Commit Graph

270 Commits

Author SHA1 Message Date
devStorm
2b8febe0b9
black 2020-05-18 00:06:24 -07:00
devStorm
9fb91c83e7
more setup 2020-05-18 00:01:27 -07:00
devStorm
f2f6e13af7
DB & Setup ready for multi-keys 2020-05-17 22:05:37 -07:00
Son Nguyen Kim
1997c207ed
Merge pull request #196 from SibrenVasse/error_handling
Move api error handling to global error handler
2020-05-17 18:02:23 +02:00
Sibren Vasse
2d7bd225e9 Move api error handling to global error handler 2020-05-17 15:27:24 +02:00
Son NK
13bb9810b6 use can disable PGP on an alias 2020-05-16 20:51:07 +02:00
Son NK
083a857f1b disable intro_shown in fake data 2020-05-16 20:50:57 +02:00
Son NK
362d101bab Merge branch 'master' into multiple-mailboxes
# Conflicts:
#	app/dashboard/templates/dashboard/custom_alias.html
#	email_handler.py
#	templates/emails/com/newsletter/mobile-darkmode.html
2020-05-16 11:28:25 +02:00
Son NK
6fb85c81fc fix format 2020-05-15 16:50:14 +02:00
Son NK
f04caa3c35 move SQLALCHEMY_ECHO option to create_app(): useful when profiling 2020-05-15 16:48:42 +02:00
Son NK
0b652cf3f8 remove AliasMailbox.user_id column 2020-05-15 16:35:57 +02:00
Son NK
5c8c741a6a API Error handling for 404 and 500 2020-05-13 22:02:38 +02:00
Son NK
dafa23c5bf Add fake aliases with multiple mailboxes 2020-05-10 20:09:54 +02:00
Son NK
8fa0927826 Set SESSION_COOKIE_SAMESITE to Lax 2020-05-10 11:34:23 +02:00
Son Nguyen Kim
b95d815e5c
Merge pull request #168 from simple-login/global-trash
Global trash
2020-05-09 18:08:51 +02:00
Sibren Vasse
e7c3a127b8 Set samesite and secure attributes of session cookie. Enable strong session protection. 2020-05-09 14:13:37 +02:00
Son NK
0441e5e2a9 Remove DeletedAlias.user_id column 2020-05-07 22:40:30 +02:00
Son NK
3ce3a05c7b Add referral name 2020-05-02 18:08:05 +02:00
Son NK
fd90811e85 Prettify alias contact manager 2020-04-27 19:58:55 +02:00
Son NK
12714ae601 Add Only enabled alias sorting option 2020-04-26 12:31:10 +02:00
Son NK
182f01f775 More diverse fake data 2020-04-25 23:42:56 +02:00
Son NK
97544ac760 Update mailbox using ajax
refactor: return Mailbox in User.mailboxes()
2020-04-25 13:49:40 +02:00
Son NK
8ee34d9132 add more alias in fake_data 2020-04-25 13:42:53 +02:00
Son NK
746cd2eb66 Use FIRST_ALIAS_DOMAIN in directory and custom alias 2020-04-15 22:52:30 +02:00
Son NK
70ce48cd79 Disable trial on fake data 2020-04-12 19:43:55 +02:00
Son NK
b845e2a8eb Handle case where subscription_payment_succeeded arrives BEFORE subscription_created 2020-04-12 19:43:35 +02:00
Son NK
9b91f4a4a4 support changing plan 2020-04-12 19:43:07 +02:00
Son NK
3f84b9e901 no need to set X-Frame-Options header
as already set by Nginx
2020-04-06 22:36:35 +02:00
Son NK
e9208810af Return user to login page in case of 401 2020-04-01 20:32:08 +02:00
Son Nguyen Kim
44e2e175ef
Merge pull request #115 from simple-login/rename
Rename
2020-03-19 10:39:05 +01:00
Son NK
4f281bdbbb rename GenEmail -> Alias, gen_email to alias whenever possible 2020-03-17 11:51:40 +01:00
Son NK
ea43b8f685 Open PGP to everyone 2020-03-17 09:22:29 +01:00
Son NK
69198ff08a delete all unnecessary headers in PGP 2020-03-14 22:24:02 +01:00
Son NK
a240b4af33 fix formatting 2020-03-09 13:38:55 +01:00
Son NK
3be593ed09 prettify mailbox detail page 2020-03-09 13:35:32 +01:00
Son NK
32910b4d77 reformat 2020-03-08 11:40:35 +01:00
Son NK
bada186962 Log more info on cancel event 2020-03-08 11:38:45 +01:00
Son NK
b86937c5c7 Fix next_bill_update update: the event is subscription_payment_succeeded and not subscription_updated 2020-03-08 11:34:39 +01:00
Son NK
3b454b9a80 fix test 2020-03-05 20:32:08 +01:00
Son NK
3492935f95 Canceled user can upgrade again: the payment method is changed immediately though 2020-03-05 09:13:28 +01:00
Son NK
1ebe6558a0 fix paddle logging 2020-03-05 08:11:07 +01:00
Son NK
8099d9841c log next_bill_date 2020-03-04 21:35:39 +01:00
Son NK
930b4cadb9 Fix the case where user cancels and re-subscribes 2020-03-02 23:04:47 +01:00
Son NK
7e4eb9e0db use MAILBOX_SECRET instead of FLASK_SECRET 2020-02-29 18:18:52 +07:00
Son NK
aeed62e95b All users use full-mailbox
- remove can_use_multiple_mailbox col
- remove full_mailbox col
2020-02-29 00:03:35 +07:00
Son NK
2eae0ba4fd set user default mailbox in convert_user_full_mailbox 2020-02-23 15:41:08 +07:00
Son NK
e4bb85ac87 Full-mailbox User can change alias mailbox 2020-02-23 13:58:09 +07:00
Son NK
af8ac99248 use warning for subscription cancel message 2020-02-22 21:50:13 +07:00
Son NK
a9a5f145aa fix showing unverified mailbox when creating new alias 2020-02-21 21:59:13 +07:00
Son NK
9727473b45 Add more fake data 2020-02-19 23:45:48 +07:00
Son NK
8f8857704a Add deleted alias page 2020-02-15 21:47:27 +07:00
Son NK
d1d60f051b remove unnecessary log 2020-02-15 17:03:23 +07:00
Son NK
b41a61165c use mailbox_email when notifying user attempt to send from his alias 2020-02-11 22:46:53 +07:00
Son NK
7407f678ce take into account mailbox in forward phase 2020-02-10 23:23:40 +07:00
Son NK
ec248dcae6 use another sentry project for the front-end using SENTRY_FRONT_END_DSN param 2020-02-05 14:38:29 +07:00
Son NK
b40278f4dc use store instead of localStorage to disable GoatCounter 2020-02-05 14:30:27 +07:00
Son NK
2ca97368f8 Handle trial period
- user can upgrade to lifetime if in trial or free
- free or trial user can buy a subscription
- user has all features when in trial
2020-01-30 10:53:17 +07:00
Son NK
284de7a0a6 fix test 2020-01-16 22:30:00 +01:00
Son NK
13283b6327 Support cancelled premium users in custom domain & directory
- Freemium user can see custom domain and directory but could not add new.
- user who has added custom domain or directory before could delete them
2020-01-16 22:21:19 +01:00
doanguyen
c49bc87bae rollback the debug flag 2020-01-07 22:29:37 +01:00
doanguyen
783aba1275 flask debug must be string, not bool, int. What a joke 2020-01-05 22:58:40 +01:00
doanguyen
4e84815375 let debug configurable 2020-01-05 19:45:29 +01:00
Son NK
35aa8f1438 add GoatCounter analytics 2020-01-03 23:23:29 +01:00
Son NK
0327f755a1 accept both GET and POST for / 2020-01-02 22:10:27 +01:00
Son NK
851eac604b Add Sentry SqlalchemyIntegration and AioHttpIntegration 2020-01-02 22:04:18 +01:00
Son NK
5d25310105 Fix subscription might not exist 2020-01-01 23:51:22 +01:00
Son Nguyen Kim
b8ca2d0158
Merge pull request #16 from simple-login/lifetime
Lifetime coupon
2020-01-01 23:24:15 +01:00
Son NK
6dd7827330 fix formatting 2020-01-01 23:22:34 +01:00
Son NK
064e10771b Ignore /git and /exception in flask-profiler 2020-01-01 23:20:28 +01:00
Son NK
d3f8233844 Enable flask-profiler if FLASK_PROFILER_PATH is set 2020-01-01 23:16:09 +01:00
Son NK
4f980ffd94 add lifetime coupon to fake_data 2020-01-01 20:05:10 +01:00
Son NK
1d4e8368ab Use constant otp_secret in fake_data() 2019-12-27 16:53:07 +00:00
Son NK
a3f547fd22 rename create_custom_alias -> create_new 2019-12-22 16:34:10 +00:00
Son NK
91e38a744b remove GenEmail.custom column 2019-12-22 16:32:55 +00:00
Son NK
a22a635508 create custom domain in fake_data 2019-12-22 16:00:04 +00:00
Son NK
66091b4f9e replace ENABLE_SENTRY by SENTRY_DSN 2019-12-16 19:30:17 +02:00
Son NK
c3b716f644 remove users.can_use_custom_domain flag 2019-12-15 21:52:24 +02:00
Son NK
ec62fad3a0 remove notify_admin, replace by general stats 2019-12-15 18:55:18 +02:00
Son NK
0b982a3f19 comment out flask-toolbar 2019-12-15 18:55:18 +02:00
Son NK
fd5b4f91f9 return 400 in paddle callback if verification fails 2019-12-15 18:55:18 +02:00
Son NK
6ddb8ee5ab fix test 2019-12-15 18:55:17 +02:00
Son NK
2e23a1bf19 add RESET_DB back 2019-12-15 18:55:17 +02:00
Son NK
6e387444f5 do not use RESET_DB to avoid potential error: uncomment fake_date locally if necessary 2019-12-15 18:55:17 +02:00
Son NK
d58ab8c808 fix create random alias: new alias not saved 2019-12-15 18:55:16 +02:00
Son NK
5156ed5eba create constant api_code in local to facilitate test 2019-12-15 18:55:16 +02:00
Son NK
8ed7f2e693 set X-Frame-Options header to deny 2019-12-15 18:55:16 +02:00
Son NK
a827b27215 add custom_domain view 2019-12-15 18:55:16 +02:00
Son NK
b59ffb94b2 Remove Stripe usage 2019-12-15 18:55:16 +02:00
Son NK
6ea43275ed remove user.can_use_api_key 2019-12-15 18:55:16 +02:00
Son NK
7bedd40966 add user.can_use_custom_domain, user.can_use_api_key 2019-12-15 18:55:16 +02:00
Son NK
4f874eec43 Create API Key page 2019-12-15 18:55:16 +02:00
Son NK
6c4a173de5 create /api/alias/new using api-key as authentication 2019-12-15 18:55:16 +02:00
Son NK
c4b9a81c09 fix user re-subscribes 2019-12-15 18:55:14 +02:00
Son NK
47d5b75dc4 remove partner table 2019-12-15 18:55:14 +02:00
Son NK
a084ea880d remove become partner view 2019-12-15 18:55:14 +02:00
Son NK
e8b69014cd fix fake_data 2019-12-15 18:55:14 +02:00
Son NK
3442250bb1 create a subscription in fake_data 2019-12-15 18:55:13 +02:00
Son NK
6c3c37170c Create paddle handler 2019-12-15 18:55:13 +02:00
Son NK
d7d2ea04a9 replace lyra by GA 2019-12-15 18:55:12 +02:00
Son NK
db45b01ddd set a different SESSION_COOKIE_NAME to avoid conflict 2019-12-15 18:55:11 +02:00
Son NK
541cf80b77 add userinfo_endpoint, remove introspection_endpoint and revocation_endpoint in /.well-known/openid-configuration 2019-12-15 18:55:11 +02:00
Son NK
d5a2932a97 use localhost instead of sl-client 2019-12-15 18:55:10 +02:00
Son NK
06f51099a5 all users can have access to developer tab 2019-12-15 18:55:10 +02:00
Son NK
ac8fa33a83 use John Wick email 2019-12-15 18:55:10 +02:00
Son NK
2461ea6145 refactor config 2019-12-15 18:55:10 +02:00
Son NK
6bf8cddbcd only SERVER_NAME in test 2019-12-15 18:55:09 +02:00
Son NK
32d6af228b set SERVER_NAME required by tests 2019-12-15 18:55:09 +02:00
Son NK
0817e45abe override User.create to set password, create GenEmail, set trial period 2019-12-15 18:55:09 +02:00
Son NK
8a6934e61e activate ssl if URL begins with https 2019-12-15 18:55:09 +02:00
Son NK
80d9a6a400 set OAUTHLIB_INSECURE_TRANSPORT=1 2019-12-15 18:55:09 +02:00
Son NK
aae76f21f6 add github login 2019-12-15 18:55:09 +02:00
Son NK
dcb1aa77a2 do not log requests that begin with /_debug_toolbar 2019-12-15 18:55:08 +02:00
Son NK
5e2fc603cd set DEBUG_TB_INTERCEPT_REDIRECTS=True in local 2019-12-15 18:55:08 +02:00
Son NK
c2e5829505 enable flask-toolbar locally 2019-12-15 18:55:08 +02:00
Son NK
b4a9e7628f add admin view for partner, set endpoint to avoid "Blueprint name collisions" error 2019-12-15 18:55:08 +02:00
Son NK
51171a2266 add Admin 2019-12-15 18:55:08 +02:00
Son NK
b263886434 use port 7777 instead of 5000 2019-12-15 18:55:08 +02:00
Son NK
aa99ccb094 remove table scope and client_scope 2019-12-15 18:55:08 +02:00
Son NK
c18d9f5280 create BaseForm to enable CSRF
register page

redirect user to dashboard if they are logged in

enable csrf for login page

Set models more strict

bootstrap developer page

add helper method to ModelMixin, remove CRUDMixin

display list of clients on developer index, add copy client-secret to clipboard using clipboardjs

add toastr and use jquery non slim

display a toast when user copies the client-secret

create new client, generate client-id using unidecode

client detail page: can edit client

add delete client

implement /oauth/authorize and /oauth/allow-deny

implement /oauth/token

add /oauth/user_info endpoint

handle scopes: wip

take into account scope: display scope, return user data according to scope

create virtual-domain, gen email, client_user model WIP

create authorize_nonlogin_user page

user can choose to generate a new email

no need to interfere with root logger

log for before and after request

if user has already allowed a client: generate a auth-code and redirect user to client

get_user_info takes into account gen email

display list of clients that have user has authorised

use yk-client domain instead of localhost as cookie depends on the domain name

use wtforms instead of flask_wtf

Dockerfile

delete virtual domain

EMAIL_DOMAIN can come from env var

bind to host 0.0.0.0

fix signup error: use session as default csrf_context

rename yourkey to simplelogin

add python-dotenv, ipython, sqlalchemy_utils

create DB_URI, FLASK_SECRET. Load config from CONFIG file if exist

add shortcuts to logging

create shell

add psycopg2

do not add local data in Dockerfile

add drop_db into shell

add shell.prepare_db()

fix prepare_db

setup sentry

copy assets from tabler/dist

add icon downloaded from https://commons.wikimedia.org/wiki/File:Simpleicons_Interface_key-tool-1.svg

integrate tabler - login and register page

add favicon

template: default, header. Use gravatar for user avatar url

use default template for dashboard, developer page

use another icon

add clipboard and notie

prettify dashboard

add notie css

add fake gen email and client-user

prettify list client page, use notie for toast

add email, name scope to new client

display client scope in client list

prettify new-client, client-detail

add sentry-sdk and blinker

add arrow, add dt jinja filter, prettify logout, dashboard

comment "last used" in dashboard for now

prettify date display

add copy email to clipboard to dashboard

use "users" as table name for User as "user" is reserved key in postgres

call prepare_db() when creating new db

error page 400, 401, 403, 404

prettify authorize_login_user

create already_authorize.html for user who has already authorized a client

user can generate new email

display all other generated emails

add ENV variable, only reset DB when ENV=local

fix: not return other users gen emails

display nb users for each client

refactor shell: remove prepare_db()

add sendgrid

add /favicon.ico route

add new config: URL, SUPPORT_EMAIL, SENDGRID_API_KEY

user needs to activate their account before login

create copy button on dashboard

client can have multiple redirect uris, in client detail can add/remove redirect-uri,

use redirect_uri passed in /authorize

refactor: move get_user_info into ClientUser model

dashboard: display all apps, all generated emails

add "id" into user_info

add trigger email button

invalidate the session at each new version by changing the secret

centralize Client creation into Client.create_new

user can enable/disable email forwarding

setup auto dismiss alert: just add .alert-auto-dismiss

move name down in register form

add shell.add_real_data

move blueprint template to its own package

prettify authorize page for non-authenticated user

update readme, return error if not redirect_uri

add flask-wtf, use psycopg2-binary

use flask-wtf FlaskForm instead of Form

rename email -> email_utils

add AWS_REGION, BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY to config

add s3 module

add File model, add Client.icon_id

handle client icon update

can create client with icon

display client icon in client list page

add Client.home_url

take into account Client.home_url

add boto3

register: ask name first

only show "trigger test email" if email forwarding is enabled

display gen email in alphabetical order, client in client.name alphabetical order

better error page

the modal does not get close when user clicks outside of modal

add Client.published column

discover page that displays all published Client

add missing bootstrap.bundle.min.js.map

developer can publish/unpublish their app in discover

use notie for display flash message

create hotmail account

fix missing jquery

add footer, add global jinja2 variable

strengthen model: use nullable=False whenever possible,

rename client_id to oauth_client_id, client_secret to oauth_client_secret

add flask-migrate

init migrate

1st migrate version

fix rename client_id -> oauth_client_id

prettify UI

use flask_migrate.upgrade() instead of db.create_all()

make sure requirejs.config is called for all page

enable sentry for js, use uppercase for global jinja2 variables

add flask-admin

add User.is_admin column

setup flask admin, only accessible to admin user

fix migration: add server_default

replace session[redirect_after_login] by "next" request args

add pyproject.toml: ignore migrations/ in black

add register waiting_activation_email page

better email wording

add pytest

add get_host_name_and_scheme and tests

example fail test

fix test

fix client-id display

add flask-cors

/user_info supports cors, add /me as /user_info synonym

return client in /me

support implicit flow

no need to use with "app.app_context()"

add watchtower to requirement

add param ENABLE_CLOUDWATCH, CLOUDWATCH_LOG_GROUP, CLOUDWATCH_LOG_STREAM

add cloudwatch logger if cloudwatch is enabled

add 500 error page

add help text for list of used client

display list of app/website that an email has been used

click on client name brings to client detail page

create style.css to add additional style, append its url with the current sha1 to avoid cache

POC on how to send email using postfix

add sqlalchemy-utils

use arrow instead of datetime

add new params STRIPE_API, STRIPE_YEARLY_SKU, STRIPE_MONTHLY_PLAN

show full error in local

add plan, plan_expiration to User, need to create enum directly in migration script, cf https://github.com/sqlalchemy/alembic/issues/67

reformat all html files: use space instead of tab

new user will have trial plan for 15 days

add new param MAX_NB_EMAIL_FREE_PLAN

only user with enough quota can create new email

if user cannot create new gen email, pick randomly one from existing gen emails. Use flush instead of commit

rename STRIPE_YEARLY_SKU -> STRIPE_YEARLY_PLAN

open client page in discover in a new tab

add stripe

not logging /static call: disable flask logging, replace by after_request

add param STRIPE_SECRET_KEY

add 3 columns stripe_customer_id, stripe_card_token, stripe_subscription_id

user can upgrade their pricing

add setting page as coming-soon

add GenEmail, ClientUser to admin

ignore /admin/static logging

add more fake data

add ondelete="cascade" whenever possible

rename plan_expiration -> trial_expiration

reset migration: delete old migrations, create new one

rename test_send_email -> poc_send_email to avoid the file being called by pytest

add new param LYRA_ANALYTICS_ID, add lyra analytics

add how to create new migration into readme

add drift to base.html

notify admin when new user signs up or pays subscription

log exception in case of 500

use sendgrid to notify admin

add alias /userinfo to user_info endpoint

add change_password to shell

add info on how payment is handled

invite user to retry if card not working

remove drift and add "contact us" link

move poc_send_email into poc/

support getting client-id, client-secret from form-data in addition to basic auth

client-id, client-secret is passed in form-data by passport-oauth2 for ex

add jwtRS256 private and public key

add jwk-jws-jwt poc

add new param OPENID_PRIVATE_KEY_PATH, OPENID_PRIVATE_KEY_PATH

add scope, redirect_url to AuthorizationCode and OauthToken

take into scope when creating oauth-token, authorization-code

add jwcrypto

add jose_utils: make_id_token and verify_id_token

add &scope to redirect uri

add "email_verified": True into user_info

fix user not activated

add /oauth2 as alias for /oauth

handle case where scope and state are empty

remove threaded=False

Use Email Alias as wording

remove help text

user can re-send activation email

add "expired" into ActivationCode

Handle the case activation code is expired

reformat: use form.validate_on_submit instead of request.method == post && form.validate

use error text instead of flash()

display client oauth-id and oauth-secret on client detail page

not display oauth-secret on client listing

fix expiration check

improve page title, footer

add /jwks and /.well-known/openid-configuration

init properly tests, fix blueprint conflict bug in flask-admin

create oauth_models module

rename Scope -> ScopeE to distinguish with Scope DB model

set app.url_map.strict_slashes = False

use ScopeE instead of SCOPE_NAME, ...

support access_token passed as args in /userinfo

merge /allow-deny into /authorize

improve wording

take into account the case response_type=code and openid is in scope

take into account response_type=id_token, id_token token, id_token code

make sure to use in-memory db in test

fix scope can be null

allow cross_origin for /.well-known/openid-configuration and /jwks

fix footer link

center authorize form

rename trial_expiration to plan_expiration

move stripe init to create_app()

use real email to be able to receive email notification

add user.profile_picture_id column

use user profile picture and fallback to gravatar

use nguyenkims+local@gm to distinguish with staging

handle plan cancel, reactivation, user profile update

fix can_create_new_email

create cron.py that set plan to free when expired

add crontab.yml

add yacron

use notify_admin instead of LOG.error

add ResetPasswordCode model

user can change password in setting

increase display time for notie

add forgot_password page

If login error: redirect to this page upon success login.

hide discover tab

add column user.is_developer

only show developer menu to developer

comment out the publish button

set local user to developer

make sure only developer can access /developer blueprint

User is invited to upgrade if they are in free plan or their trial ends soon

not sending email when in local mode

create Partner model

create become partner page

use normal error handling on local

fix migration

add "import sqlalchemy_utils" into migration template

small refactoring on setting page

handle promo code. TODO: add migration file

add migration for user.promo_codes

move email alias on top of apps in dashboard

add introjs

move encode_url to utils

create GenEmail.create_new_gen_email

create a first alias mail to show user how to use when they login

show intro when user visits the website the first time

fix register
2019-07-02 10:20:12 +03:00
Son NK
0b3dd21a06 bootstrap: db models, login, logout, dashboard pages 2019-07-01 18:18:12 +03:00