external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 18:56:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,178 Commits 13 Branches 2 Tags
41f8c3c40289d41f81937ee2da1fa18696d624d7
Commit Graph

91 Commits

Author SHA1 Message Date
Oliver Falk
41f8c3c402 🚀 Major Release: ivatar 2.0 - Performance, Security, and Instrumentation Overhaul 2025-11-03 10:18:33 +01:00
Oliver Falk
2b799ba83b Merge latest enhancements and bugfixes from devel to master 2025-10-29 17:18:49 +01:00
Oliver Falk
aecc8e8477 Add configurable defaults for gravatarproxy and gravatarredirect 2025-10-29 11:30:48 +01:00
Oliver Falk
a7b04dc2f4 Performance optimization and Django 5.x compatibility fixes 2025-10-29 09:55:28 +01:00
Oliver Falk
b44ee42398 Speed up robohash generation 2025-10-24 17:42:00 +02:00
Oliver Falk
9cf1cb4745 Enhance performance tests 2025-10-24 13:51:45 +02:00
Oliver Falk
8b2675591e Merge latest devel fixes 2025-10-17 16:56:13 +02:00
Oliver Falk
6db3450b20 Enhance the version endpoint and fix OTEL deployment 2025-10-17 14:49:10 +02:00
Oliver Falk
780dc18fa4 File upload security (iteration 1), security enhancements and OpenTelemetry (OTEL) implementation (sending data disabled by default) 2025-10-17 11:16:48 +02:00
Oliver Falk
368aa5bf27 feat: enhance security with improved password hashing and logging 
- Add Argon2PasswordHasher with high security settings as primary hasher
- Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility
- Add argon2-cffi dependency to requirements.txt
- Replace all print statements with proper logging calls across codebase
- Implement comprehensive logging configuration with multiple handlers:
  * ivatar.log - General application logs (INFO level)
  * ivatar_debug.log - Detailed debug logs (DEBUG level)
  * security.log - Security events (WARNING level)
- Add configurable LOGS_DIR setting with local config override support
- Create config_local.py.example with logging configuration examples
- Fix code quality issues (flake8, black formatting, import conflicts)
- Maintain backward compatibility with existing password hashes

Security improvements:
- New passwords use Argon2 (memory-hard, ASIC-resistant)
- Enhanced PBKDF2 iterations for fallback scenarios
- Structured logging for security monitoring and debugging
- Production-ready configuration with flexible log locations

Tests: 85/113 passing (failures due to external DNS/API dependencies)
Code quality: All pre-commit hooks passing
 2025-10-15 15:13:09 +02:00
Oliver Falk
d720fcfa50 Rename the custom middleware to ensure it's know this is a localemiddleware. Also ensure we delete the Vary header, it could be empty - still problematic 2025-09-11 19:54:40 +02:00
Oliver Falk
5114b4d5d0 We actually need to implement this via Middleware, as the Locale Middleware comes later in the process and hinders us from removing the header. Anyway, it's cleaner, since we're not duplicating code 2025-09-11 14:22:34 +02:00
Oliver Falk
0d16b1f518 Remove the token auth - that was a bad idea. We may look into implementing a full oauth solution at a later point in time 2025-09-09 10:42:16 +02:00
Oliver Falk
aa742ea181 Implement ExternalAuth for token based authorization 2025-09-06 10:28:50 +02:00
Oliver Falk
a1d13ba3ce MAX_ENTRIES for PyMemcacheCache doesn't work with all versions - remove it. 2025-08-13 21:40:37 +02:00
Oliver Falk
1892e9585e Increase cache entries 2025-05-24 16:15:02 +02:00
Oliver Falk
e3b0782082 Merge branch 'oidc' into 'devel' 
Add support for OIDC authentication with Fedora

See merge request oliver/ivatar!242
 2025-04-15 11:10:30 +00:00
Aurélien Bompard
99b4fdcbcd Add support for OIDC authentication with Fedora 
This adds support for authenticating with Fedora's OpenID Connect (OIDC) provider.

Existing users will be matched by email address, they should be able to use the new authentication method transparently.

This requires getting a `client_id` and a `client_secret` from Fedora Infra, see `INSTALL.md`.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2025-04-07 11:03:33 +02:00
Oliver Falk
04a39f7693 Bump version - new feature deserves it 2025-02-10 10:59:24 +01:00
Oliver Falk
3aaaac51f0 Bluesky integration 
* Centralize the our urlopen for consistency.
* Fix a few tests
 2025-02-07 11:34:24 +00:00
Oliver Falk
dcbd2c5df5 Patch release - no major changes 
Testing fixes and stabilization
Test improvement / speed up
PostgreSQL side container for building
 2025-02-07 10:43:37 +00:00
Oliver Falk
1fa5dddce5 Use real database (side container) 2024-06-25 08:32:34 +00:00
Oliver Falk
2fe8af6fab JSONSerializer has been deprecated: https://docs.djangoproject.com/en/4.2/releases/4.1/ 2023-12-07 09:41:22 +01:00
Oliver Falk
6deea2758f Add new dicebear endpoint (Fixes #92) 2023-02-01 16:02:10 +00:00
Oliver Falk
d2e4162b6b Yes, this deserves a version increase 2022-11-22 21:03:46 +01:00
Oliver Falk
9565ccc54e Changes required for Django > 4 2022-11-22 19:38:08 +01:00
Oliver Falk
9221da5805 Inc version 2022-10-24 09:46:25 +02:00
Oliver Falk
899e8db661 Merge branch 'adapt-old-config' into 'devel' 
fix: resolve backward compability in config

See merge request oliver/ivatar!209
 2022-09-15 17:03:07 +00:00
Seth Falco
cf65ea2c6a fix: resolve backward compability in config 2022-09-15 17:03:06 +00:00
Oliver Falk
ce18bb58bd Since this includes the new trusted URLs handling, increas the version a bit 2022-09-15 19:01:17 +02:00
Seth Falco
2578e804b6 fix: validation for trusted urls 2022-07-16 07:36:12 +01:00
Oliver Falk
67ac0ad973 Add www.gravatar.com to the list of trusted URIs 2022-07-15 15:12:53 +02:00
Oliver Falk
00aa1a45cb Add a few more trusted URLs gathered from the logs 2022-02-18 09:33:01 +01:00
Oliver Falk
0c3686beef First preparations for Django >= 4.x 
- Slight reformatting in some parts; Non-functional changes
- ugettext(_lazy) no longer available in Django > 4, changing to
  gettext(_lazy)
- Since django-openid-auth doesn't work with Django > 4 yet, we need to
  pin this project to Django < 4 until that issue is solved
 2021-12-10 09:21:49 +01:00
Oliver Falk
a1c1da81e1 A few more sites known to use default param 2021-11-24 08:35:19 +01:00
Oliver Falk
56f90412bf Enhance the list. It's possible some non-ssl sites still use gravatar without https and some sites use secure.gravatar.com 2021-11-22 13:57:12 +01:00
Oliver Falk
e260e6ff2f Increase version 2021-11-22 13:22:47 +01:00
Oliver Falk
ff9bfdefb5 Fix CWE-601 - Open URL redirection 
- Only a few URLs are allowed now and this _will_ break some implementations
- Print information in the log about which URL was kicked
 2021-11-22 13:17:20 +01:00
Oliver Falk
a3f7575726 v1.5 - massive code update 2021-09-16 09:23:38 +02:00
Oliver Falk
f37fc4de09 Central place for the schema root 2021-09-15 13:14:56 +02:00
Oliver Falk
7ca34aea1b Clean up with black 2021-09-14 15:54:37 +02:00
Oliver Falk
635951ff4d Make pylint happier, enhance a few tests and add missing schemas 2020-11-13 13:36:16 +01:00
Oliver Falk
e74365e788 Now that this source is 2 years old, time to upgrade the version 
Signed-off-by: Oliver Falk <oliver@linux-kernel.at>
 2020-05-11 13:25:41 +02:00
Oliver Falk
060a664d26 Make response caching default and increase cache timeout to 15 minutes 2020-03-04 15:25:18 +01:00
Oliver Falk
6bc0390b48 Fix some debug prints + HttpResponse for Gravatar 2020-03-04 15:11:05 +01:00
Oliver Falk
b463f9f95a Add setting to easily be able to disable the response caching 2020-03-04 14:30:28 +01:00
Oliver Falk
476bddb21c A caching HttpResponse in order to reduce the roundtrip (a lot) 2020-03-04 14:23:58 +01:00
Oliver Falk
e9fe81a8bc The OpenID changes deserve a version increase :-) 2020-02-25 13:55:30 +01:00
Oliver Falk
180056f8c2 New design and cropping fixes/JCrop update 2019-08-09 09:20:43 +02:00
Oliver Falk
6814be78d7 Change cache for issue #50 2019-03-11 11:03:24 +01:00