Commit Graph

166 Commits

Author SHA1 Message Date
elordenador 33dee87cb2 send_hemail now returns tuples of same length 2026-05-26 13:21:44 +02:00
elordenador 3de6d37e03 refactor: clean up send_email function and remove outdated SMTP implementation 2026-05-26 13:21:03 +02:00
elordenador 5503bbe8f7 refactor: organize constants and improve template rendering in views 2026-05-26 13:19:06 +02:00
elordenador dd5ecec3f6 fix: improve accessibility by adding aria-labelledby attributes to card input labels 2026-05-26 13:17:47 +02:00
Chroot 09f6f800de fix: script module con top-level await para S7785 2026-05-26 11:14:03 +00:00
Chroot 1ac17109a3 fix: usar async IIFE en loadReviews para S7785 2026-05-26 11:11:43 +00:00
Chroot 325e55417b fix: resolver 9 issues MAJOR de SonarQube Cloud
- views.py: eliminar parámetros no usados cart_items y product_ids
- views.py: reemplazar f-strings sin placeholders por strings normales
- base.html: añadir <title>Comercialmeria</title>
- add_review.html: asociar label 'Puntuación' con rating-input via for
- producto.html: promesa loadReviews con .catch()
- gestionar_imagenes.html: mejorar alt text descriptivo
- unban.html: quitar atributos deprecados width/cellspacing
2026-05-26 11:10:04 +00:00
Chroot 90308d2383 fix: corregir constantes auto-referenciadas que rompen la app
El sed de reemplazo de strings también modificó las definiciones
de constantes, dejando p.ej. LOGIN_TEMPLATE = LOGIN_TEMPLATE
en vez de LOGIN_TEMPLATE = "tienda/login.html", causando
NameError al importar el módulo.
2026-05-26 11:03:53 +00:00
Chroot 424ffcffaf fix: resolver 12 issues CRITICAL de SonarQube Cloud
- forms.py: cambiar import wildcard por imports explícitos (S2208)
- views.py: definir constantes para strings duplicados (S1192)
- views.py: refactorizar login, create_order_from_cart, editar_producto (S3776)
2026-05-26 10:53:18 +00:00
elordenador a61664a46e a 2026-05-26 12:08:06 +02:00
elordenador 1a73a9e373 fix: replace random module with secrets for secure code generation in VerificationCode 2026-05-26 12:02:36 +02:00
elordenador 4877e859bd fix: update HTTP method requirements for borrar_producto and eliminar_direccion views to require POST only 2026-05-26 12:01:15 +02:00
elordenador 848a49c92d feat: add BlankToNoneCharField for handling empty strings in models and update Cart model to use it
fix: update view functions to require appropriate HTTP methods
2026-05-26 11:48:04 +02:00
elordenador ac9efaaf91 fix: update delete review URL to use review ID instead of product ID 2026-05-26 10:35:17 +02:00
elordenador 2024e2f90c fix: update session_key fields in Cart, Order, and StockReservation models for consistency 2026-05-26 10:29:06 +02:00
elordenador 6ec0f4e732 feat: add constants for image types and error messages in forms 2026-05-26 10:19:21 +02:00
elordenador 35e7e93600 fix: remove redundant type annotations for user in UserAdmin actions 2026-05-26 10:12:28 +02:00
elordenador 0bb2eeeaa6 fix: add integrity attributes to Stripe and n8n stylesheets for security 2026-05-26 10:00:29 +02:00
elordenador 57efd95b0c fix: add integrity attribute to Stripe script for security 2026-05-26 09:51:05 +02:00
elordenador e4fa941fd6 Add API for AI Agent 2026-05-15 12:35:23 +02:00
elordenador d0f687f56f feat: añadir edición y eliminación de valoraciones propias 2026-05-08 14:05:52 +02:00
elordenador e70a9aeb9c fix: usar nombre de URL correcto (producto en lugar de product_detail) 2026-05-08 14:04:17 +02:00
elordenador e0350de530 fix: usar estrellas Unicode en lugar de Bootstrap Icons 2026-05-08 14:03:31 +02:00
elordenador 62bf3fdc08 fix: mostrar mensaje correcto cuando no se puede valorar por no haber compra 2026-05-08 13:58:08 +02:00
elordenador 2b2054ace6 debug: añadir variables de debug al template 2026-05-08 13:57:33 +02:00
elordenador f129b0462a fix: permitir valorar si el usuario tiene cualquier OrderItem del producto 2026-05-08 13:53:56 +02:00
elordenador aa047b3fd8 fix: eliminar campo images del form (widget no soporta multiple) 2026-05-08 13:34:00 +02:00
elordenador 429b531bad feat: añadir Review al admin para gestionar valoraciones 2026-05-08 13:33:46 +02:00
elordenador 0438a77149 feat: añadir sistema de valoraciones con formulario, vistas y templates 2026-05-08 13:33:37 +02:00
elordenador 40f0ef8ea5 feat: añadir modelo Review para valoraciones de productos 2026-05-08 13:32:33 +02:00
elordenador bf39724837 Fix security issues: image validation, email masking, quantity limits, min length
- #76: Add file type validation for product images (Media severity)
- #75: Mask emails in audit logs to prevent information leakage (Media severity)
- #74: Add max value validator to quantity fields (Low severity)
- #73: Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador) 6f82787022 Merge pull request #89 from dsaub/fix/issue-77-idor-security
Fix IDOR vulnerability in cart operations (#77)
2026-05-08 13:19:58 +02:00
elordenador 46343c1ea8 Refactor error logging in create_paypal_payment function for clarity 2026-05-08 13:18:52 +02:00
elordenador 76c8a277da Remove unused send_test_email function from views.py 2026-05-08 13:16:43 +02:00
elordenador 32c1e1e6ff Fix IDOR vulnerability in cart operations (issue #77)
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador 74b9d3bbc6 Add send_email import 2026-05-08 13:07:06 +02:00
elordenador a50cadc873 Finish Form Rewrite 2026-05-08 09:43:19 +02:00
elordenador 551057b067 Rewrite all forms to use Django Forms with validation
- Add ProductEditForm, EditProfileForm, ChangePasswordForm, ShippingAddressForm
- Add ResetPasswordForm, ResetPasswordPhase2Form
- Update views to use new Django Forms
- Add form validation tests (terms required, password mismatch, etc)
- Update templates to use Django Forms {{ form.as_p }}
2026-05-08 09:42:44 +02:00
elordenador d6b7cdfe6a Add error handling for product creation to manage DataError exceptions 2026-05-07 08:37:07 +02:00
elordenador 56286c2fd9 Add limit to briefdesc and description on Product model, for issue #73 2026-05-07 08:01:46 +02:00
elordenador ba4f6ad65d Add CSRF protection to payment endpoints 2026-05-07 07:53:38 +02:00
elordenador ed7041ae40 Add user ban check to login view and log failed attempts 2026-05-06 11:59:59 +02:00
elordenador fa948a98e2 Add desbanear_usuario_action to UserAdmin actions 2026-05-06 11:45:21 +02:00
elordenador a0ee6ecd14 Update short description for desbanear_usuario_action in UserAdmin 2026-05-06 11:37:43 +02:00
elordenador d6c9aa3db3 Implement user unban functionality and enhance ban action with product deletion 2026-05-06 11:37:26 +02:00
elordenador 9751d19401 Add desbanear_usuario task to send unban email notifications 2026-05-06 10:52:32 +02:00
elordenador cda9adb986 Enhance user ban action to delete products by creator and add success message 2026-05-06 10:37:48 +02:00
elordenador e7e7fd118d Refactor user ban action to streamline user deactivation and product deletion 2026-05-06 10:25:13 +02:00
elordenador 132b1e1722 Remove user ban link from admin submit line template 2026-05-06 10:22:34 +02:00
elordenador 7f557a3247 Implement user ban functionality to delete associated products 2026-05-06 09:48:55 +02:00