external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 18:56:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'devel' into 'master'

Browse Source 
Pull in fixes and updates from devel

See merge request oliver/ivatar!247
This commit is contained in:
Oliver Falk
2025-08-23 16:17:58 +02:00
parent 7d0d2f931b 12bc7e5af4
commit b3f580e51b
4 changed files with 37 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config.py
View File

@@ -213,11 +213,13 @@ CACHES = {
"LOCATION": [
"127.0.0.1:11211",
],
#"OPTIONS": {"MAX_ENTRIES": 1000000},
},
"filesystem": {
"BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
"LOCATION": "/var/tmp/ivatar_cache",
"TIMEOUT": 900, # 15 minutes
"OPTIONS": {"MAX_ENTRIES": 1000000},
},
}

19
ivatar/ivataraccount/models.py
View File

@@ -10,7 +10,7 @@ from io import BytesIO
from os import urandom
from urllib.error import HTTPError, URLError
from ivatar.utils import urlopen, Bluesky
from urllib.parse import urlsplit, urlunsplit
from urllib.parse import urlsplit, urlunsplit, quote
from PIL import Image
from django.contrib.auth.models import User
@@ -20,6 +20,7 @@ from django.utils import timezone
from django.http import HttpResponseRedirect
from django.urls import reverse_lazy, reverse
from django.utils.translation import gettext_lazy as _
from django.core.cache import cache
from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
from django.template.loader import render_to_string
@@ -362,6 +363,22 @@ class ConfirmedEmail(BaseAccountModel):
self.digest_sha256 = hashlib.sha256(
self.email.strip().lower().encode("utf-8")
).hexdigest()
# We need to manually expire the page caches
# TODO: Verify this works as expected
# First check if we already have an ID
if self.pk:
cache_url = reverse_lazy(
"assign_photo_email", kwargs={"email_id": int(self.pk)}
)
cache_key = f"views.decorators.cache.cache_page.{quote(str(cache_url))}"
if cache.has_key(cache_key):
cache.delete(cache_key)
logger.error("Successfully cleaned up cached page: %s" % cache_key)
else:
logger.error("Page %s wasn't cached.", cache_key)
return super().save(force_insert, force_update, using, update_fields)
def __str__(self):

22
ivatar/utils.py
View File

@@ -217,33 +217,33 @@ def is_trusted_url(url, url_filters):
"""
(scheme, netloc, path, params, query, fragment) = urlparse(url)
for filter in url_filters:
if "schemes" in filter:
schemes = filter["schemes"]
for ufilter in url_filters:
if "schemes" in ufilter:
schemes = ufilter["schemes"]
if scheme not in schemes:
continue
if "host_equals" in filter:
host_equals = filter["host_equals"]
if "host_equals" in ufilter:
host_equals = ufilter["host_equals"]
if netloc != host_equals:
continue
if "host_suffix" in filter:
host_suffix = filter["host_suffix"]
if "host_suffix" in ufilter:
host_suffix = ufilter["host_suffix"]
if not netloc.endswith(host_suffix):
continue
if "path_prefix" in filter:
path_prefix = filter["path_prefix"]
if "path_prefix" in ufilter:
path_prefix = ufilter["path_prefix"]
if not path.startswith(path_prefix):
continue
if "url_prefix" in filter:
url_prefix = filter["url_prefix"]
if "url_prefix" in ufilter:
url_prefix = ufilter["url_prefix"]
if not url.startswith(url_prefix):
continue

6
templates/security.html
View File

@@ -68,6 +68,12 @@ ivatar/Libravatar more secure by reporting security issues to us.
<li>
MR_NETWORK &amp; Farzan ʷᵒⁿᵈᵉʳ:
Spotted a problematic use of SECRET_KEY in the production environment. Many thanks for reporting it to us!</li>
<li>
<a href="https://x.com/capitan_alfa"
title="@capitan_alfa @ X" target="_new">
Ezequiel Fernandez</a>
Spotted public accessible secret keys in our test instance! We appreciate him notifying us privately about this issue!
</li>
</ul>