Commit Graph

1016 Commits

Author SHA1 Message Date
Ozzie Isaacs
89bc72958e new random password generation algorithm to ensure compliance with password rules
bugfix opds login limit
2023-02-16 16:23:06 +01:00
Ozzie Isaacs
8ee34bf428 Bugfixes for password policy 2023-02-15 19:53:35 +01:00
Ozzie Isaacs
ce48e06c45 Improved limiter 2023-02-12 13:10:00 +01:00
Ozzie Isaacs
8d0a699078 Merge branch 'master' into Develop 2023-02-07 18:38:47 +01:00
Ozzie Isaacs
5b5146a793 Merge remote-tracking branch 'csp/patch-2' 2023-02-07 18:38:25 +01:00
Ozzie Isaacs
fb42f6bfff Make it possible to disable ratelimiter
Update APScheduler
Error message on missing flask-limiter
2023-02-05 13:43:35 +01:00
Ozzie Isaacs
4b7a0f3662 Merge branch 'master' into Develop
# Conflicts:
#	cps/opds.py
#	cps/server.py
#	cps/web.py
2023-02-05 12:10:01 +01:00
Ozzie Isaacs
275675b48a Search query is now also a post request (possible fix for Forward Auth Search Redirect Issue #2681) 2023-02-05 09:34:57 +01:00
Ozzie Isaacs
f8fbc807f1 further refactored user login 2023-02-05 08:47:10 +01:00
Ozzie Isaacs
1c3b69c710 refactored login routines 2023-02-05 08:47:10 +01:00
Ozzie Isaacs
189da65fac leave fields filled after invalid login attempt 2023-01-29 13:20:22 +01:00
Ozzie Isaacs
f241b260d7 Updated requirements
Bugfix from testrun
Testresults
2023-01-29 09:52:25 +01:00
Ozzie Isaacs
260a694834 Bugfixes after merge 2023-01-28 18:59:14 +01:00
Ozzie Isaacs
508e2b4d0a Merge branch 'master' into Develop
# Conflicts:
#	cps/admin.py
#	cps/config_sql.py
#	cps/search.py
#	cps/templates/admin.html
#	cps/web.py
#	setup.cfg
#	test/Calibre-Web TestSummary_Linux.html
2023-01-28 18:52:50 +01:00
Ozzie Isaacs
4913f06e0d Updated test status
Fix for #2614 (Send to eReader not working for guest user)
2023-01-24 18:07:21 +01:00
Petipopotam
d545ea9e6f
CSP invalid to display image when web.read_book
CSP 
Before : default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data:; style-src-elem 'self' blob: 'unsafe-inline'; object-src 'none';
After :    default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: blob:; style-src-elem 'self' blob: 'unsafe-inline';object-src 'none';
2023-01-24 11:03:19 +01:00
Petipopotam
1ad8dc102a
CSP invalid syntax
CSP had some "cosmetic" errors

Before : default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data: style-src-elem 'self' blob: 'unsafe-inline';object-src: 'none';
After :    default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:;  img-src 'self' data:; style-src-elem 'self' blob: 'unsafe-inline'; object-src 'none';
2023-01-24 10:51:48 +01:00
Ozzie Isaacs
d48d6880af Update German translation 2023-01-22 13:53:10 +01:00
Ozzie Isaacs
77637d81dd Fix fro #2670 (user has no attribute eReader_mail) 2023-01-22 07:42:44 +01:00
Ozzie Isaacs
a2bf6dfb7b Bugfix csp header
Bugfix for loading metadata from google with old books (publishing date only year)
2023-01-21 17:09:02 +01:00
Ozzie Isaacs
1cd05d614c Merge remote-tracking branch 'csp/patch-1' 2023-01-21 15:48:08 +01:00
Ozzie Isaacs
2be2920833 Fixed typo 2023-01-21 15:27:51 +01:00
Ozzie Isaacs
43ee85fbb5 Removed unnecessary Unicode "u" 2023-01-21 15:23:18 +01:00
Ozzie Isaacs
8022b1bb36 Merge remote-tracking branch 'english/master' 2023-01-21 15:19:59 +01:00
Petipopotam
beb619c2c2
Correct CSP
no need blob: value for object-src
2023-01-19 20:19:55 +01:00
Petipopotam
ed22209e6c
Content Security Policy syntax was invalid
According to https://csp-evaluator.withgoogle.com/ the CSP built here is NOT valid (and the blob: value is missing at img-src, so the image is not displayed when reading ebook in a browser)

Before this commit, in Chrome response header you can find 

Content-Security-Policy: default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self'  data:; object-src: 'none'; blob:;style-src-elem 'self' blob: 'unsafe-inline';

After :

Content-Security-Policy: default-src 'self'  'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; object-src 'none'  blob:; style-src-elem 'self' blob: 'unsafe-inline';

and image in viewer are displayed
2023-01-19 19:56:27 +01:00
Josh O'Brien
b3335f6733 English Language Updates - V3 2023-01-04 13:30:13 +11:00
Ozzie Isaacs
85a6616606 Merge remote-tracking branch 'fix_default_language/master' 2022-12-25 09:45:14 +01:00
Julien Voisin
2ddbaa2150
Add object-src to the CSP policy 2022-12-22 12:47:37 +01:00
Feige-cn
e8c461b14f
Update web.py
In Admin view page, Editor UI Configuration - Default Settings for New Users - Default Language, set up the new user's default language is not effective. I changed this web.py, add a line of code in 1248 lines in register function. Creating the new user need to take the default language.
2022-11-08 01:32:38 +08:00
Ozzieisaacs
6598c4d259 Add rate limit for opds 2022-09-04 19:47:04 +02:00
Ozzie Isaacs
a9b20ca136 Fix for big database not showing tags 2022-08-29 19:08:04 +02:00
Ozzie Isaacs
bf0375d51d Bugfix change emails 2022-08-28 15:59:25 +02:00
Ozzie Isaacs
89d226e36b Allow deletion of kindle email address and force e-mail address to be valid 2022-08-28 15:54:43 +02:00
Ozzie Isaacs
ae3e3559b8 Rate limit prepared for feedback on login route 2022-07-18 10:59:54 +02:00
Ozzie Isaacs
a72f16fd3a Fix missing or_ import 2022-07-16 19:27:44 +02:00
Ozzie Isaacs
c2545315e1 Fix Ratings with 0 stars are counted as None 2022-07-16 19:09:19 +02:00
Ozzie Isaacs
7344ef353c Rate limited login 2022-07-02 19:46:58 +02:00
Kian-Meng Ang
c4104ddaf4 Fix typos 2022-07-01 21:26:06 +08:00
Ozzie Isaacs
29fd4ae4a2 Bugfixes create users
Update Teststatus
2022-06-17 10:14:33 +02:00
Ozzieisaacs
4ef8c35fb7 Bugfies password validation from testrun 2022-06-16 14:16:00 +02:00
Ozzieisaacs
04326af2da password validation working 2022-06-16 11:15:17 +02:00
Ozzieisaacs
d6a31e5db8 config verify password working 2022-06-16 10:44:42 +02:00
Ozzie Isaacs
91df265d40 Fix for #2437 (advanced search for read status crashes calibre-web) 2022-06-08 17:17:07 +02:00
Ozzie Isaacs
fbac3e38ac Eenabled send epubs to E-Reader devices 2022-05-08 12:55:54 +02:00
Ozzie Isaacs
aaa749933d Further migration to flask_babel
Bugfix sort order
Bugfix tasklist
2022-04-26 20:24:40 +02:00
Ozzie Isaacs
2e007a160e reenable startup logging
Bugfixes from refactoring and merge
2022-04-26 14:45:06 +02:00
Ozzie Isaacs
e7464f2694 Refactored web.py to shrink size of file 2022-04-26 11:49:06 +02:00
Ozzie Isaacs
47414ada69 Merge branch 'master' into Develop 2022-04-26 11:11:00 +02:00
Ozzie Isaacs
5c342d4e7c use get for dicts 2022-04-22 09:06:37 +02:00