Commit Graph

139 Commits

Author SHA1 Message Date
elordenador 429b531bad feat: añadir Review al admin para gestionar valoraciones 2026-05-08 13:33:46 +02:00
elordenador 0438a77149 feat: añadir sistema de valoraciones con formulario, vistas y templates 2026-05-08 13:33:37 +02:00
elordenador 40f0ef8ea5 feat: añadir modelo Review para valoraciones de productos 2026-05-08 13:32:33 +02:00
elordenador bf39724837 Fix security issues: image validation, email masking, quantity limits, min length
- #76: Add file type validation for product images (Media severity)
- #75: Mask emails in audit logs to prevent information leakage (Media severity)
- #74: Add max value validator to quantity fields (Low severity)
- #73: Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador) 6f82787022 Merge pull request #89 from dsaub/fix/issue-77-idor-security
Fix IDOR vulnerability in cart operations (#77)
2026-05-08 13:19:58 +02:00
elordenador 46343c1ea8 Refactor error logging in create_paypal_payment function for clarity 2026-05-08 13:18:52 +02:00
elordenador 76c8a277da Remove unused send_test_email function from views.py 2026-05-08 13:16:43 +02:00
elordenador 32c1e1e6ff Fix IDOR vulnerability in cart operations (issue #77)
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador 74b9d3bbc6 Add send_email import 2026-05-08 13:07:06 +02:00
elordenador a50cadc873 Finish Form Rewrite 2026-05-08 09:43:19 +02:00
elordenador 551057b067 Rewrite all forms to use Django Forms with validation
- Add ProductEditForm, EditProfileForm, ChangePasswordForm, ShippingAddressForm
- Add ResetPasswordForm, ResetPasswordPhase2Form
- Update views to use new Django Forms
- Add form validation tests (terms required, password mismatch, etc)
- Update templates to use Django Forms {{ form.as_p }}
2026-05-08 09:42:44 +02:00
elordenador d6b7cdfe6a Add error handling for product creation to manage DataError exceptions 2026-05-07 08:37:07 +02:00
elordenador 56286c2fd9 Add limit to briefdesc and description on Product model, for issue #73 2026-05-07 08:01:46 +02:00
elordenador ba4f6ad65d Add CSRF protection to payment endpoints 2026-05-07 07:53:38 +02:00
elordenador ed7041ae40 Add user ban check to login view and log failed attempts 2026-05-06 11:59:59 +02:00
elordenador fa948a98e2 Add desbanear_usuario_action to UserAdmin actions 2026-05-06 11:45:21 +02:00
elordenador a0ee6ecd14 Update short description for desbanear_usuario_action in UserAdmin 2026-05-06 11:37:43 +02:00
elordenador d6c9aa3db3 Implement user unban functionality and enhance ban action with product deletion 2026-05-06 11:37:26 +02:00
elordenador 9751d19401 Add desbanear_usuario task to send unban email notifications 2026-05-06 10:52:32 +02:00
elordenador cda9adb986 Enhance user ban action to delete products by creator and add success message 2026-05-06 10:37:48 +02:00
elordenador e7e7fd118d Refactor user ban action to streamline user deactivation and product deletion 2026-05-06 10:25:13 +02:00
elordenador 132b1e1722 Remove user ban link from admin submit line template 2026-05-06 10:22:34 +02:00
elordenador 7f557a3247 Implement user ban functionality to delete associated products 2026-05-06 09:48:55 +02:00
elordenador 8cf1a55161 Add user ban functionality with email notification 2026-05-06 09:47:47 +02:00
elordenador 61a04e5040 Fix logins int() None 2026-05-06 09:23:33 +02:00
elordenador e5a0caa8b6 Fix text overflow 2026-05-06 09:23:23 +02:00
elordenador 6be67a9100 Add SKU field to Product model (issue #67) 2026-05-05 09:01:24 +02:00
elordenador bee360dfbb Fix POSTGRES_ENABLED check in ShippingAddress.clean() (issue #66) 2026-05-05 08:52:02 +02:00
elordenador a20a61be82 Add postal code validation to ShippingAddress model (issue #66) 2026-05-05 08:46:34 +02:00
elordenador b9675385aa Fix Github issue #69 2026-05-05 07:44:32 +02:00
elordenador 53b4e89347 Fix tasks.py making tests fail 2026-05-04 22:01:12 +02:00
elordenador df0579dd86 Fix GH Issue #68 2026-05-04 21:59:28 +02:00
elordenador 1022a44f12 Fix GH Issue #65 2026-05-04 19:51:49 +02:00
elordenador bb697d92c6 Fix GH Issue #64 2026-05-04 19:45:47 +02:00
elordenador d75165e31a Arreglar el bug de posiblemente creator y primary_image este en None... 2026-05-04 12:31:49 +02:00
elordenador 6ed4fb1954 Remove punctuation Signs so we generate 'url-safe' codes 2026-05-04 12:30:09 +02:00
elordenador 756f1ad36b Remove entire api for issue #61 2026-04-30 07:43:18 +02:00
elordenador 033c52a365 Fix issue #60 verification code generation 2026-04-30 07:39:14 +02:00
elordenador 297b319a20 Fix issue #59 duplicate reset_password 2026-04-30 07:38:17 +02:00
elordenador 830966f3ee Fix issue #58 not deleting verification code. 2026-04-30 07:37:13 +02:00
elordenador 81d3694210 Solving issue #57 Auth 500 bug 2026-04-30 07:35:28 +02:00
Daniel (elordenador) dce0937511 Merge pull request #56 from dsaub/rama-usabilidad
Agregado parche de usabilidad
2026-04-29 17:02:39 +02:00
Daniel (elordenador) 7f8f70bc42 Merge pull request #55 from dsaub/copilot/unify-add-to-cart-post
[WIP] Fix inconsistency in add to cart action using POST
2026-04-29 11:18:42 +02:00
Daniel (elordenador) 7203a07350 Merge pull request #48 from dsaub/copilot/add-skip-link-to-body
Add "Saltar al contenido" skip link for keyboard/screen reader accessibility
2026-04-29 11:15:44 +02:00
copilot-swe-agent[bot] ba75a0ab2e Style skip link to visually integrate with navbar header
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/a04a8e28-dcc3-4338-8ee9-49c7494bf486

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-04-29 07:38:20 +00:00
Daniel (elordenador) 1f7db2db3a Merge pull request #54 from dsaub/copilot/fix-terms-link-destination
[WIP] Fix terms link without real destination
2026-04-29 09:30:50 +02:00
elordenador a2e6e5ad97 refactor: change StaticStorage to inherit from S3Storage instead of S3ManifestStaticStorage
Co-authored-by: Copilot <copilot@github.com>
2026-04-29 09:30:09 +02:00
copilot-swe-agent[bot] e78a936b21 Fix terms link in register.html to point to terminos view
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/50c087d4-a283-4c38-bda2-5599d42d382f

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-04-29 07:24:53 +00:00
elordenador 30f260c9bf feat: add support for local asset URLs in S3 storage backends
Co-authored-by: Copilot <copilot@github.com>
2026-04-29 08:12:57 +02:00
elordenador 84d8a0e3b6 Add S3 Storage... 2026-04-28 21:19:32 +02:00