Guillaume Vincent
bae5492e7c
Use httpd:2.4-bullseye instead of httpd:2.4
httpd:2.4 use debian 12 and broke webserver on ubuntu 18
1年前
Guillaume Vincent
e1a12fc722
Remove SECRET_KEY from env file
Fixes #785
1年前
Guillaume Vincent
8c19c8d25b
Migrate numbers to digits everywhere
1年前
dependabot[bot]
565e68af7d
Bump pyjwt from 2.1.0 to 2.4.0 in /containers/backend ( #723 )
Bumps [pyjwt](https://github.com/jpadilla/pyjwt ) from 2.1.0 to 2.4.0.
- [Release notes](https://github.com/jpadilla/pyjwt/releases )
- [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/jpadilla/pyjwt/compare/2.1.0...2.4.0 )
---
updated-dependencies:
- dependency-name: pyjwt
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2年前
dependabot[bot]
ce2bceccb7
Bump django from 3.2.12 to 3.2.16 in /containers/backend ( #739 )
Bumps [django](https://github.com/django/django ) from 3.2.12 to 3.2.16.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.12...3.2.16 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2年前
Guillaume Vincent
533ece38a8
Fix createsuperuser cli
Fixes https://github.com/lesspass/lesspass/issues/699
2年前
Peter Dave Hello
57b7f7dbe9
Leave no Python pip temporary cache in backend Docker image ( #704 )
2年前
dependabot[bot]
cb29d4768a
Bump django from 3.2.11 to 3.2.12 in /containers/backend ( #700 )
Bumps [django](https://github.com/django/django ) from 3.2.11 to 3.2.12.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.11...3.2.12 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2年前
Guillaume Vincent
f326ec275d
push images to docker hub
2年前
dependabot[bot]
b6f8357ce9
Bump django from 3.2.10 to 3.2.11 in /containers/backend ( #694 )
Bumps [django](https://github.com/django/django ) from 3.2.10 to 3.2.11.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.2.10...3.2.11 )
---
updated-dependencies:
- dependency-name: django
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2年前
Guillaume Vincent
7662ff61c4
Add account deletion in mobile app
2年前
Guillaume Vincent
3d4aab585d
Bump django from 3.2.8 to 3.2.10 in /containers/backend
2年前
Guillaume Vincent
432b3042a3
Add ALLOWED_HOSTS env variable for backend container
2年前
Guillaume Vincent
9d7e84b27d
Fix lesspass.com HSTS preload status error
Fixes #671
3年前
Guillaume Vincent
e9b6b9f94a
Use python slim image to reduce the size of backend container
3年前
Guillaume Vincent
0881e15c27
Fix HTTP and HTTPS configuration
3年前
Guillaume Vincent
f267490580
Fix TypeError: decode() got an unexpected keyword argument 'verify' error
3年前
Guillaume Vincent
ec9ab2063c
Redirect lesspass.com to www.lesspass.com
Co-authored-by: William Entriken <github.com@phor.net>
3年前
Guillaume Vincent
3205eee942
Update python modules
3年前
Guillaume Vincent
742f3dc1b3
Keep user authenticated on mobile
3年前
dependabot[bot]
f023432e3f
Bump django from 3.1.7 to 3.1.8 in /containers/backend ( #612 )
Bumps [django](https://github.com/django/django ) from 3.1.7 to 3.1.8.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.1.7...3.1.8 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3年前
Guillaume Vincent
306cba1bc4
Upgrade packages for backend
3年前
dependabot[bot]
e58b617064
Bump django from 3.0.7 to 3.1.6 in /containers/backend ( #605 )
Bumps [django](https://github.com/django/django ) from 3.0.7 to 3.1.6.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.0.7...3.1.6 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3年前
Guillaume Vincent
39a1cac561
Use python 3.8 on the backend
3年前
Guillaume Vincent
3fca391735
Update requirements.txt on the backend
3年前
Guillaume Vincent
ecddb4f29e
Apply black
3年前
Bianca Rosa
68625c8455
Add backend code for encrypting passworld profiles
closes #580
3年前
Guillaume Vincent
3168380ff0
edit hsts configuration
The header must contain the `includeSubDomains` directive.
The header must contain the `preload` directive.
3年前
Guillaume Vincent
cfed362a77
Use less restrictive TLS configuration
Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites.
* https://www.cloudinsidr.com/content/tls-1-3-and-tls-1-2-cipher-suites-demystified-how-to-pick-your-ciphers-wisely/
* (fr) https://www.ssi.gouv.fr/guide/recommandations-de-securite-relatives-a-tls/
* https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&guideline=5.6
4年前
Peter Dave Hello
071c3934d4
Fix a few places with wrong indentation ( #578 )
4年前
Peter Dave Hello
96af69af3b
Ensure final newline char in text files, following .editorconfig ( #575 )
4年前
Peter Dave Hello
7ce7be6451
Remove trailing spaces in text files, following .editorconfig ( #573 )
4年前
Guillaume Vincent
4bb32d9664
Use modern ssl configuration and fix HSTS
4年前
Peter Dave Hello
0a824a9748
Minimize Apache ServerTokens for lesspass-site, cc #568 ( #571 )
4年前
Peter Dave Hello
2a7c018dc9
Enable Apache OCSP stapling ( #569 )
This will speed up the website loading, and make the website more
reliable to the users when the client fails to connect to the CA for an
OCSP response.
Reference:
- https://en.wikipedia.org/wiki/OCSP_stapling
4年前
Peter Dave Hello
cc7bac7c9b
Enable Apache HTTP/2 for better performance ( #570 )
4年前
Guillaume Vincent
b7047be7bf
Remove blog from main repo and fix links
4年前
John Steel
4c703e69ae
Container SSL README.md changed to create_ca_and_ee.sh ( #559 )
* Rename README.md
README.md wasn't actually a readme but an example for how
to make a simple pki.
* Updating ssl script
+ Adding shebang line (#!/usr/bin/env bash)
+ Adding variables for key type and subject
+ Adding comments
+ Adding openssl verify
4年前
Guillaume Vincent
ab3c6969d7
Rebuild containers
4年前
Guillaume Vincent
e70c4bdfe1
Fix authentication workflow
* use refresh token to refresh access token if expired
* change access token duration to 15 minutes
* change refresh token validity to 1 week
Fixes: 539
Fixes: 236
4年前
Guillaume Vincent
876c0edcc9
Set X-Frame-Options header to deny
4年前
Guillaume Vincent
a4fec4b5b7
Fix authentication with old JWT header type
4年前
Guillaume Vincent
ee30d0528c
Fix preflight CORS redirect issue
4年前
Guillaume Vincent
5d1aa73633
Fix proxy pass for old requests
4年前
Guillaume Vincent
c8361afd73
Update Dockerfile
4年前
dependabot[bot]
3f10d92a48
Bump django from 3.0.6 to 3.0.7 in /containers/backend ( #531 )
Bumps [django](https://github.com/django/django ) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/django/django/releases )
- [Commits](https://github.com/django/django/compare/3.0.6...3.0.7 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4年前
Guillaume Vincent
442cf93b78
Add backward compatible url for auth
4年前
Guillaume Vincent
9b35717e4a
Use multistage build for frontend container
4年前
Guillaume Vincent
6a246608ca
Remove old self hosted files and add affiliate link in README
4年前
Guillaume Vincent
1845f4691a
Minor fixes on CICD
* Remove blog container from container deploy until Dockerfile is present
* Do not stop pushing package after an error
4年前