a partner plan upgrade
* Update double-subscription-partner.html
* Update double-subscription-partner.txt.jinja2
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
Co-authored-by: Son Nguyen Kim <nguyenkims@users.noreply.github.com>
2022-06-20 14:34:20 +02:00
Carlos Quintana
58990ec762
Hide proton integration behind cookie ( #1092 )
...
* Hide proton integration behind cookie
* Make cookie name configurable via config
2022-06-15 15:42:41 +02:00
Carlos Quintana
cf5ff6fa23
Allow extra headers on proton connection ( #1087 )
2022-06-14 10:29:18 +02:00
Carlos Quintana
c0a4c44e94
Separate code for proton callback handler ( #1040 )
...
* Separate code for proton callback handler
* Upgrade migration
* Use simple_login endpoint from Proton API
* Remove unused classes
* Rename Dto class to Data
* Push rename
* Moved link to PartnerUser to allow subscriptions to depend only on it
* Fix test
* PR comments
* Add unique user_id constraint to PartnerUser
* Added more logs
* Added more logs
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-09 10:19:49 +02:00
Adrià Casajús
faf67ff338
Add missing rate limits ( #1065 )
...
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-08 17:36:03 +02:00
Carlos Quintana
ed9d2ed816
Receive partner as param in ProtonCallbackHandler
2022-05-23 16:11:58 +02:00
Son
631254a1cd
redirect user to dashboard instead of the account activation page for now
2022-05-23 14:44:24 +02:00
Carlos Quintana
e5770de329
Add account_activated page prompting user to install the extension
2022-05-20 09:40:03 +02:00
Carlos Quintana
5b60ef1e35
Preserve next_url in oauth login
2022-05-09 12:20:14 +02:00
Carlos Quintana
c95bfb80a2
Add OAuth hook for checking the status code
2022-05-06 14:41:52 +02:00
Carlos Quintana
8d4683e59e
Add login with proton
2022-05-05 12:20:55 +02:00
Adrià Casajús
657cae53a6
Remove it for all creds
2022-04-26 18:44:57 +02:00
Adrià Casajús
ff33380bed
Do not send the transports to the js part since we have not stored them previously
2022-04-26 18:41:12 +02:00
Adrià Casajús
8da4293305
typo
2022-04-11 16:04:28 +02:00
Adrià Casajús
60a070731e
Send newrelic events on login and register
2022-04-11 10:18:22 +02:00
Adrià Casajús
e91fd26964
Sanitized missing places
2022-03-29 18:03:18 +02:00
Carlos Quintana
2f9489fe39
Only allow relative redirects
2022-02-15 15:16:31 +01:00
george
50122da0fe
Implement API notifications and use a function in email_utils
2022-01-20 17:42:11 +00:00
george
42407a0543
Send the email after the local error.
2022-01-20 16:44:15 +00:00
george
f7f91afc1e
Send a notification email for invalid recovery codes.
2022-01-20 16:41:42 +00:00
george
6d736aa915
Implement rate limiting with send_email_with_rate_control.
2022-01-20 15:05:18 +00:00
george
0eb2984b9c
Add invalid TOTP login email notifications.
2022-01-20 14:18:47 +00:00
Son
733a9c42b0
delete activation code before sending email to avoid any delay
2021-12-29 10:26:42 +01:00
Son
abc074ea9b
make sure password can't be longer than 100 chars
2021-11-16 19:41:05 +01:00
Son
516898af59
move all template files to templates/
2021-11-04 15:05:22 +01:00
Son
0fbd351bed
handle the referral url that has ?slref=code part
2021-10-25 15:02:02 +02:00
Son
9fb6e45077
fix the help text too close to the input
2021-10-19 17:38:29 +02:00
Son
372466ab06
do not use flask-sqlalchemy
...
- add __tablename__ for all models
- use sa and orm instead of db
- rollback all changes in tests
- remove session in @app.teardown_appcontext
2021-10-12 14:36:47 +02:00
Son
5d7e10f776
make sure when user changes password, log user out on other browsers
2021-10-11 11:30:41 +02:00
Son Nguyen Kim
d7d301b9c3
add missing h1
2021-09-22 16:03:58 +02:00
Son Nguyen Kim
5ac78f2694
reformat
2021-09-08 11:29:55 +02:00
Son Nguyen Kim
cc650f9fae
remove unused import
2021-07-12 18:56:43 +02:00
Son Nguyen Kim
99599bb09f
make sure user needs to go through MFA when resetting password
2021-07-12 18:56:09 +02:00
Son NK
09d00df363
reformat imports
2021-06-27 17:50:36 +02:00
Son NK
f3b04b9d81
add more logging
2021-04-16 18:37:16 +02:00