Commit Graph

11 Commits

Author SHA1 Message Date
Adrià Casajús
d324e2fa79
Fix: Add csrf verification to directory updates (#1358)
* Fix: Add csrf verification to directory updates

* Update templates/dashboard/directory.html

* Added csrf for delete account form

* Fix tests

* Added CSRF check for settings page

* Added csrf to batch import

* Added CSRF to alias dashboard and alias transfer

* Added csrf to contact manager

* Added csrf to mailbox

* Added csrf for mailbox detail

* Added csrf to domain detail

* Lint

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-10-27 10:04:47 +02:00
Adrià Casajús
efa534fd3e
Store transfer tokens hashed in the db and only allow them to be valid for 24 hours (#1080)
* Store transfer tokens hashed in the db and only allow them to be valid for 30 mins

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
2022-06-13 12:41:47 +02:00
Son Nguyen Kim
a0a92a7562
require user password before transferring an alias (#1070) 2022-06-10 15:50:44 +02:00
Son
32fd65b69b add more log for alias transfer 2022-03-23 18:33:33 +01:00
Son
372466ab06 do not use flask-sqlalchemy
- add __tablename__ for all models
- use sa and orm instead of db
- rollback all changes in tests
- remove session in @app.teardown_appcontext
2021-10-12 14:36:47 +02:00
Son NK
95d6fa3478 make sure user can create new alias to receive an alias transfer 2021-07-03 17:12:03 +02:00
Son
863d8dcbe7 black 2021-03-06 18:10:41 +01:00
Son
23a0861790 Improve alias transfer. Use alias transfer_token. Add a limiter on /alias_transfer/receive 2021-03-06 18:08:42 +01:00
Son
475eaa2bc0 inform user when his alias has been transferred 2021-03-06 18:08:42 +01:00
Son NK
d4ac2da96a set some fields back to default 2021-02-17 13:08:02 +01:00
Son NK
9e486fc2c0 add alias transfer 2021-02-17 12:56:28 +01:00