external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 18:56:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'security/enhanced-password-hashing-and-logging' into 'master'

Browse Source 
feat: enhance security with improved password hashing and logging

See merge request oliver/ivatar!258
This commit is contained in:
Oliver Falk
2025-10-15 16:36:27 +02:00
parent 27ea0ecb6b 368aa5bf27
commit 2cde85e137
54 changed files with 14424 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -22,3 +22,4 @@ dump_all*.sql
dist/ dist/
.env.local .env.local
tmp/ tmp/
logs/

3
config.py
View File

@@ -296,6 +296,9 @@ TRUSTED_DEFAULT_URLS = list(map(map_legacy_config, TRUSTED_DEFAULT_URLS))
BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None) BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None)
BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None) BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None)
# Logging configuration - can be overridden in local config
# Example: LOGS_DIR = "/var/log/ivatar" # For production deployments
# This MUST BE THE LAST! # This MUST BE THE LAST!
if os.path.isfile(os.path.join(BASE_DIR, "config_local.py")): if os.path.isfile(os.path.join(BASE_DIR, "config_local.py")):
from config_local import * # noqa # flake8: noqa # NOQA # pragma: no cover from config_local import * # noqa # flake8: noqa # NOQA # pragma: no cover

41
config_local.py.example Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*-
"""
Example local configuration file for ivatar
Copy this to config_local.py and customize for your environment
"""
import os
# Override logs directory for production deployments
# LOGS_DIR = "/var/log/ivatar"
# Override logs directory for development with custom location
# LOGS_DIR = os.path.join(os.path.expanduser("~"), "ivatar_logs")
# Example production overrides:
# DEBUG = False
# SECRET_KEY = "your-production-secret-key-here"
# ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
# Database configuration (if not using environment variables)
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.postgresql',
# 'NAME': 'ivatar_prod',
# 'USER': 'ivatar_user',
# 'PASSWORD': 'your-db-password',
# 'HOST': 'localhost',
# 'PORT': '5432',
# }
# }
# Email configuration
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# EMAIL_HOST = 'smtp.yourdomain.com'
# EMAIL_PORT = 587
# EMAIL_USE_TLS = True
# EMAIL_HOST_USER = 'noreply@yourdomain.com'
# EMAIL_HOST_PASSWORD = 'your-email-password'
# Example: Override logs directory for production
# LOGS_DIR = "/var/log/ivatar"

14
create.sh
View File

@@ -2,11 +2,11 @@
oc new-project ivatar oc new-project ivatar
DB_PASSWORD=`openssl rand -base64 16` DB_PASSWORD=$(openssl rand -base64 16)
DB_ROOT_PASSWORD=`openssl rand -base64 16` DB_ROOT_PASSWORD=$(openssl rand -base64 16)
if [ -n "$USE_MYSQL" ]; then if [ -n "$USE_MYSQL" ]; then
DB_CMDLINE="mysql-persistent DB_CMDLINE="mysql-persistent
--group=python+mysql-persistent --group=python+mysql-persistent
-e MYSQL_USER=ivatar -e MYSQL_USER=ivatar
-p MYSQL_USER=ivatar -p MYSQL_USER=ivatar
@@ -17,7 +17,7 @@ if [ -n "$USE_MYSQL" ]; then
-e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD -e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
-p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD" -p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
else else
DB_CMDLINE="postgresql-persistent DB_CMDLINE="postgresql-persistent
-e POSTGRESQL_USER=ivatar -e POSTGRESQL_USER=ivatar
-p POSTGRESQL_USER=ivatar -p POSTGRESQL_USER=ivatar
-e POSTGRESQL_DATABASE=ivatar -e POSTGRESQL_DATABASE=ivatar
@@ -35,8 +35,8 @@ if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
fi fi
oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \ oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \ -e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \ -e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE $DB_CMDLINE
oc expose svc/ivatar oc expose svc/ivatar

2
create_nobody_from_svg_with_inkscape.sh Executable file → Normal file
View File

@@ -1,4 +1,4 @@
for size in $(seq 1 512); do for size in $(seq 1 512); do
inkscape -z -e ivatar/static/img/nobody/${size}.png -w ${size} -h ${size} \ inkscape -z -e ivatar/static/img/nobody/${size}.png -w ${size} -h ${size} \
ivatar/static/img/libravatar_logo.svg ivatar/static/img/libravatar_logo.svg
done done

180
ivatar/ivataraccount/migrations/0001_initial.py
View File

@@ -1,9 +1,9 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-07 07:13 # Generated by Django 2.0.5 on 2018-05-07 07:13
from django.conf import settings from django.conf import settings
from django.db import migrations, models from django.db import migrations, models
import django.db.models.deletion import django.db.models.deletion
import ivatar.ivataraccount.models
class Migration(migrations.Migration): class Migration(migrations.Migration):
@@ -16,93 +16,167 @@ class Migration(migrations.Migration):
operations = [ operations = [
migrations.CreateModel( migrations.CreateModel(
name='ConfirmedEmail', name="ConfirmedEmail",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)), "id",
('add_date', models.DateTimeField()), models.AutoField(
('email', models.EmailField(max_length=254, unique=True)), auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254, unique=True)),
], ],
options={ options={
'verbose_name': 'confirmed email', "verbose_name": "confirmed email",
'verbose_name_plural': 'confirmed emails', "verbose_name_plural": "confirmed emails",
}, },
), ),
migrations.CreateModel( migrations.CreateModel(
name='ConfirmedOpenId', name="ConfirmedOpenId",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)), "id",
('add_date', models.DateTimeField()), models.AutoField(
('openid', models.URLField(max_length=255, unique=True)), auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255, unique=True)),
], ],
options={ options={
'verbose_name': 'confirmed OpenID', "verbose_name": "confirmed OpenID",
'verbose_name_plural': 'confirmed OpenIDs', "verbose_name_plural": "confirmed OpenIDs",
}, },
), ),
migrations.CreateModel( migrations.CreateModel(
name='Photo', name="Photo",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('add_date', models.DateTimeField()), "id",
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)), models.AutoField(
('data', models.BinaryField()), auto_created=True,
('format', models.CharField(max_length=3)), primary_key=True,
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)), serialize=False,
verbose_name="ID",
),
),
("add_date", models.DateTimeField()),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("data", models.BinaryField()),
("format", models.CharField(max_length=3)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
], ],
options={ options={
'verbose_name': 'photo', "verbose_name": "photo",
'verbose_name_plural': 'photos', "verbose_name_plural": "photos",
}, },
), ),
migrations.CreateModel( migrations.CreateModel(
name='UnconfirmedEmail', name="UnconfirmedEmail",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)), "id",
('add_date', models.DateTimeField()), models.AutoField(
('email', models.EmailField(max_length=254)), auto_created=True,
('verification_key', models.CharField(max_length=64)), primary_key=True,
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)), serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254)),
("verification_key", models.CharField(max_length=64)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
], ],
options={ options={
'verbose_name': 'unconfirmed_email', "verbose_name": "unconfirmed_email",
'verbose_name_plural': 'unconfirmed_emails', "verbose_name_plural": "unconfirmed_emails",
}, },
), ),
migrations.CreateModel( migrations.CreateModel(
name='UnconfirmedOpenId', name="UnconfirmedOpenId",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)), "id",
('add_date', models.DateTimeField()), models.AutoField(
('openid', models.URLField(max_length=255)), auto_created=True,
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)), primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
], ],
options={ options={
'verbose_name': 'unconfirmed OpenID', "verbose_name": "unconfirmed OpenID",
'verbose_name_plural': 'unconfirmed_OpenIDs', "verbose_name_plural": "unconfirmed_OpenIDs",
}, },
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='photo', name="photo",
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='openids', to='ivataraccount.Photo'), field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="openids",
to="ivataraccount.Photo",
),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='user', name="user",
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL), field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedemail', model_name="confirmedemail",
name='photo', name="photo",
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='emails', to='ivataraccount.Photo'), field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="emails",
to="ivataraccount.Photo",
),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedemail', model_name="confirmedemail",
name='user', name="user",
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL), field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
), ),
] ]

45
ivatar/ivataraccount/migrations/0002_openidassociation_openidnonce.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-07 07:23 # Generated by Django 2.0.5 on 2018-05-07 07:23
from django.db import migrations, models from django.db import migrations, models
@@ -6,29 +7,45 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0001_initial'), ("ivataraccount", "0001_initial"),
] ]
operations = [ operations = [
migrations.CreateModel( migrations.CreateModel(
name='OpenIDAssociation', name="OpenIDAssociation",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('server_url', models.TextField(max_length=2047)), "id",
('handle', models.CharField(max_length=255)), models.AutoField(
('secret', models.TextField(max_length=255)), auto_created=True,
('issued', models.IntegerField()), primary_key=True,
('lifetime', models.IntegerField()), serialize=False,
('assoc_type', models.TextField(max_length=64)), verbose_name="ID",
),
),
("server_url", models.TextField(max_length=2047)),
("handle", models.CharField(max_length=255)),
("secret", models.TextField(max_length=255)),
("issued", models.IntegerField()),
("lifetime", models.IntegerField()),
("assoc_type", models.TextField(max_length=64)),
], ],
), ),
migrations.CreateModel( migrations.CreateModel(
name='OpenIDNonce', name="OpenIDNonce",
fields=[ fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), (
('server_url', models.CharField(max_length=255)), "id",
('timestamp', models.IntegerField()), models.AutoField(
('salt', models.CharField(max_length=128)), auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("server_url", models.CharField(max_length=255)),
("timestamp", models.IntegerField()),
("salt", models.CharField(max_length=128)),
], ],
), ),
] ]

39
ivatar/ivataraccount/migrations/0003_auto_20180508_0637.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-08 06:37 # Generated by Django 2.0.5 on 2018-05-08 06:37
import datetime import datetime
@@ -7,53 +8,53 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0002_openidassociation_openidnonce'), ("ivataraccount", "0002_openidassociation_openidnonce"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='add_date', name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow), field=models.DateTimeField(default=datetime.datetime.utcnow),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='ip_address', name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True), field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='add_date', name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow), field=models.DateTimeField(default=datetime.datetime.utcnow),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='ip_address', name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True), field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
), ),
migrations.AlterField( migrations.AlterField(
model_name='photo', model_name="photo",
name='add_date', name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow), field=models.DateTimeField(default=datetime.datetime.utcnow),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='add_date', name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow), field=models.DateTimeField(default=datetime.datetime.utcnow),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='ip_address', name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True), field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedopenid', model_name="unconfirmedopenid",
name='add_date', name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow), field=models.DateTimeField(default=datetime.datetime.utcnow),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedopenid', model_name="unconfirmedopenid",
name='ip_address', name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True), field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
), ),
] ]

23
ivatar/ivataraccount/migrations/0004_auto_20180508_0742.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-08 07:42 # Generated by Django 2.0.5 on 2018-05-08 07:42
from django.db import migrations, models from django.db import migrations, models
@@ -7,33 +8,33 @@ import django.utils.timezone
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0003_auto_20180508_0637'), ("ivataraccount", "0003_auto_20180508_0637"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='add_date', name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now), field=models.DateTimeField(default=django.utils.timezone.now),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='add_date', name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now), field=models.DateTimeField(default=django.utils.timezone.now),
), ),
migrations.AlterField( migrations.AlterField(
model_name='photo', model_name="photo",
name='add_date', name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now), field=models.DateTimeField(default=django.utils.timezone.now),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='add_date', name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now), field=models.DateTimeField(default=django.utils.timezone.now),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedopenid', model_name="unconfirmedopenid",
name='add_date', name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now), field=models.DateTimeField(default=django.utils.timezone.now),
), ),
] ]

15
ivatar/ivataraccount/migrations/0005_auto_20180522_1155.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-22 11:55 # Generated by Django 2.0.5 on 2018-05-22 11:55
from django.db import migrations, models from django.db import migrations, models
@@ -6,20 +7,20 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0004_auto_20180508_0742'), ("ivataraccount", "0004_auto_20180508_0742"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='confirmedemail', model_name="confirmedemail",
name='digest', name="digest",
field=models.CharField(default='', max_length=64), field=models.CharField(default="", max_length=64),
preserve_default=False, preserve_default=False,
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='digest', name="digest",
field=models.CharField(default='', max_length=64), field=models.CharField(default="", max_length=64),
preserve_default=False, preserve_default=False,
), ),
] ]

11
ivatar/ivataraccount/migrations/0006_auto_20180626_1445.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-06-26 14:45 # Generated by Django 2.0.6 on 2018-06-26 14:45
from django.db import migrations, models from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0005_auto_20180522_1155'), ("ivataraccount", "0005_auto_20180522_1155"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='confirmedemail', model_name="confirmedemail",
name='digest_sha256', name="digest_sha256",
field=models.CharField(max_length=64, null=True), field=models.CharField(max_length=64, null=True),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='digest', name="digest",
field=models.CharField(max_length=32), field=models.CharField(max_length=32),
), ),
] ]

46
ivatar/ivataraccount/migrations/0007_auto_20180627_0624.py
View File

@@ -1,39 +1,53 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-06-27 06:24 # Generated by Django 2.0.6 on 2018-06-27 06:24
from django.db import migrations, models from django.db import migrations, models
import django.db.models.deletion import django.db.models.deletion
def add_sha256(apps, schema_editor): def add_sha256(apps, schema_editor):
''' """
Make sure all ConfirmedEmail have digest_sha256 set Make sure all ConfirmedEmail have digest_sha256 set
in order to alter the model so sha256 may not be NULL in order to alter the model so sha256 may not be NULL
''' """
ConfirmedEmail = apps.get_model('ivataraccount', 'ConfirmedEmail') ConfirmedEmail = apps.get_model("ivataraccount", "ConfirmedEmail")
for mail in ConfirmedEmail.objects.filter(digest_sha256=None): for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
mail.save() # pragma: no cover mail.save() # pragma: no cover
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0006_auto_20180626_1445'), ("ivataraccount", "0006_auto_20180626_1445"),
] ]
operations = [ operations = [
migrations.RunPython(add_sha256), migrations.RunPython(add_sha256),
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='digest_sha256', name="digest_sha256",
field=models.CharField(max_length=64), field=models.CharField(max_length=64),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='photo', name="photo",
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='emails', to='ivataraccount.Photo'), field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="emails",
to="ivataraccount.Photo",
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='photo', name="photo",
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='openids', to='ivataraccount.Photo'), field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="openids",
to="ivataraccount.Photo",
),
), ),
] ]

46
ivatar/ivataraccount/migrations/0008_userpreference.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# pylint: disable=invalid-name,missing-docstring # pylint: disable=invalid-name,missing-docstring
# Generated by Django 2.0.6 on 2018-07-04 12:32 # Generated by Django 2.0.6 on 2018-07-04 12:32
@@ -7,11 +8,14 @@ import django.db.models.deletion
def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argument def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argument
''' """
Make sure all users have preferences set up Make sure all users have preferences set up
''' """
from django.contrib.auth.models import User from django.contrib.auth.models import User
UserPreference = apps.get_model('ivataraccount', 'UserPreference') # pylint: disable=invalid-name
UserPreference = apps.get_model(
"ivataraccount", "UserPreference"
) # pylint: disable=invalid-name
for user in User.objects.filter(userpreference=None): for user in User.objects.filter(userpreference=None):
pref = UserPreference.objects.create(user_id=user.pk) # pragma: no cover pref = UserPreference.objects.create(user_id=user.pk) # pragma: no cover
pref.save() # pragma: no cover pref.save() # pragma: no cover
@@ -20,24 +24,34 @@ def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argum
class Migration(migrations.Migration): # pylint: disable=missing-docstring class Migration(migrations.Migration): # pylint: disable=missing-docstring
dependencies = [ dependencies = [
('auth', '0009_alter_user_last_name_max_length'), ("auth", "0009_alter_user_last_name_max_length"),
('ivataraccount', '0007_auto_20180627_0624'), ("ivataraccount", "0007_auto_20180627_0624"),
] ]
operations = [ operations = [
migrations.CreateModel( migrations.CreateModel(
name='UserPreference', name="UserPreference",
fields=[ fields=[
('theme', models.CharField( (
choices=[ "theme",
('default', 'Default theme'), models.CharField(
('clime', 'Climes theme')], choices=[
default='default', max_length=10)), ("default", "Default theme"),
('user', models.OneToOneField( ("clime", "Climes theme"),
on_delete=django.db.models.deletion.CASCADE, ],
primary_key=True, default="default",
serialize=False, max_length=10,
to=settings.AUTH_USER_MODEL)), ),
),
(
"user",
models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to=settings.AUTH_USER_MODEL,
),
),
], ],
), ),
migrations.RunPython(add_preference_to_user), migrations.RunPython(add_preference_to_user),

17
ivatar/ivataraccount/migrations/0009_auto_20180705_1152.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-07-05 11:52 # Generated by Django 2.0.6 on 2018-07-05 11:52
from django.db import migrations, models from django.db import migrations, models
@@ -6,13 +7,21 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0008_userpreference'), ("ivataraccount", "0008_userpreference"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='userpreference', model_name="userpreference",
name='theme', name="theme",
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10), field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
), ),
] ]

13
ivatar/ivataraccount/migrations/0010_auto_20180705_1201.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-07-05 12:01 # Generated by Django 2.0.6 on 2018-07-05 12:01
from django.db import migrations, models from django.db import migrations, models
@@ -6,13 +7,17 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0009_auto_20180705_1152'), ("ivataraccount", "0009_auto_20180705_1152"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='userpreference', model_name="userpreference",
name='theme', name="theme",
field=models.CharField(choices=[('default', 'Default theme'), ('falko', 'falkos theme')], default='default', max_length=10), field=models.CharField(
choices=[("default", "Default theme"), ("falko", "falkos theme")],
default="default",
max_length=10,
),
), ),
] ]

21
ivatar/ivataraccount/migrations/0011_auto_20181107_1550.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-11-07 15:50 # Generated by Django 2.1.3 on 2018-11-07 15:50
from django.db import migrations, models from django.db import migrations, models
@@ -6,18 +7,26 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0010_auto_20180705_1201'), ("ivataraccount", "0010_auto_20180705_1201"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='photo', model_name="photo",
name='access_count', name="access_count",
field=models.BigIntegerField(default=0, editable=False), field=models.BigIntegerField(default=0, editable=False),
), ),
migrations.AlterField( migrations.AlterField(
model_name='userpreference', model_name="userpreference",
name='theme', name="theme",
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10), field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
), ),
] ]

11
ivatar/ivataraccount/migrations/0012_auto_20181107_1732.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-11-07 17:32 # Generated by Django 2.1.3 on 2018-11-07 17:32
from django.db import migrations, models from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0011_auto_20181107_1550'), ("ivataraccount", "0011_auto_20181107_1550"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='confirmedemail', model_name="confirmedemail",
name='access_count', name="access_count",
field=models.BigIntegerField(default=0, editable=False), field=models.BigIntegerField(default=0, editable=False),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='access_count', name="access_count",
field=models.BigIntegerField(default=0, editable=False), field=models.BigIntegerField(default=0, editable=False),
), ),
] ]

18
ivatar/ivataraccount/migrations/0013_auto_20181203_1421.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-12-03 14:21 # Generated by Django 2.1.3 on 2018-12-03 14:21
from django.db import migrations, models from django.db import migrations, models
@@ -6,13 +7,22 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0012_auto_20181107_1732'), ("ivataraccount", "0012_auto_20181107_1732"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='userpreference', model_name="userpreference",
name='theme', name="theme",
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('green', 'green theme'), ('red', 'red theme')], default='default', max_length=10), field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("green", "green theme"),
("red", "red theme"),
],
default="default",
max_length=10,
),
), ),
] ]

10
ivatar/ivataraccount/migrations/0014_auto_20190218_1602.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.5 on 2019-02-18 16:02 # Generated by Django 2.1.5 on 2019-02-18 16:02
from django.db import migrations from django.db import migrations
@@ -6,12 +7,15 @@ from django.db import migrations
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0013_auto_20181203_1421'), ("ivataraccount", "0013_auto_20181203_1421"),
] ]
operations = [ operations = [
migrations.AlterModelOptions( migrations.AlterModelOptions(
name='unconfirmedemail', name="unconfirmedemail",
options={'verbose_name': 'unconfirmed email', 'verbose_name_plural': 'unconfirmed emails'}, options={
"verbose_name": "unconfirmed email",
"verbose_name_plural": "unconfirmed emails",
},
), ),
] ]

15
ivatar/ivataraccount/migrations/0015_auto_20200225_0934.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.0.3 on 2020-02-25 09:34 # Generated by Django 3.0.3 on 2020-02-25 09:34
from django.db import migrations, models from django.db import migrations, models
@@ -6,23 +7,23 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0014_auto_20190218_1602'), ("ivataraccount", "0014_auto_20190218_1602"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='alt_digest1', name="alt_digest1",
field=models.CharField(blank=True, default=None, max_length=64, null=True), field=models.CharField(blank=True, default=None, max_length=64, null=True),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='alt_digest2', name="alt_digest2",
field=models.CharField(blank=True, default=None, max_length=64, null=True), field=models.CharField(blank=True, default=None, max_length=64, null=True),
), ),
migrations.AddField( migrations.AddField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='alt_digest3', name="alt_digest3",
field=models.CharField(blank=True, default=None, max_length=64, null=True), field=models.CharField(blank=True, default=None, max_length=64, null=True),
), ),
] ]

11
ivatar/ivataraccount/migrations/0016_auto_20210413_0904.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.1.7 on 2021-04-13 09:04 # Generated by Django 3.1.7 on 2021-04-13 09:04
from django.db import migrations, models from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0015_auto_20200225_0934'), ("ivataraccount", "0015_auto_20200225_0934"),
] ]
operations = [ operations = [
migrations.AddField( migrations.AddField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='last_send_date', name="last_send_date",
field=models.DateTimeField(blank=True, null=True), field=models.DateTimeField(blank=True, null=True),
), ),
migrations.AddField( migrations.AddField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='last_status', name="last_status",
field=models.TextField(blank=True, max_length=2047, null=True), field=models.TextField(blank=True, max_length=2047, null=True),
), ),
] ]

59
ivatar/ivataraccount/migrations/0017_auto_20210528_1314.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.2.3 on 2021-05-28 13:14 # Generated by Django 3.2.3 on 2021-05-28 13:14
from django.db import migrations, models from django.db import migrations, models
@@ -6,43 +7,57 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('ivataraccount', '0016_auto_20210413_0904'), ("ivataraccount", "0016_auto_20210413_0904"),
] ]
operations = [ operations = [
migrations.AlterField( migrations.AlterField(
model_name='confirmedemail', model_name="confirmedemail",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='confirmedopenid', model_name="confirmedopenid",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='openidassociation', model_name="openidassociation",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='openidnonce', model_name="openidnonce",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='photo', model_name="photo",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedemail', model_name="unconfirmedemail",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
migrations.AlterField( migrations.AlterField(
model_name='unconfirmedopenid', model_name="unconfirmedopenid",
name='id', name="id",
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
), ),
] ]

18
ivatar/ivataraccount/models.py
View File

@@ -11,6 +11,7 @@ from os import urandom
from urllib.error import HTTPError, URLError from urllib.error import HTTPError, URLError
from ivatar.utils import urlopen, Bluesky from ivatar.utils import urlopen, Bluesky
from urllib.parse import urlsplit, urlunsplit, quote from urllib.parse import urlsplit, urlunsplit, quote
import logging
from PIL import Image from PIL import Image
from django.contrib.auth.models import User from django.contrib.auth.models import User
@@ -30,13 +31,16 @@ from openid.store.interface import OpenIDStore
from libravatar import libravatar_url from libravatar import libravatar_url
from ivatar.settings import MAX_LENGTH_EMAIL, logger from ivatar.settings import MAX_LENGTH_EMAIL
from ivatar.settings import MAX_PIXELS, AVATAR_MAX_SIZE, JPEG_QUALITY from ivatar.settings import MAX_PIXELS, AVATAR_MAX_SIZE, JPEG_QUALITY
from ivatar.settings import MAX_LENGTH_URL from ivatar.settings import MAX_LENGTH_URL
from ivatar.settings import SECURE_BASE_URL, SITE_NAME, DEFAULT_FROM_EMAIL from ivatar.settings import SECURE_BASE_URL, SITE_NAME, DEFAULT_FROM_EMAIL
from ivatar.utils import openid_variations from ivatar.utils import openid_variations
from .gravatar import get_photo as get_gravatar_photo from .gravatar import get_photo as get_gravatar_photo
# Initialize logger
logger = logging.getLogger("ivatar")
def file_format(image_type): def file_format(image_type):
""" """
@@ -154,10 +158,12 @@ class Photo(BaseAccountModel):
try: try:
image = urlopen(image_url) image = urlopen(image_url)
except HTTPError as exc: except HTTPError as exc:
print(f"{service_name} import failed with an HTTP error: {exc.code}") logger.warning(
f"{service_name} import failed with an HTTP error: {exc.code}"
)
return False return False
except URLError as exc: except URLError as exc:
print(f"{service_name} import failed: {exc.reason}") logger.warning(f"{service_name} import failed: {exc.reason}")
return False return False
data = image.read() data = image.read()
@@ -169,7 +175,7 @@ class Photo(BaseAccountModel):
self.format = file_format(img.format) self.format = file_format(img.format)
if not self.format: if not self.format:
print(f"Unable to determine format: {img}") logger.warning(f"Unable to determine format: {img}")
return False # pragma: no cover return False # pragma: no cover
self.data = data self.data = data
super().save() super().save()
@@ -186,11 +192,11 @@ class Photo(BaseAccountModel):
img = Image.open(BytesIO(self.data)) img = Image.open(BytesIO(self.data))
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
# For debugging only # For debugging only
print(f"Exception caught in Photo.save(): {exc}") logger.error(f"Exception caught in Photo.save(): {exc}")
return False return False
self.format = file_format(img.format) self.format = file_format(img.format)
if not self.format: if not self.format:
print("Format not recognized") logger.error("Format not recognized")
return False return False
return super().save(force_insert, force_update, using, update_fields) return super().save(force_insert, force_update, using, update_fields)

19
ivatar/ivataraccount/views.py
View File

@@ -10,6 +10,7 @@ import binascii
import contextlib import contextlib
from xml.sax import saxutils from xml.sax import saxutils
import gzip import gzip
import logging
from PIL import Image from PIL import Image
@@ -61,6 +62,10 @@ from .models import UserPreference
from .models import file_format from .models import file_format
from .read_libravatar_export import read_gzdata as libravatar_read_gzdata from .read_libravatar_export import read_gzdata as libravatar_read_gzdata
# Initialize loggers
logger = logging.getLogger("ivatar")
security_logger = logging.getLogger("ivatar.security")
def openid_logging(message, level=0): def openid_logging(message, level=0):
""" """
@@ -69,7 +74,7 @@ def openid_logging(message, level=0):
# Normal messages are not that important # Normal messages are not that important
# No need for coverage here # No need for coverage here
if level > 0: # pragma: no cover if level > 0: # pragma: no cover
print(message) logger.debug(message)
class CreateView(SuccessMessageMixin, FormView): class CreateView(SuccessMessageMixin, FormView):
@@ -505,7 +510,7 @@ class ImportPhotoView(SuccessMessageMixin, TemplateView):
try: try:
urlopen(libravatar_service_url) urlopen(libravatar_service_url)
except OSError as exc: except OSError as exc:
print(f"Exception caught during photo import: {exc}") logger.warning(f"Exception caught during photo import: {exc}")
else: else:
context["photos"].append( context["photos"].append(
{ {
@@ -717,7 +722,7 @@ class RemoveConfirmedOpenIDView(View):
openidobj.delete() openidobj.delete()
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
# Why it is not there? # Why it is not there?
print(f"How did we get here: {exc}") logger.warning(f"How did we get here: {exc}")
openid.delete() openid.delete()
messages.success(request, _("ID removed")) messages.success(request, _("ID removed"))
except self.model.DoesNotExist: # pylint: disable=no-member except self.model.DoesNotExist: # pylint: disable=no-member
@@ -766,7 +771,7 @@ class RedirectOpenIDView(View):
"message": exc, "message": exc,
} }
) )
print(f"message: {msg}") logger.error(f"message: {msg}")
messages.error(request, msg) messages.error(request, msg)
if auth_request is None: # pragma: no cover if auth_request is None: # pragma: no cover
@@ -1036,7 +1041,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
try: try:
data = base64.decodebytes(bytes(request.POST[arg], "utf-8")) data = base64.decodebytes(bytes(request.POST[arg], "utf-8"))
except binascii.Error as exc: except binascii.Error as exc:
print(f"Cannot decode photo: {exc}") logger.warning(f"Cannot decode photo: {exc}")
continue continue
try: try:
pilobj = Image.open(BytesIO(data)) pilobj = Image.open(BytesIO(data))
@@ -1050,7 +1055,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
photo.data = out.read() photo.data = out.read()
photo.save() photo.save()
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
print(f"Exception during save: {exc}") logger.error(f"Exception during save: {exc}")
continue continue
return HttpResponseRedirect(reverse_lazy("profile")) return HttpResponseRedirect(reverse_lazy("profile"))
@@ -1177,7 +1182,7 @@ class ProfileView(TemplateView):
openid=openids.first().claimed_id openid=openids.first().claimed_id
).exists(): ).exists():
return return
print(f"need to confirm: {openids.first()}") logger.debug(f"need to confirm: {openids.first()}")
confirmed = ConfirmedOpenId() confirmed = ConfirmedOpenId()
confirmed.user = self.request.user confirmed.user = self.request.user
confirmed.ip_address = get_client_ip(self.request)[0] confirmed.ip_address = get_client_ip(self.request)[0]

102
ivatar/settings.py
View File

@@ -13,6 +13,11 @@ logger.setLevel(log_level)
PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__)) PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__))
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Logging directory - can be overridden in local config
LOGS_DIR = os.path.join(BASE_DIR, "logs")
# Ensure logs directory exists
os.makedirs(LOGS_DIR, exist_ok=True)
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "=v(+-^t#ahv^a&&e)uf36g8algj$d1@6ou^w(r0@%)#8mlc*zk" SECRET_KEY = "=v(+-^t#ahv^a&&e)uf36g8algj$d1@6ou^w(r0@%)#8mlc*zk"
@@ -22,6 +27,77 @@ DEBUG = True
ALLOWED_HOSTS = [] ALLOWED_HOSTS = []
# Comprehensive Logging Configuration
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"formatters": {
"verbose": {
"format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
"style": "{",
},
"simple": {
"format": "{levelname} {asctime} {message}",
"style": "{",
},
"detailed": {
"format": "{levelname} {asctime} {name} {module} {funcName} {lineno:d} {message}",
"style": "{",
},
},
"handlers": {
"file": {
"level": "INFO",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar.log"),
"formatter": "verbose",
},
"file_debug": {
"level": "DEBUG",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar_debug.log"),
"formatter": "detailed",
},
"console": {
"level": "DEBUG" if DEBUG else "INFO",
"class": "logging.StreamHandler",
"formatter": "simple",
},
"security": {
"level": "WARNING",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "security.log"),
"formatter": "detailed",
},
},
"loggers": {
"ivatar": {
"handlers": ["file", "console"],
"level": "INFO",
"propagate": True,
},
"ivatar.security": {
"handlers": ["security", "console"],
"level": "WARNING",
"propagate": False,
},
"ivatar.debug": {
"handlers": ["file_debug"],
"level": "DEBUG",
"propagate": False,
},
"django.security": {
"handlers": ["security"],
"level": "WARNING",
"propagate": False,
},
},
"root": {
"handlers": ["console"],
"level": "INFO",
},
}
# Application definition # Application definition
@@ -103,12 +179,26 @@ AUTH_PASSWORD_VALIDATORS = [
] ]
# Password Hashing (more secure) # Password Hashing (more secure)
PASSWORD_HASHERS = [ # Try to use Argon2PasswordHasher with high security settings, fallback to PBKDF2
# This isn't working in older Python environments PASSWORD_HASHERS = []
# "django.contrib.auth.hashers.Argon2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2PasswordHasher", # Try Argon2 first (requires Python 3.6+ and argon2-cffi package)
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher", try:
] import argon2 # noqa: F401
PASSWORD_HASHERS.append("django.contrib.auth.hashers.Argon2PasswordHasher")
except ImportError:
# Fallback for CentOS 7 / older systems without argon2-cffi
pass
# Always include PBKDF2 as fallback
PASSWORD_HASHERS.extend(
[
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
# Keep PBKDF2SHA1 for existing password compatibility only
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
)
# Security Settings # Security Settings
SECURE_BROWSER_XSS_FILTER = True SECURE_BROWSER_XSS_FILTER = True

7128
ivatar/static/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

409
ivatar/static/css/clime.css
View File

File diff suppressed because one or more lines are too long

265
ivatar/static/css/cropper.min.css vendored Normal file
View File

@@ -0,0 +1,265 @@
/*!
* Cropper.js v1.6.2
* https://fengyuanchen.github.io/cropperjs
*
* Copyright 2015-present Chen Fengyuan
* Released under the MIT license
*
* Date: 2024-04-21T07:43:02.731Z
*/
.cropper-container {
-webkit-touch-callout: none;
direction: ltr;
font-size: 0;
line-height: 0;
position: relative;
-ms-touch-action: none;
touch-action: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.cropper-container img {
backface-visibility: hidden;
display: block;
height: 100%;
image-orientation: 0deg;
max-height: none !important;
max-width: none !important;
min-height: 0 !important;
min-width: 0 !important;
width: 100%;
}
.cropper-canvas,
.cropper-crop-box,
.cropper-drag-box,
.cropper-modal,
.cropper-wrap-box {
bottom: 0;
left: 0;
position: absolute;
right: 0;
top: 0;
}
.cropper-canvas,
.cropper-wrap-box {
overflow: hidden;
}
.cropper-drag-box {
background-color: #fff;
opacity: 0;
}
.cropper-modal {
background-color: #000;
opacity: 0.5;
}
.cropper-view-box {
display: block;
height: 100%;
outline: 1px solid #39f;
outline-color: rgba(51, 153, 255, 0.75);
overflow: hidden;
width: 100%;
}
.cropper-dashed {
border: 0 dashed #eee;
display: block;
opacity: 0.5;
position: absolute;
}
.cropper-dashed.dashed-h {
border-bottom-width: 1px;
border-top-width: 1px;
height: 33.33333%;
left: 0;
top: 33.33333%;
width: 100%;
}
.cropper-dashed.dashed-v {
border-left-width: 1px;
border-right-width: 1px;
height: 100%;
left: 33.33333%;
top: 0;
width: 33.33333%;
}
.cropper-center {
display: block;
height: 0;
left: 50%;
opacity: 0.75;
position: absolute;
top: 50%;
width: 0;
}
.cropper-center:after,
.cropper-center:before {
background-color: #eee;
content: " ";
display: block;
position: absolute;
}
.cropper-center:before {
height: 1px;
left: -3px;
top: 0;
width: 7px;
}
.cropper-center:after {
height: 7px;
left: 0;
top: -3px;
width: 1px;
}
.cropper-face,
.cropper-line,
.cropper-point {
display: block;
height: 100%;
opacity: 0.1;
position: absolute;
width: 100%;
}
.cropper-face {
background-color: #fff;
left: 0;
top: 0;
}
.cropper-line {
background-color: #39f;
}
.cropper-line.line-e {
cursor: ew-resize;
right: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-n {
cursor: ns-resize;
height: 5px;
left: 0;
top: -3px;
}
.cropper-line.line-w {
cursor: ew-resize;
left: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-s {
bottom: -3px;
cursor: ns-resize;
height: 5px;
left: 0;
}
.cropper-point {
background-color: #39f;
height: 5px;
opacity: 0.75;
width: 5px;
}
.cropper-point.point-e {
cursor: ew-resize;
margin-top: -3px;
right: -3px;
top: 50%;
}
.cropper-point.point-n {
cursor: ns-resize;
left: 50%;
margin-left: -3px;
top: -3px;
}
.cropper-point.point-w {
cursor: ew-resize;
left: -3px;
margin-top: -3px;
top: 50%;
}
.cropper-point.point-s {
bottom: -3px;
cursor: s-resize;
left: 50%;
margin-left: -3px;
}
.cropper-point.point-ne {
cursor: nesw-resize;
right: -3px;
top: -3px;
}
.cropper-point.point-nw {
cursor: nwse-resize;
left: -3px;
top: -3px;
}
.cropper-point.point-sw {
bottom: -3px;
cursor: nesw-resize;
left: -3px;
}
.cropper-point.point-se {
bottom: -3px;
cursor: nwse-resize;
height: 20px;
opacity: 1;
right: -3px;
width: 20px;
}
@media (min-width: 768px) {
.cropper-point.point-se {
height: 15px;
width: 15px;
}
}
@media (min-width: 992px) {
.cropper-point.point-se {
height: 10px;
width: 10px;
}
}
@media (min-width: 1200px) {
.cropper-point.point-se {
height: 5px;
opacity: 0.75;
width: 5px;
}
}
.cropper-point.point-se:before {
background-color: #39f;
bottom: -50%;
content: " ";
display: block;
height: 200%;
opacity: 0;
position: absolute;
right: -50%;
width: 200%;
}
.cropper-invisible {
opacity: 0;
}
.cropper-bg {
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAAA3NCSVQICAjb4U/gAAAABlBMVEXMzMz////TjRV2AAAACXBIWXMAAArrAAAK6wGCiw1aAAAAHHRFWHRTb2Z0d2FyZQBBZG9iZSBGaXJld29ya3MgQ1M26LyyjAAAABFJREFUCJlj+M/AgBVhF/0PAH6/D/HkDxOGAAAAAElFTkSuQmCC");
}
.cropper-hide {
display: block;
height: 0;
position: absolute;
width: 0;
}
.cropper-hidden {
display: none !important;
}
.cropper-move {
cursor: move;
}
.cropper-crop {
cursor: crosshair;
}
.cropper-disabled .cropper-drag-box,
.cropper-disabled .cropper-face,
.cropper-disabled .cropper-line,
.cropper-disabled .cropper-point {
cursor: not-allowed;
}

392
ivatar/static/css/green.css
View File

File diff suppressed because one or more lines are too long

146
ivatar/static/css/jcrop.css
View File

@@ -1,2 +1,146 @@
/* jquery.Jcrop.min.css v0.9.15 (build:20180819) */ /* jquery.Jcrop.min.css v0.9.15 (build:20180819) */
.jcrop-holder{direction:ltr;text-align:left;-ms-touch-action:none}.jcrop-hline,.jcrop-vline{background:#fff url(Jcrop.gif);font-size:0;position:absolute}.jcrop-vline{height:100%;width:1px!important}.jcrop-vline.right{right:0}.jcrop-hline{height:1px!important;width:100%}.jcrop-hline.bottom{bottom:0}.jcrop-tracker{height:100%;width:100%;-webkit-tap-highlight-color:transparent;-webkit-touch-callout:none;-webkit-user-select:none}.jcrop-handle{background-color:#333;border:1px #eee solid;width:7px;height:7px;font-size:1px}.jcrop-handle.ord-n{left:50%;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-s{bottom:0;left:50%;margin-bottom:-4px;margin-left:-4px}.jcrop-handle.ord-e{margin-right:-4px;margin-top:-4px;right:0;top:50%}.jcrop-handle.ord-w{left:0;margin-left:-4px;margin-top:-4px;top:50%}.jcrop-handle.ord-nw{left:0;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-ne{margin-right:-4px;margin-top:-4px;right:0;top:0}.jcrop-handle.ord-se{bottom:0;margin-bottom:-4px;margin-right:-4px;right:0}.jcrop-handle.ord-sw{bottom:0;left:0;margin-bottom:-4px;margin-left:-4px}.jcrop-dragbar.ord-n,.jcrop-dragbar.ord-s{height:7px;width:100%}.jcrop-dragbar.ord-e,.jcrop-dragbar.ord-w{height:100%;width:7px}.jcrop-dragbar.ord-n{margin-top:-4px}.jcrop-dragbar.ord-s{bottom:0;margin-bottom:-4px}.jcrop-dragbar.ord-e{margin-right:-4px;right:0}.jcrop-dragbar.ord-w{margin-left:-4px}.jcrop-light .jcrop-hline,.jcrop-light .jcrop-vline{background:#fff;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-light .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#000;border-color:#fff;border-radius:3px}.jcrop-dark .jcrop-hline,.jcrop-dark .jcrop-vline{background:#000;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-dark .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#fff;border-color:#000;border-radius:3px}.solid-line .jcrop-hline,.solid-line .jcrop-vline{background:#fff}.jcrop-holder img,img.jcrop-preview{max-width:none} .jcrop-holder {
direction: ltr;
text-align: left;
-ms-touch-action: none;
}
.jcrop-hline,
.jcrop-vline {
background: #fff url(Jcrop.gif);
font-size: 0;
position: absolute;
}
.jcrop-vline {
height: 100%;
width: 1px !important;
}
.jcrop-vline.right {
right: 0;
}
.jcrop-hline {
height: 1px !important;
width: 100%;
}
.jcrop-hline.bottom {
bottom: 0;
}
.jcrop-tracker {
height: 100%;
width: 100%;
-webkit-tap-highlight-color: transparent;
-webkit-touch-callout: none;
-webkit-user-select: none;
}
.jcrop-handle {
background-color: #333;
border: 1px #eee solid;
width: 7px;
height: 7px;
font-size: 1px;
}
.jcrop-handle.ord-n {
left: 50%;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-s {
bottom: 0;
left: 50%;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-handle.ord-e {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 50%;
}
.jcrop-handle.ord-w {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 50%;
}
.jcrop-handle.ord-nw {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-ne {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 0;
}
.jcrop-handle.ord-se {
bottom: 0;
margin-bottom: -4px;
margin-right: -4px;
right: 0;
}
.jcrop-handle.ord-sw {
bottom: 0;
left: 0;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-dragbar.ord-n,
.jcrop-dragbar.ord-s {
height: 7px;
width: 100%;
}
.jcrop-dragbar.ord-e,
.jcrop-dragbar.ord-w {
height: 100%;
width: 7px;
}
.jcrop-dragbar.ord-n {
margin-top: -4px;
}
.jcrop-dragbar.ord-s {
bottom: 0;
margin-bottom: -4px;
}
.jcrop-dragbar.ord-e {
margin-right: -4px;
right: 0;
}
.jcrop-dragbar.ord-w {
margin-left: -4px;
}
.jcrop-light .jcrop-hline,
.jcrop-light .jcrop-vline {
background: #fff;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-light .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #000;
border-color: #fff;
border-radius: 3px;
}
.jcrop-dark .jcrop-hline,
.jcrop-dark .jcrop-vline {
background: #000;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-dark .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #fff;
border-color: #000;
border-radius: 3px;
}
.solid-line .jcrop-hline,
.solid-line .jcrop-vline {
background: #fff;
}
.jcrop-holder img,
img.jcrop-preview {
max-width: none;
}

392
ivatar/static/css/red.css
View File

File diff suppressed because one or more lines are too long

0
ivatar/static/img/logo4hex/libravatar_org.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
ivatar/static/img/logo4hex/libravatar_org_6.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
ivatar/static/img/logo4hex/libravatar_org_process_blue.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

0
ivatar/static/img/logo4hex/libravatar_org_process_blue_6.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

1701
ivatar/static/js/bootstrap.min.js vendored
View File

File diff suppressed because one or more lines are too long

2170
ivatar/static/js/cropper.min.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

44
ivatar/static/js/ivatar.js
View File

@@ -2,33 +2,33 @@
// Autofocus the right field on forms // Autofocus the right field on forms
if (document.forms.login) { if (document.forms.login) {
if (document.forms.login.username) { if (document.forms.login.username) {
document.forms.login.username.focus(); document.forms.login.username.focus();
} else if (document.forms.login.openid_identifier) { } else if (document.forms.login.openid_identifier) {
document.forms.login.openid_identifier.focus(); document.forms.login.openid_identifier.focus();
} }
} else if (document.forms.addemail) { } else if (document.forms.addemail) {
document.forms.addemail.email.focus(); document.forms.addemail.email.focus();
} else if (document.forms.addopenid) { } else if (document.forms.addopenid) {
document.forms.addopenid.openid.focus(); document.forms.addopenid.openid.focus();
} else if (document.forms.changepassword) { } else if (document.forms.changepassword) {
if(document.forms.changepassword.old_password) { if (document.forms.changepassword.old_password) {
document.forms.changepassword.old_password.focus(); document.forms.changepassword.old_password.focus();
} else { } else {
document.forms.changepassword.new_password1.focus(); document.forms.changepassword.new_password1.focus();
} }
} else if (document.forms.deleteaccount) { } else if (document.forms.deleteaccount) {
if (document.forms.deleteaccount.password) { if (document.forms.deleteaccount.password) {
document.forms.deleteaccount.password.focus(); document.forms.deleteaccount.password.focus();
} }
} else if (document.forms.lookup) { } else if (document.forms.lookup) {
if (document.forms.lookup.email) { if (document.forms.lookup.email) {
document.forms.lookup.email.focus(); document.forms.lookup.email.focus();
} else if (document.forms.lookup.domain) { } else if (document.forms.lookup.domain) {
document.forms.lookup.domain.focus(); document.forms.lookup.domain.focus();
} }
} else if (document.forms.newaccount) { } else if (document.forms.newaccount) {
document.forms.newaccount.username.focus(); document.forms.newaccount.username.focus();
} else if (document.forms.reset) { } else if (document.forms.reset) {
document.forms.reset.email.focus(); document.forms.reset.email.focus();
} }

1155
ivatar/static/js/jcrop.js
View File

File diff suppressed because one or more lines are too long

110
ivatar/test_utils.py
View File

@@ -47,71 +47,67 @@ class Tester(TestCase):
self.assertEqual(openid_variations(openid3)[3], openid3) self.assertEqual(openid_variations(openid3)[3], openid3)
def test_is_trusted_url(self): def test_is_trusted_url(self):
test_gravatar_true = is_trusted_url("https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [ test_gravatar_true = is_trusted_url(
{ "https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
"schemes": [ [
"http", {
"https" "schemes": ["http", "https"],
], "host_equals": "gravatar.com",
"host_equals": "gravatar.com", "path_prefix": "/avatar/",
"path_prefix": "/avatar/" }
} ],
]) )
self.assertTrue(test_gravatar_true) self.assertTrue(test_gravatar_true)
test_gravatar_false = is_trusted_url("https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [ test_gravatar_false = is_trusted_url(
{ "https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
"schemes": [ [
"http", {
"https" "schemes": ["http", "https"],
], "host_suffix": ".gravatar.com",
"host_suffix": ".gravatar.com", "path_prefix": "/avatar/",
"path_prefix": "/avatar/" }
} ],
]) )
self.assertFalse(test_gravatar_false) self.assertFalse(test_gravatar_false)
test_open_redirect = is_trusted_url("https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50", [ test_open_redirect = is_trusted_url(
{ "https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50",
"schemes": [ [
"http", {
"https" "schemes": ["http", "https"],
], "host_suffix": ".gravatar.com",
"host_suffix": ".gravatar.com", "path_prefix": "/avatar/",
"path_prefix": "/avatar/" }
} ],
]) )
self.assertFalse(test_open_redirect) self.assertFalse(test_open_redirect)
test_multiple_filters = is_trusted_url("https://ui-avatars.com/api/blah", [ test_multiple_filters = is_trusted_url(
{ "https://ui-avatars.com/api/blah",
"schemes": [ [
"https" {
], "schemes": ["https"],
"host_equals": "ui-avatars.com", "host_equals": "ui-avatars.com",
"path_prefix": "/api/" "path_prefix": "/api/",
}, },
{ {
"schemes": [ "schemes": ["http", "https"],
"http", "host_suffix": ".gravatar.com",
"https" "path_prefix": "/avatar/",
], },
"host_suffix": ".gravatar.com", ],
"path_prefix": "/avatar/" )
}
])
self.assertTrue(test_multiple_filters) self.assertTrue(test_multiple_filters)
test_url_prefix_true = is_trusted_url("https://ui-avatars.com/api/blah", [ test_url_prefix_true = is_trusted_url(
{ "https://ui-avatars.com/api/blah",
"url_prefix": "https://ui-avatars.com/api/" [{"url_prefix": "https://ui-avatars.com/api/"}],
} )
])
self.assertTrue(test_url_prefix_true) self.assertTrue(test_url_prefix_true)
test_url_prefix_false = is_trusted_url("https://ui-avatars.com/api/blah", [ test_url_prefix_false = is_trusted_url(
{ "https://ui-avatars.com/api/blah",
"url_prefix": "https://gravatar.com/avatar/" [{"url_prefix": "https://gravatar.com/avatar/"}],
} )
])
self.assertFalse(test_url_prefix_false) self.assertFalse(test_url_prefix_false)

6
ivatar/utils.py
View File

@@ -6,6 +6,7 @@ Simple module providing reusable random_string function
import contextlib import contextlib
import random import random
import string import string
import logging
from io import BytesIO from io import BytesIO
from PIL import Image, ImageDraw, ImageSequence from PIL import Image, ImageDraw, ImageSequence
from urllib.parse import urlparse from urllib.parse import urlparse
@@ -13,6 +14,9 @@ import requests
from ivatar.settings import DEBUG, URL_TIMEOUT from ivatar.settings import DEBUG, URL_TIMEOUT
from urllib.request import urlopen as urlopen_orig from urllib.request import urlopen as urlopen_orig
# Initialize logger
logger = logging.getLogger("ivatar")
BLUESKY_IDENTIFIER = None BLUESKY_IDENTIFIER = None
BLUESKY_APP_PASSWORD = None BLUESKY_APP_PASSWORD = None
with contextlib.suppress(Exception): with contextlib.suppress(Exception):
@@ -88,7 +92,7 @@ class Bluesky:
) )
profile_response.raise_for_status() profile_response.raise_for_status()
except Exception as exc: except Exception as exc:
print(f"Bluesky profile fetch failed with HTTP error: {exc}") logger.warning(f"Bluesky profile fetch failed with HTTP error: {exc}")
return None return None
return profile_response.json() return profile_response.json()

39
ivatar/views.py
View File

@@ -7,6 +7,7 @@ import contextlib
from io import BytesIO from io import BytesIO
from os import path from os import path
import hashlib import hashlib
import logging
from ivatar.utils import urlopen, Bluesky from ivatar.utils import urlopen, Bluesky
from urllib.error import HTTPError, URLError from urllib.error import HTTPError, URLError
from ssl import SSLError from ssl import SSLError
@@ -38,6 +39,10 @@ from .ivataraccount.models import Photo
from .ivataraccount.models import pil_format, file_format from .ivataraccount.models import pil_format, file_format
from .utils import is_trusted_url, mm_ng, resize_animated_gif from .utils import is_trusted_url, mm_ng, resize_animated_gif
# Initialize loggers
logger = logging.getLogger("ivatar")
security_logger = logging.getLogger("ivatar.security")
def get_size(request, size=DEFAULT_AVATAR_SIZE): def get_size(request, size=DEFAULT_AVATAR_SIZE):
""" """
@@ -137,14 +142,14 @@ class AvatarImageView(TemplateView):
if default is not None: if default is not None:
if TRUSTED_DEFAULT_URLS is None: if TRUSTED_DEFAULT_URLS is None:
print("Query parameter `default` is disabled.") logger.warning("Query parameter `default` is disabled.")
default = None default = None
elif default.find("://") > 0: elif default.find("://") > 0:
# Check if it's trusted, if not, reset to None # Check if it's trusted, if not, reset to None
trusted_url = is_trusted_url(default, TRUSTED_DEFAULT_URLS) trusted_url = is_trusted_url(default, TRUSTED_DEFAULT_URLS)
if not trusted_url: if not trusted_url:
print( security_logger.warning(
f"Default URL is not in trusted URLs: '{default}'; Kicking it!" f"Default URL is not in trusted URLs: '{default}'; Kicking it!"
) )
default = None default = None
@@ -373,7 +378,7 @@ class GravatarProxyView(View):
if exc.code == 404: if exc.code == 404:
cache.set(gravatar_test_url, "default", 60) cache.set(gravatar_test_url, "default", 60)
else: else:
print(f"Gravatar test url fetch failed: {exc}") logger.warning(f"Gravatar test url fetch failed: {exc}")
return redir_default(default) return redir_default(default)
gravatar_url = ( gravatar_url = (
@@ -384,23 +389,25 @@ class GravatarProxyView(View):
try: try:
if cache.get(gravatar_url) == "err": if cache.get(gravatar_url) == "err":
print(f"Cached Gravatar fetch failed with URL error: {gravatar_url}") logger.warning(
f"Cached Gravatar fetch failed with URL error: {gravatar_url}"
)
return redir_default(default) return redir_default(default)
gravatarimagedata = urlopen(gravatar_url) gravatarimagedata = urlopen(gravatar_url)
except HTTPError as exc: except HTTPError as exc:
if exc.code not in [404, 503]: if exc.code not in [404, 503]:
print( logger.warning(
f"Gravatar fetch failed with an unexpected {exc.code} HTTP error: {gravatar_url}" f"Gravatar fetch failed with an unexpected {exc.code} HTTP error: {gravatar_url}"
) )
cache.set(gravatar_url, "err", 30) cache.set(gravatar_url, "err", 30)
return redir_default(default) return redir_default(default)
except URLError as exc: except URLError as exc:
print(f"Gravatar fetch failed with URL error: {exc.reason}") logger.warning(f"Gravatar fetch failed with URL error: {exc.reason}")
cache.set(gravatar_url, "err", 30) cache.set(gravatar_url, "err", 30)
return redir_default(default) return redir_default(default)
except SSLError as exc: except SSLError as exc:
print(f"Gravatar fetch failed with SSL error: {exc.reason}") logger.warning(f"Gravatar fetch failed with SSL error: {exc.reason}")
cache.set(gravatar_url, "err", 30) cache.set(gravatar_url, "err", 30)
return redir_default(default) return redir_default(default)
try: try:
@@ -416,7 +423,7 @@ class GravatarProxyView(View):
return response return response
except ValueError as exc: except ValueError as exc:
print(f"Value error: {exc}") logger.error(f"Value error: {exc}")
return redir_default(default) return redir_default(default)
# We shouldn't reach this point... But make sure we do something # We shouldn't reach this point... But make sure we do something
@@ -446,7 +453,7 @@ class BlueskyProxyView(View):
return HttpResponseRedirect(url) return HttpResponseRedirect(url)
size = get_size(request) size = get_size(request)
print(size) logger.debug(f"Bluesky avatar size requested: {size}")
blueskyimagedata = None blueskyimagedata = None
default = None default = None
@@ -461,7 +468,7 @@ class BlueskyProxyView(View):
Q(digest=kwargs["digest"]) | Q(digest_sha256=kwargs["digest"]) Q(digest=kwargs["digest"]) | Q(digest_sha256=kwargs["digest"])
).first() ).first()
except Exception as exc: except Exception as exc:
print(exc) logger.warning(f"Exception: {exc}")
# If no identity is found in the email table, try the openid table # If no identity is found in the email table, try the openid table
if not identity: if not identity:
@@ -473,7 +480,7 @@ class BlueskyProxyView(View):
| Q(alt_digest3=kwargs["digest"]) | Q(alt_digest3=kwargs["digest"])
).first() ).first()
except Exception as exc: except Exception as exc:
print(exc) logger.warning(f"Exception: {exc}")
# If still no identity is found, redirect to the default # If still no identity is found, redirect to the default
if not identity: if not identity:
@@ -494,7 +501,9 @@ class BlueskyProxyView(View):
try: try:
if cache.get(bluesky_url) == "err": if cache.get(bluesky_url) == "err":
print(f"Cached Bluesky fetch failed with URL error: {bluesky_url}") logger.warning(
f"Cached Bluesky fetch failed with URL error: {bluesky_url}"
)
return redir_default(default) return redir_default(default)
blueskyimagedata = urlopen(bluesky_url) blueskyimagedata = urlopen(bluesky_url)
@@ -506,11 +515,11 @@ class BlueskyProxyView(View):
cache.set(bluesky_url, "err", 30) cache.set(bluesky_url, "err", 30)
return redir_default(default) return redir_default(default)
except URLError as exc: except URLError as exc:
print(f"Bluesky fetch failed with URL error: {exc.reason}") logger.warning(f"Bluesky fetch failed with URL error: {exc.reason}")
cache.set(bluesky_url, "err", 30) cache.set(bluesky_url, "err", 30)
return redir_default(default) return redir_default(default)
except SSLError as exc: except SSLError as exc:
print(f"Bluesky fetch failed with SSL error: {exc.reason}") logger.warning(f"Bluesky fetch failed with SSL error: {exc.reason}")
cache.set(bluesky_url, "err", 30) cache.set(bluesky_url, "err", 30)
return redir_default(default) return redir_default(default)
try: try:
@@ -536,7 +545,7 @@ class BlueskyProxyView(View):
response["Vary"] = "" response["Vary"] = ""
return response return response
except ValueError as exc: except ValueError as exc:
print(f"Value error: {exc}") logger.error(f"Value error: {exc}")
return redir_default(default) return redir_default(default)
# We shouldn't reach this point... But make sure we do something # We shouldn't reach this point... But make sure we do something

1
ivatar/wsgi.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
""" """
WSGI config for ivatar project. WSGI config for ivatar project.

1
manage.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*-
import os import os
import sys import sys

1
requirements.txt
View File

@@ -1,3 +1,4 @@
argon2-cffi>=21.3.0
autopep8 autopep8
bcrypt bcrypt
defusedxml defusedxml