Commit graph

219 commits

Author SHA1 Message Date
Sibren Vasse
8c946d7026 Remove token when submitted value is incorrect 2020-05-24 19:23:16 +02:00
Son Nguyen Kim
eb60028b1f
Merge pull request #199 from developStorm/webauthn-multiple-keys
Support Multiple Keys for WebAuthn
2020-05-24 18:56:42 +02:00
Son NK
93d972df09 make sure to use lowercase for alias email 2020-05-20 18:12:14 +02:00
devStorm
7bd97e13b0
fido_model -> fidos 2020-05-18 13:55:38 -07:00
devStorm
ea914e0378
Rename FIDO->Fido 2020-05-18 13:54:05 -07:00
devStorm
c0a751ff13
Put button inside the form 2020-05-18 13:45:02 -07:00
devStorm
35f0c094fe
black 2020-05-18 01:04:45 -07:00
devStorm
419aa95f1f
more verify 2020-05-18 01:02:58 -07:00
devStorm
ec91d280bb
Verify 2020-05-18 00:08:06 -07:00
Son NK
87d52216cb reformat 2020-05-17 10:35:11 +02:00
Son NK
20e66edbaa fix redirection to next page 2020-05-17 10:28:00 +02:00
Son NK
2e208ed505 display recovery code options on mfa and fido page 2020-05-17 10:27:20 +02:00
Son NK
da4e0bf384 create /auth/recovery page 2020-05-17 10:17:52 +02:00
Son NK
7ed77a66b2 format 2020-05-15 23:18:42 +02:00
Son NK
2978bfb281 Fix user cannot change personal email back and better naming.
Happens when user
- changes their personal email
- wants to change back: they can't as this email is already used as mailbox
2020-05-15 23:18:30 +02:00
devStorm
a9967c9a4d
Auto activate WebAuthn authentication 2020-05-11 19:17:51 -07:00
Son NK
70e842789e make pages compatible with dark-theme 2020-05-11 23:22:15 +02:00
Son NK
cde8452e5b Fix Google oauth_state KeyError 2020-05-10 11:34:32 +02:00
Son NK
b95b758692 Optimize imports 2020-05-09 20:49:38 +02:00
devStorm
d236f906ad
🐛 WebAuthn bug fixes
- User may not have name
- user_verification should be discouraged to work on iOS
2020-05-08 14:21:38 -07:00
Son NK
ccb30a2def disable sign-up via social login 2020-05-07 22:01:14 +02:00
Son NK
18d62a81d1 add User.can_use_fido 2020-05-07 17:56:25 +02:00
Son NK
84c529c867 optimize import 2020-05-07 17:49:29 +02:00
Son NK
fe1262686e black format 2020-05-07 17:48:44 +02:00
devStorm
2290a90b09
Use try-else 9b8340f3e0 (r421465450) 2020-05-07 05:41:34 -07:00
devStorm
b0c39635a5
Remove credential_id variable 2020-05-07 05:37:03 -07:00
devStorm
e4895b52a0
fix SITE_URL 2020-05-07 05:34:17 -07:00
devStorm
f7e3320242
model - fido_enabled 2020-05-07 05:32:52 -07:00
devStorm
9b8340f3e0
Black formatted 2020-05-07 02:53:28 -07:00
devStorm
0052dad13e
Do not show full error msg to user 2020-05-07 02:48:56 -07:00
devStorm
282cbe25a3
Calculate RP_ID in config 2020-05-07 02:39:30 -07:00
devStorm
3ab3f819b7
Make RP_ID a constant 2020-05-07 02:33:24 -07:00
devStorm
b8b1313db9
typo 'infomation' 2020-05-07 02:31:42 -07:00
devStorm
ced02a8f20
remove debug code 2020-05-05 14:26:26 -07:00
devStorm
fc001cfc24
fix exception handling 2020-05-05 14:13:01 -07:00
devStorm
9da6054ec0
Allow to use either OTP or FIDO for 2FA 2020-05-05 05:16:33 -07:00
devStorm
650d6e35f0
FIDO login middleware 2020-05-05 05:03:29 -07:00
devStorm
286b1143ca
Store sign count 2020-05-05 03:16:52 -07:00
Son NK
e1d8c55a66 add mention of MyDigiPassword to the 2FA app list 2020-04-28 19:52:18 +02:00
Son NK
96366ddcfa Deprecate social login, prettify some pages 2020-04-27 23:08:21 +02:00
Son NK
a069fe7b6a do not return error when user doesn't exist on forgot_password 2020-04-27 22:57:55 +02:00
Son NK
26a094469b remove logout.html 2020-04-27 22:56:44 +02:00
Son NK
ca6350cc27 optimize import in all files 2020-04-25 13:49:39 +02:00
Son NK
fc4572e9ba make logo a bit smaller 2020-04-24 09:43:26 +02:00
Son NK
6a67f7946f fix facebook might not return email 2020-04-24 09:17:21 +02:00
Son NK
734b104c27 remove text on registration waiting page 2020-04-23 22:10:14 +02:00
Son NK
a434413304 Add terms and condition mention in register page 2020-04-15 22:32:12 +02:00
Son NK
3c9e6fc991 make sure to strip and lower email in input 2020-04-15 21:12:45 +02:00
Son NK
8fc88b8253 Set referral when creating User 2020-04-09 22:22:26 +02:00
Son NK
af9178e216 Use non-beta logo 2020-04-05 18:58:22 +02:00
Son NK
b8093aefa3 Handle invalid email when user signs up 2020-03-21 11:11:52 +01:00
Son NK
abd2278c24 make sure to set File.user_id 2020-03-20 09:52:00 +01:00
Son NK
cb3ea63066 show error if no such email exists from Github 2020-03-05 16:46:02 +01:00
Son NK
90dc05725a use github email that is "verified" and "primary" 2020-03-05 16:45:49 +01:00
Son NK
ca70d26285 black format 2020-03-05 11:00:58 +01:00
Son NK
a0372a15de fix github email can contain uppercase char 2020-03-05 10:58:58 +01:00
Son NK
16718806ba fix 2020-02-27 22:57:37 +07:00
Son NK
87b6df9408 save which social network user uses in SocialAuth table 2020-02-27 22:16:12 +07:00
Son NK
ec3a41e53c Prettify waiting activation page 2020-02-23 16:01:03 +07:00
Son NK
5f9ad01849 take into account the case an email is primary but not verified on github 2020-02-19 23:56:07 +07:00
Son NK
821372fdfd add email_already_used() and use it when creating user 2020-02-10 23:16:30 +07:00
Son NK
dd02a50bad Improve wordings
- forgot password page
- login page
- activation email
- reset password email
2020-02-06 11:37:10 +07:00
Son NK
01abc48f62 add trial information into welcome email 2020-01-30 13:54:33 +07:00
Son NK
e810c99970 fix formatting 2020-01-30 00:18:31 +07:00
Son NK
48edb85fc9 Fix email case on register 2020-01-30 00:16:04 +07:00
Son NK
f76bdd8fe6 set DISABLE_REGISTRATION param to disable registration 2020-01-28 11:50:25 +07:00
Son NK
99ffd6149d use can_be_used_as_personal_email when user registers or change emails 2020-01-26 19:51:43 +07:00
Son NK
bdf75951f1 support ALIAS_DOMAINS
- use verify_prefix_suffix() in /api/alias/custom/new
-
2020-01-22 10:24:17 +01:00
Son NK
356b95ef80 fix formatting 2020-01-11 22:28:06 +01:00
Son NK
8c9512e61e do not ask for user name when register 2020-01-11 22:26:59 +01:00
Son NK
d527fcf648 Move "forgot password" button to a different position to avoid Keepass issue 2020-01-06 16:11:17 +01:00
Son NK
d6aa6e7b94 Make sure to user lowercase for user email 2020-01-04 10:24:01 +01:00
Son NK
837ab8258e redirect to login page instead 2020-01-03 23:50:34 +01:00
Son NK
4208ba379f Fix user could go to MFA page directly 2020-01-03 23:42:35 +01:00
Son NK
4c4c4a81b8 autofocus mfa token input 2020-01-01 23:52:25 +01:00
Son NK
632484ee5c Update wording: remove "successfully" 2019-12-30 17:43:38 +01:00
Son NK
ca6c32f951 Fix formatting 2019-12-30 15:56:47 +01:00
Tung Nguyen
1289b08636 Merge remote-tracking branch 'nguyenkims/master' 2019-12-30 12:33:32 +00:00
Son NK
25d8f8926b Prettify UI 2019-12-30 10:36:13 +01:00
Son NK
de0368c20f remove redundant code 2019-12-27 16:53:07 +00:00
Son NK
5b01071bec Redirect user to MFA page if they enable MFA 2019-12-27 16:53:07 +00:00
Son NK
c52f2d1603 Create auth/mfa page used by user who has enabled MFA 2019-12-27 16:53:07 +00:00
Tung Nguyen
4f751e5cd2 fix typos and improve messages showing at the end users 2019-12-26 13:00:17 +00:00
Son NK
f80adae625 fix login error message 2019-12-23 19:00:31 +00:00
Son NK
41fe528441 use flash to display error in login 2019-12-22 15:59:00 +00:00
Son NK
8d6988da16 add warning message for social login options. 2019-12-22 08:26:20 +00:00
Son NK
4147e19530 fix facebook error when user choose to not share email 2019-12-19 22:38:20 +02:00
Son NK
ec62fad3a0 remove notify_admin, replace by general stats 2019-12-15 18:55:18 +02:00
Son NK
d061ad7d56 make sure user cannot register with SL email 2019-12-15 18:55:15 +02:00
Son NK
2dd25cc72d create change_email view 2019-12-15 18:55:15 +02:00
Son NK
711ae83751 show message when logged in user tries goes to register 2019-12-15 18:55:15 +02:00
Son NK
a22375e76a improve wording for login & register 2019-12-15 18:55:14 +02:00
Son NK
c5b65c108b fix name can be absent in github data
https://sentry.io/organizations/son/issues/1201398007/?project=1478143&query=is%3Aunresolved
2019-12-15 18:55:14 +02:00
Son NK
276e37a9ab send welcome email when user creates new account 2019-12-15 18:55:14 +02:00
Son NK
6f93f419c2 send by postfix only 2019-12-15 18:55:14 +02:00
Son NK
f366e1c383 add send_by_postfix, to distinct with send_by_sendgrid 2019-12-15 18:55:14 +02:00
Son NK
62daf5eadb improve notify_admin email 2019-12-15 18:55:13 +02:00
Son NK
3e0bc27bad better notify_admin message 2019-12-15 18:55:12 +02:00
Son NK
2693ba5838 make sure expiration is handled for ActivationCode and ResetPasswordCode 2019-12-15 18:55:12 +02:00
Son NK
0817e45abe override User.create to set password, create GenEmail, set trial period 2019-12-15 18:55:09 +02:00
Son NK
631e251d8c handle the case user clicks on cancel 2019-12-15 18:55:09 +02:00
Son NK
886108c3a0 enable facebook login 2019-12-15 18:55:09 +02:00
Son NK
bdc22f3c68 fix user getting redirected at each google login 2019-12-15 18:55:09 +02:00
Son NK
7ea4c157a1 workaround as Google does not allow to append param to redirect_url 2019-12-15 18:55:09 +02:00
Son NK
caf610446c handle next with google login 2019-12-15 18:55:09 +02:00
Son NK
cc6ce6618d refactor: rename 2019-12-15 18:55:09 +02:00
Son NK
aab2244881 handle "next" for "sign up with github" too 2019-12-15 18:55:09 +02:00
Son NK
f21f16e3f2 redirect user to next after login with github/google 2019-12-15 18:55:09 +02:00
Son NK
43536734a0 add login with google 2019-12-15 18:55:09 +02:00
Son NK
17a4679b90 fix activation code 2019-12-15 18:55:09 +02:00
Son NK
4cdb803157 fix redirect_uri 2019-12-15 18:55:09 +02:00
Son NK
6d8d61495e set explicitly the redirect_uri 2019-12-15 18:55:09 +02:00
Son NK
aae76f21f6 add github login 2019-12-15 18:55:09 +02:00
Son NK
0b85000a11 import render_field, render_field_errors in base.html 2019-12-15 18:55:08 +02:00
Son NK
4ef8290c73 login and register page: redirect user to dashboard if user is already authenticated 2019-12-15 18:55:08 +02:00
Son NK
1274dd589a add delete() to ModelMixin: do NOT use the session.delete(), somehow it does a "SET" before "DELETE" 2019-12-15 18:55:08 +02:00
Son NK
a2225160d5 Fix wordings on Login page 2019-12-15 18:55:08 +02:00
Son NK
c18d9f5280 create BaseForm to enable CSRF
register page

redirect user to dashboard if they are logged in

enable csrf for login page

Set models more strict

bootstrap developer page

add helper method to ModelMixin, remove CRUDMixin

display list of clients on developer index, add copy client-secret to clipboard using clipboardjs

add toastr and use jquery non slim

display a toast when user copies the client-secret

create new client, generate client-id using unidecode

client detail page: can edit client

add delete client

implement /oauth/authorize and /oauth/allow-deny

implement /oauth/token

add /oauth/user_info endpoint

handle scopes: wip

take into account scope: display scope, return user data according to scope

create virtual-domain, gen email, client_user model WIP

create authorize_nonlogin_user page

user can choose to generate a new email

no need to interfere with root logger

log for before and after request

if user has already allowed a client: generate a auth-code and redirect user to client

get_user_info takes into account gen email

display list of clients that have user has authorised

use yk-client domain instead of localhost as cookie depends on the domain name

use wtforms instead of flask_wtf

Dockerfile

delete virtual domain

EMAIL_DOMAIN can come from env var

bind to host 0.0.0.0

fix signup error: use session as default csrf_context

rename yourkey to simplelogin

add python-dotenv, ipython, sqlalchemy_utils

create DB_URI, FLASK_SECRET. Load config from CONFIG file if exist

add shortcuts to logging

create shell

add psycopg2

do not add local data in Dockerfile

add drop_db into shell

add shell.prepare_db()

fix prepare_db

setup sentry

copy assets from tabler/dist

add icon downloaded from https://commons.wikimedia.org/wiki/File:Simpleicons_Interface_key-tool-1.svg

integrate tabler - login and register page

add favicon

template: default, header. Use gravatar for user avatar url

use default template for dashboard, developer page

use another icon

add clipboard and notie

prettify dashboard

add notie css

add fake gen email and client-user

prettify list client page, use notie for toast

add email, name scope to new client

display client scope in client list

prettify new-client, client-detail

add sentry-sdk and blinker

add arrow, add dt jinja filter, prettify logout, dashboard

comment "last used" in dashboard for now

prettify date display

add copy email to clipboard to dashboard

use "users" as table name for User as "user" is reserved key in postgres

call prepare_db() when creating new db

error page 400, 401, 403, 404

prettify authorize_login_user

create already_authorize.html for user who has already authorized a client

user can generate new email

display all other generated emails

add ENV variable, only reset DB when ENV=local

fix: not return other users gen emails

display nb users for each client

refactor shell: remove prepare_db()

add sendgrid

add /favicon.ico route

add new config: URL, SUPPORT_EMAIL, SENDGRID_API_KEY

user needs to activate their account before login

create copy button on dashboard

client can have multiple redirect uris, in client detail can add/remove redirect-uri,

use redirect_uri passed in /authorize

refactor: move get_user_info into ClientUser model

dashboard: display all apps, all generated emails

add "id" into user_info

add trigger email button

invalidate the session at each new version by changing the secret

centralize Client creation into Client.create_new

user can enable/disable email forwarding

setup auto dismiss alert: just add .alert-auto-dismiss

move name down in register form

add shell.add_real_data

move blueprint template to its own package

prettify authorize page for non-authenticated user

update readme, return error if not redirect_uri

add flask-wtf, use psycopg2-binary

use flask-wtf FlaskForm instead of Form

rename email -> email_utils

add AWS_REGION, BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY to config

add s3 module

add File model, add Client.icon_id

handle client icon update

can create client with icon

display client icon in client list page

add Client.home_url

take into account Client.home_url

add boto3

register: ask name first

only show "trigger test email" if email forwarding is enabled

display gen email in alphabetical order, client in client.name alphabetical order

better error page

the modal does not get close when user clicks outside of modal

add Client.published column

discover page that displays all published Client

add missing bootstrap.bundle.min.js.map

developer can publish/unpublish their app in discover

use notie for display flash message

create hotmail account

fix missing jquery

add footer, add global jinja2 variable

strengthen model: use nullable=False whenever possible,

rename client_id to oauth_client_id, client_secret to oauth_client_secret

add flask-migrate

init migrate

1st migrate version

fix rename client_id -> oauth_client_id

prettify UI

use flask_migrate.upgrade() instead of db.create_all()

make sure requirejs.config is called for all page

enable sentry for js, use uppercase for global jinja2 variables

add flask-admin

add User.is_admin column

setup flask admin, only accessible to admin user

fix migration: add server_default

replace session[redirect_after_login] by "next" request args

add pyproject.toml: ignore migrations/ in black

add register waiting_activation_email page

better email wording

add pytest

add get_host_name_and_scheme and tests

example fail test

fix test

fix client-id display

add flask-cors

/user_info supports cors, add /me as /user_info synonym

return client in /me

support implicit flow

no need to use with "app.app_context()"

add watchtower to requirement

add param ENABLE_CLOUDWATCH, CLOUDWATCH_LOG_GROUP, CLOUDWATCH_LOG_STREAM

add cloudwatch logger if cloudwatch is enabled

add 500 error page

add help text for list of used client

display list of app/website that an email has been used

click on client name brings to client detail page

create style.css to add additional style, append its url with the current sha1 to avoid cache

POC on how to send email using postfix

add sqlalchemy-utils

use arrow instead of datetime

add new params STRIPE_API, STRIPE_YEARLY_SKU, STRIPE_MONTHLY_PLAN

show full error in local

add plan, plan_expiration to User, need to create enum directly in migration script, cf https://github.com/sqlalchemy/alembic/issues/67

reformat all html files: use space instead of tab

new user will have trial plan for 15 days

add new param MAX_NB_EMAIL_FREE_PLAN

only user with enough quota can create new email

if user cannot create new gen email, pick randomly one from existing gen emails. Use flush instead of commit

rename STRIPE_YEARLY_SKU -> STRIPE_YEARLY_PLAN

open client page in discover in a new tab

add stripe

not logging /static call: disable flask logging, replace by after_request

add param STRIPE_SECRET_KEY

add 3 columns stripe_customer_id, stripe_card_token, stripe_subscription_id

user can upgrade their pricing

add setting page as coming-soon

add GenEmail, ClientUser to admin

ignore /admin/static logging

add more fake data

add ondelete="cascade" whenever possible

rename plan_expiration -> trial_expiration

reset migration: delete old migrations, create new one

rename test_send_email -> poc_send_email to avoid the file being called by pytest

add new param LYRA_ANALYTICS_ID, add lyra analytics

add how to create new migration into readme

add drift to base.html

notify admin when new user signs up or pays subscription

log exception in case of 500

use sendgrid to notify admin

add alias /userinfo to user_info endpoint

add change_password to shell

add info on how payment is handled

invite user to retry if card not working

remove drift and add "contact us" link

move poc_send_email into poc/

support getting client-id, client-secret from form-data in addition to basic auth

client-id, client-secret is passed in form-data by passport-oauth2 for ex

add jwtRS256 private and public key

add jwk-jws-jwt poc

add new param OPENID_PRIVATE_KEY_PATH, OPENID_PRIVATE_KEY_PATH

add scope, redirect_url to AuthorizationCode and OauthToken

take into scope when creating oauth-token, authorization-code

add jwcrypto

add jose_utils: make_id_token and verify_id_token

add &scope to redirect uri

add "email_verified": True into user_info

fix user not activated

add /oauth2 as alias for /oauth

handle case where scope and state are empty

remove threaded=False

Use Email Alias as wording

remove help text

user can re-send activation email

add "expired" into ActivationCode

Handle the case activation code is expired

reformat: use form.validate_on_submit instead of request.method == post && form.validate

use error text instead of flash()

display client oauth-id and oauth-secret on client detail page

not display oauth-secret on client listing

fix expiration check

improve page title, footer

add /jwks and /.well-known/openid-configuration

init properly tests, fix blueprint conflict bug in flask-admin

create oauth_models module

rename Scope -> ScopeE to distinguish with Scope DB model

set app.url_map.strict_slashes = False

use ScopeE instead of SCOPE_NAME, ...

support access_token passed as args in /userinfo

merge /allow-deny into /authorize

improve wording

take into account the case response_type=code and openid is in scope

take into account response_type=id_token, id_token token, id_token code

make sure to use in-memory db in test

fix scope can be null

allow cross_origin for /.well-known/openid-configuration and /jwks

fix footer link

center authorize form

rename trial_expiration to plan_expiration

move stripe init to create_app()

use real email to be able to receive email notification

add user.profile_picture_id column

use user profile picture and fallback to gravatar

use nguyenkims+local@gm to distinguish with staging

handle plan cancel, reactivation, user profile update

fix can_create_new_email

create cron.py that set plan to free when expired

add crontab.yml

add yacron

use notify_admin instead of LOG.error

add ResetPasswordCode model

user can change password in setting

increase display time for notie

add forgot_password page

If login error: redirect to this page upon success login.

hide discover tab

add column user.is_developer

only show developer menu to developer

comment out the publish button

set local user to developer

make sure only developer can access /developer blueprint

User is invited to upgrade if they are in free plan or their trial ends soon

not sending email when in local mode

create Partner model

create become partner page

use normal error handling on local

fix migration

add "import sqlalchemy_utils" into migration template

small refactoring on setting page

handle promo code. TODO: add migration file

add migration for user.promo_codes

move email alias on top of apps in dashboard

add introjs

move encode_url to utils

create GenEmail.create_new_gen_email

create a first alias mail to show user how to use when they login

show intro when user visits the website the first time

fix register
2019-07-02 10:20:12 +03:00
Son NK
0b3dd21a06 bootstrap: db models, login, logout, dashboard pages 2019-07-01 18:18:12 +03:00