Chroot
325e55417b
fix: resolver 9 issues MAJOR de SonarQube Cloud
...
- views.py: eliminar parámetros no usados cart_items y product_ids
- views.py: reemplazar f-strings sin placeholders por strings normales
- base.html: añadir <title>Comercialmeria</title>
- add_review.html: asociar label 'Puntuación' con rating-input via for
- producto.html: promesa loadReviews con .catch()
- gestionar_imagenes.html: mejorar alt text descriptivo
- unban.html: quitar atributos deprecados width/cellspacing
2026-05-26 11:10:04 +00:00
Chroot
90308d2383
fix: corregir constantes auto-referenciadas que rompen la app
...
El sed de reemplazo de strings también modificó las definiciones
de constantes, dejando p.ej. LOGIN_TEMPLATE = LOGIN_TEMPLATE
en vez de LOGIN_TEMPLATE = "tienda/login.html", causando
NameError al importar el módulo.
2026-05-26 11:03:53 +00:00
Chroot
424ffcffaf
fix: resolver 12 issues CRITICAL de SonarQube Cloud
...
- forms.py: cambiar import wildcard por imports explícitos (S2208)
- views.py: definir constantes para strings duplicados (S1192)
- views.py: refactorizar login, create_order_from_cart, editar_producto (S3776)
2026-05-26 10:53:18 +00:00
elordenador
a61664a46e
a
2026-05-26 12:08:06 +02:00
elordenador
1a73a9e373
fix: replace random module with secrets for secure code generation in VerificationCode
2026-05-26 12:02:36 +02:00
elordenador
4877e859bd
fix: update HTTP method requirements for borrar_producto and eliminar_direccion views to require POST only
2026-05-26 12:01:15 +02:00
elordenador
848a49c92d
feat: add BlankToNoneCharField for handling empty strings in models and update Cart model to use it
...
fix: update view functions to require appropriate HTTP methods
2026-05-26 11:48:04 +02:00
elordenador
ac9efaaf91
fix: update delete review URL to use review ID instead of product ID
2026-05-26 10:35:17 +02:00
elordenador
2024e2f90c
fix: update session_key fields in Cart, Order, and StockReservation models for consistency
2026-05-26 10:29:06 +02:00
elordenador
6ec0f4e732
feat: add constants for image types and error messages in forms
2026-05-26 10:19:21 +02:00
elordenador
35e7e93600
fix: remove redundant type annotations for user in UserAdmin actions
2026-05-26 10:12:28 +02:00
elordenador
0bb2eeeaa6
fix: add integrity attributes to Stripe and n8n stylesheets for security
2026-05-26 10:00:29 +02:00
elordenador
57efd95b0c
fix: add integrity attribute to Stripe script for security
2026-05-26 09:51:05 +02:00
elordenador
e4fa941fd6
Add API for AI Agent
2026-05-15 12:35:23 +02:00
elordenador
d0f687f56f
feat: añadir edición y eliminación de valoraciones propias
2026-05-08 14:05:52 +02:00
elordenador
e70a9aeb9c
fix: usar nombre de URL correcto (producto en lugar de product_detail)
2026-05-08 14:04:17 +02:00
elordenador
e0350de530
fix: usar estrellas Unicode en lugar de Bootstrap Icons
2026-05-08 14:03:31 +02:00
elordenador
62bf3fdc08
fix: mostrar mensaje correcto cuando no se puede valorar por no haber compra
2026-05-08 13:58:08 +02:00
elordenador
2b2054ace6
debug: añadir variables de debug al template
2026-05-08 13:57:33 +02:00
elordenador
f129b0462a
fix: permitir valorar si el usuario tiene cualquier OrderItem del producto
2026-05-08 13:53:56 +02:00
elordenador
aa047b3fd8
fix: eliminar campo images del form (widget no soporta multiple)
2026-05-08 13:34:00 +02:00
elordenador
429b531bad
feat: añadir Review al admin para gestionar valoraciones
2026-05-08 13:33:46 +02:00
elordenador
0438a77149
feat: añadir sistema de valoraciones con formulario, vistas y templates
2026-05-08 13:33:37 +02:00
elordenador
40f0ef8ea5
feat: añadir modelo Review para valoraciones de productos
2026-05-08 13:32:33 +02:00
elordenador
bf39724837
Fix security issues: image validation, email masking, quantity limits, min length
...
- #76 : Add file type validation for product images (Media severity)
- #75 : Mask emails in audit logs to prevent information leakage (Media severity)
- #74 : Add max value validator to quantity fields (Low severity)
- #73 : Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador)
6f82787022
Merge pull request #89 from dsaub/fix/issue-77-idor-security
...
Fix IDOR vulnerability in cart operations (#77 )
2026-05-08 13:19:58 +02:00
elordenador
46343c1ea8
Refactor error logging in create_paypal_payment function for clarity
2026-05-08 13:18:52 +02:00
elordenador
76c8a277da
Remove unused send_test_email function from views.py
2026-05-08 13:16:43 +02:00
elordenador
32c1e1e6ff
Fix IDOR vulnerability in cart operations (issue #77 )
...
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador
74b9d3bbc6
Add send_email import
2026-05-08 13:07:06 +02:00
elordenador
a50cadc873
Finish Form Rewrite
2026-05-08 09:43:19 +02:00
elordenador
551057b067
Rewrite all forms to use Django Forms with validation
...
- Add ProductEditForm, EditProfileForm, ChangePasswordForm, ShippingAddressForm
- Add ResetPasswordForm, ResetPasswordPhase2Form
- Update views to use new Django Forms
- Add form validation tests (terms required, password mismatch, etc)
- Update templates to use Django Forms {{ form.as_p }}
2026-05-08 09:42:44 +02:00
elordenador
d6b7cdfe6a
Add error handling for product creation to manage DataError exceptions
2026-05-07 08:37:07 +02:00
elordenador
56286c2fd9
Add limit to briefdesc and description on Product model, for issue #73
2026-05-07 08:01:46 +02:00
elordenador
ba4f6ad65d
Add CSRF protection to payment endpoints
2026-05-07 07:53:38 +02:00
elordenador
ed7041ae40
Add user ban check to login view and log failed attempts
2026-05-06 11:59:59 +02:00
elordenador
fa948a98e2
Add desbanear_usuario_action to UserAdmin actions
2026-05-06 11:45:21 +02:00
elordenador
a0ee6ecd14
Update short description for desbanear_usuario_action in UserAdmin
2026-05-06 11:37:43 +02:00
elordenador
d6c9aa3db3
Implement user unban functionality and enhance ban action with product deletion
2026-05-06 11:37:26 +02:00
elordenador
9751d19401
Add desbanear_usuario task to send unban email notifications
2026-05-06 10:52:32 +02:00
elordenador
cda9adb986
Enhance user ban action to delete products by creator and add success message
2026-05-06 10:37:48 +02:00
elordenador
e7e7fd118d
Refactor user ban action to streamline user deactivation and product deletion
2026-05-06 10:25:13 +02:00
elordenador
132b1e1722
Remove user ban link from admin submit line template
2026-05-06 10:22:34 +02:00
elordenador
7f557a3247
Implement user ban functionality to delete associated products
2026-05-06 09:48:55 +02:00
elordenador
8cf1a55161
Add user ban functionality with email notification
2026-05-06 09:47:47 +02:00
elordenador
61a04e5040
Fix logins int() None
2026-05-06 09:23:33 +02:00
elordenador
e5a0caa8b6
Fix text overflow
2026-05-06 09:23:23 +02:00
elordenador
6be67a9100
Add SKU field to Product model (issue #67 )
2026-05-05 09:01:24 +02:00
elordenador
bee360dfbb
Fix POSTGRES_ENABLED check in ShippingAddress.clean() (issue #66 )
2026-05-05 08:52:02 +02:00
elordenador
a20a61be82
Add postal code validation to ShippingAddress model (issue #66 )
2026-05-05 08:46:34 +02:00