Use django-redis-cache backend for locking get_or_set
No longer require group-related tasks to be locked to one simultaneous execution.
Remove legacy service group cache models.
Truncate Discord nicknames to 32 characters
Correct Discourse group name extension using only valid leading characters.
Prevent name slicing from ending with illegal character
Closes#801Closes#847Closes#835Closes#852
* Do not attempt to change user email on SeAT if unchanged.
This prevents HTTP422 from being raised on password resets.
*Delete users on deactivation.
The existing disable user logic does nothing and results in a HTTP500.
It's safe to delete users entirely - the API keys are retained.
Fixes#844
Added discord too many requests handling decorator
Added tests for core Discord manager functions
Added discord backoff retry for celery
Added tests for update groups backoff
Support per-route and global rate limiting
Manager function tidyup
Hopefully improved the key sync function, at least it should be easier to follow whats happening now.
Remove partial logging of unhashed passwords
Added user feedback
- new UI for srp management (mass performs, inline editing)
- unique validation for srp killboard links
- character auth ownership verification for killboard links
- removed remnants of old error messaging system & replaced with current
standard
- added a confirmation popup when deleting fleet SRP's
* Correct duplicate error and success messages to user
* Read out all buffer bytes before sending command
* Convert ts3 manager to use a single connection
Each instance of the class will now use a single connection and should
be cleanly disconnected when finished.
Compatible with `with` clauses and will automatically disconnect from
the TS3 server when it exits the `with` block.
* Update TS3 manager consumers to use new style
* Update unit tests to use new style manager
Force bcrypt 2y for PHP apps
2b isn't supported by older versions of PHP supplied by e.g. Ubuntu
14.04. 2a is insecure.
Remove plaintext warning
No services store plaintext passwords anymore.
Switch form to password field
Insecure, but 2b is not supported by IPS4 according to user reports. This manager needs to be changed to use the IPS4 API at some point anyway, so really a stop gap measure.
* Add service access permissions and migration
`ENABLE_AUTH_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_AUTH_GROUP` group or `Member` if
none is configured.
`ENABLE_BLUE_<servicename> = True` will have the new permission applied
to the settings configured `DEFAULT_BLUE_GROUP` group or `Blue` if none
is configured.
* Move views and hooks to permissions based access
* Remove access restriction to services view
Hypothetically non-member/blues could be granted permission to access
services manually as desired now. A user that has no permissions to
access any services will see a blank services list.
* Remove obsolete service settings
* Remove references to obsolete settings
* Adjusted tests to support permissions based access
* Fix incorrectly named permissions
* Add simple get_services generator function
* Added signals for user and groups perm changes
* Update validate_services to support permissions
deactivate_services removed as its surplus to requirements.
* Removed state parameter from validate_services calls
* Update tests to support signals changes
* Fix incorrect call to validate_services task
* Fix validate_services and test
* Add validate_user to changed user groups signal
* Added tests for new signals
* Remove unnecessary post_add signals
* Added documentation for service permissions
* Added detection for members with service active
If there are any service users in the Member or Blue groups active, then
the permission will be added to the respective Member or Blue group.
This means its no longer necessary to maintain the service enablesettings to migrate to permissions based service.
Remove obsolete state based status checking
* SeAT service in modular service app format
* Replace string concatenation with formatters
* Fix incorrect references to user
* Fix exception when user doesn't have seat active
* Prevent deletion of seat API keys by default
* Improve api response error handling
* Corrected notification message
* Added missing view returns
* Update SeAT to use permissions based access
* Update password generator to new style
* Correct logging message
* Fix seat role update tasks
* Correct validate user logic
* Add seat test settings
* Added basic seat unit tests
* Added add permissions function from other branch
* Remove obsolete settings references
* Add public field to AuthGroup
* Add permission for users to join non-public groups
By default this permission will be applied to the "Member" group to
maintain the current behaviour.
* Allow users to join public groups
Users without the 'groupmanagement.request_groups' permission will be
able to join groups marked as public but will not be able to see or join
any other groups.
* Prevent None state change from purging groups
Currently when a user drops from Blue or Member state all groups and
permissions are discarded. This softens that approach by not removing
public groups and creates a distinction between the two activities. An
argument could maybe be made for not removing permissions on a state
change, but that is beyond the scope of this change.
* Correct syntax for removing filtered groups
* Add unit tests for disable user and member
* Update services signals tests
* Correct mocking call
* Remove permissions checking from menu item
Added transition to bcrypt-sha256 hashing for mumble passwords.
All new passwords will be hashed by bcrypt-sha256. The existing SHA-1
hashes will continue to work as a fallback for legacy password hashes.
