Guillaume Vincent
bae5492e7c
Use httpd:2.4-bullseye instead of httpd:2.4
httpd:2.4 use debian 12 and broke webserver on ubuntu 18
1 vuosi sitten
Guillaume Vincent
e1a12fc722
Remove SECRET_KEY from env file
Fixes #785
1 vuosi sitten
Guillaume Vincent
8c19c8d25b
Migrate numbers to digits everywhere
1 vuosi sitten
dependabot[bot]
565e68af7d
Bump pyjwt from 2.1.0 to 2.4.0 in /containers/backend ( #723 )
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases )
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0 )
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 vuotta sitten
dependabot[bot]
ce2bceccb7
Bump django from 3.2.12 to 3.2.16 in /containers/backend ( #739 )
Bumps [django](https://github.com/django/django ) from 3.2.12 to 3.2.16.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.12...3.2.16 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 vuotta sitten
Guillaume Vincent
533ece38a8
Fix createsuperuser cli
Fixes https://github.com/lesspass/lesspass/issues/699
2 vuotta sitten
Peter Dave Hello
57b7f7dbe9
Leave no Python pip temporary cache in backend Docker image ( #704 )
2 vuotta sitten
dependabot[bot]
cb29d4768a
Bump django from 3.2.11 to 3.2.12 in /containers/backend ( #700 )
Bumps [django](https://github.com/django/django ) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.11...3.2.12 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 vuotta sitten
Guillaume Vincent
f326ec275d
push images to docker hub
2 vuotta sitten
dependabot[bot]
b6f8357ce9
Bump django from 3.2.10 to 3.2.11 in /containers/backend ( #694 )
Bumps [django](https://github.com/django/django ) from 3.2.10 to 3.2.11.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.10...3.2.11 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 vuotta sitten
Guillaume Vincent
7662ff61c4
Add account deletion in mobile app
2 vuotta sitten
Guillaume Vincent
3d4aab585d
Bump django from 3.2.8 to 3.2.10 in /containers/backend
2 vuotta sitten
Guillaume Vincent
432b3042a3
Add ALLOWED_HOSTS env variable for backend container
2 vuotta sitten
Guillaume Vincent
9d7e84b27d
Fix lesspass.com HSTS preload status error
Fixes #671
3 vuotta sitten
Guillaume Vincent
e9b6b9f94a
Use python slim image to reduce the size of backend container
3 vuotta sitten
Guillaume Vincent
0881e15c27
Fix HTTP and HTTPS configuration
3 vuotta sitten
Guillaume Vincent
f267490580
Fix TypeError: decode() got an unexpected keyword argument 'verify' error
3 vuotta sitten
Guillaume Vincent
ec9ab2063c
Redirect lesspass.com to www.lesspass.com
Co-authored-by: William Entriken <github.com@phor.net>
3 vuotta sitten
Guillaume Vincent
3205eee942
Update python modules
3 vuotta sitten
Guillaume Vincent
742f3dc1b3
Keep user authenticated on mobile
3 vuotta sitten
dependabot[bot]
f023432e3f
Bump django from 3.1.7 to 3.1.8 in /containers/backend ( #612 )
Bumps [django](https://github.com/django/django ) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.1.7...3.1.8 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 vuotta sitten
Guillaume Vincent
306cba1bc4
Upgrade packages for backend
3 vuotta sitten
dependabot[bot]
e58b617064
Bump django from 3.0.7 to 3.1.6 in /containers/backend ( #605 )
Bumps [django](https://github.com/django/django ) from 3.0.7 to 3.1.6.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.0.7...3.1.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 vuotta sitten
Guillaume Vincent
39a1cac561
Use python 3.8 on the backend
3 vuotta sitten
Guillaume Vincent
3fca391735
Update requirements.txt on the backend
3 vuotta sitten
Guillaume Vincent
ecddb4f29e
Apply black
3 vuotta sitten
Bianca Rosa
68625c8455
Add backend code for encrypting passworld profiles
closes #580
3 vuotta sitten
Guillaume Vincent
3168380ff0
edit hsts configuration
The header must contain the `includeSubDomains` directive.
The header must contain the `preload` directive.
3 vuotta sitten
Guillaume Vincent
cfed362a77
Use less restrictive TLS configuration
Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites.
* https://www.cloudinsidr.com/content/tls-1-3-and-tls-1-2-cipher-suites-demystified-how-to-pick-your-ciphers-wisely/
* (fr) https://www.ssi.gouv.fr/guide/recommandations-de-securite-relatives-a-tls/
* https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&guideline=5.6
4 vuotta sitten
Peter Dave Hello
071c3934d4
Fix a few places with wrong indentation ( #578 )
4 vuotta sitten
Peter Dave Hello
96af69af3b
Ensure final newline char in text files, following .editorconfig ( #575 )
4 vuotta sitten
Peter Dave Hello
7ce7be6451
Remove trailing spaces in text files, following .editorconfig ( #573 )
4 vuotta sitten
Guillaume Vincent
4bb32d9664
Use modern ssl configuration and fix HSTS
4 vuotta sitten
Peter Dave Hello
0a824a9748
Minimize Apache ServerTokens for lesspass-site, cc #568 ( #571 )
4 vuotta sitten
Peter Dave Hello
2a7c018dc9
Enable Apache OCSP stapling ( #569 )
This will speed up the website loading, and make the website more
reliable to the users when the client fails to connect to the CA for an
OCSP response.
Reference:
- https://en.wikipedia.org/wiki/OCSP_stapling
4 vuotta sitten
Peter Dave Hello
cc7bac7c9b
Enable Apache HTTP/2 for better performance ( #570 )
4 vuotta sitten
Guillaume Vincent
b7047be7bf
Remove blog from main repo and fix links
4 vuotta sitten
John Steel
4c703e69ae
Container SSL README.md changed to create_ca_and_ee.sh ( #559 )
* Rename README.md
README.md wasn't actually a readme but an example for how
to make a simple pki.
* Updating ssl script
+ Adding shebang line (#!/usr/bin/env bash)
+ Adding variables for key type and subject
+ Adding comments
+ Adding openssl verify
4 vuotta sitten
Guillaume Vincent
ab3c6969d7
Rebuild containers
4 vuotta sitten
Guillaume Vincent
e70c4bdfe1
Fix authentication workflow
* use refresh token to refresh access token if expired
* change access token duration to 15 minutes
* change refresh token validity to 1 week
Fixes: 539
Fixes: 236
4 vuotta sitten
Guillaume Vincent
876c0edcc9
Set X-Frame-Options header to deny
4 vuotta sitten
Guillaume Vincent
a4fec4b5b7
Fix authentication with old JWT header type
4 vuotta sitten
Guillaume Vincent
ee30d0528c
Fix preflight CORS redirect issue
4 vuotta sitten
Guillaume Vincent
5d1aa73633
Fix proxy pass for old requests
4 vuotta sitten
Guillaume Vincent
c8361afd73
Update Dockerfile
4 vuotta sitten
dependabot[bot]
3f10d92a48
Bump django from 3.0.6 to 3.0.7 in /containers/backend ( #531 )
Bumps [django](https://github.com/django/django ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.0.6...3.0.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 vuotta sitten
Guillaume Vincent
442cf93b78
Add backward compatible url for auth
4 vuotta sitten
Guillaume Vincent
9b35717e4a
Use multistage build for frontend container
4 vuotta sitten
Guillaume Vincent
6a246608ca
Remove old self hosted files and add affiliate link in README
4 vuotta sitten
Guillaume Vincent
1845f4691a
Minor fixes on CICD
* Remove blog container from container deploy until Dockerfile is present
* Do not stop pushing package after an error
4 vuotta sitten