Chroot
90308d2383
fix: corregir constantes auto-referenciadas que rompen la app
...
El sed de reemplazo de strings también modificó las definiciones
de constantes, dejando p.ej. LOGIN_TEMPLATE = LOGIN_TEMPLATE
en vez de LOGIN_TEMPLATE = "tienda/login.html", causando
NameError al importar el módulo.
2026-05-26 11:03:53 +00:00
Daniel (elordenador)
de4f36a25c
Merge pull request #99 from dsaub/fix/sonar-critical-issues
...
fix: resolver 12 issues CRITICAL de SonarQube Cloud
2026-05-26 12:57:57 +02:00
Chroot
424ffcffaf
fix: resolver 12 issues CRITICAL de SonarQube Cloud
...
- forms.py: cambiar import wildcard por imports explícitos (S2208)
- views.py: definir constantes para strings duplicados (S1192)
- views.py: refactorizar login, create_order_from_cart, editar_producto (S3776)
2026-05-26 10:53:18 +00:00
elordenador
f0a638be2e
fix: update Docker workflows to use specific action versions and improve test command security
2026-05-26 12:12:03 +02:00
elordenador
a61664a46e
a
2026-05-26 12:08:06 +02:00
elordenador
1a73a9e373
fix: replace random module with secrets for secure code generation in VerificationCode
2026-05-26 12:02:36 +02:00
elordenador
4877e859bd
fix: update HTTP method requirements for borrar_producto and eliminar_direccion views to require POST only
2026-05-26 12:01:15 +02:00
elordenador
848a49c92d
feat: add BlankToNoneCharField for handling empty strings in models and update Cart model to use it
...
fix: update view functions to require appropriate HTTP methods
2026-05-26 11:48:04 +02:00
elordenador
ac9efaaf91
fix: update delete review URL to use review ID instead of product ID
2026-05-26 10:35:17 +02:00
elordenador
2024e2f90c
fix: update session_key fields in Cart, Order, and StockReservation models for consistency
2026-05-26 10:29:06 +02:00
elordenador
6ec0f4e732
feat: add constants for image types and error messages in forms
2026-05-26 10:19:21 +02:00
elordenador
35e7e93600
fix: remove redundant type annotations for user in UserAdmin actions
2026-05-26 10:12:28 +02:00
elordenador
a7f43483f0
refactor: remove obsolete service.sh script
2026-05-26 10:11:42 +02:00
elordenador
d773addc53
fix: update database configuration to support PostgreSQL toggle
2026-05-26 10:10:45 +02:00
elordenador
b143d92cb2
fix: consolidate RUN commands in Dockerfile for improved layer caching
2026-05-26 10:08:41 +02:00
elordenador
9d7a7f7432
Merge branch 'latest' of github.com:dsaub/proyecto-final into latest
2026-05-26 10:01:31 +02:00
elordenador
0bb2eeeaa6
fix: add integrity attributes to Stripe and n8n stylesheets for security
2026-05-26 10:00:29 +02:00
Daniel (elordenador)
b9acf6a1c7
Merge pull request #98 from dsaub/dependabot/uv/idna-3.15
...
Bump idna from 3.13 to 3.15
2026-05-26 09:54:31 +02:00
elordenador
57efd95b0c
fix: add integrity attribute to Stripe script for security
2026-05-26 09:51:05 +02:00
elordenador
5696fdddaa
fix: remove hardcoded IP address from ALLOWED_HOSTS
2026-05-26 09:45:02 +02:00
elordenador
37383b0736
fix: update SECRET_KEY to use environment variable instead of hardcoded value
2026-05-26 09:44:53 +02:00
dependabot[bot]
784fdd1284
Bump idna from 3.13 to 3.15
...
Bumps [idna](https://github.com/kjd/idna ) from 3.13 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.13...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-19 22:36:59 +00:00
Daniel (elordenador)
336e499973
Merge pull request #94 from dsaub/dependabot/pip/requests-2.34.2
...
Bump requests from 2.33.1 to 2.34.2
2026-05-15 13:19:08 +02:00
elordenador
e4fa941fd6
Add API for AI Agent
2026-05-15 12:35:23 +02:00
dependabot[bot]
48b3f46623
Bump requests from 2.33.1 to 2.34.2
...
Bumps [requests](https://github.com/psf/requests ) from 2.33.1 to 2.34.2.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.33.1...v2.34.2 )
---
updated-dependencies:
- dependency-name: requests
dependency-version: 2.34.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-05-15 09:52:43 +00:00
Daniel (elordenador)
8caba9b85b
Merge pull request #91 from dsaub/feature/valoraciones
...
feat: sistema de valoraciones de productos
2026-05-12 10:51:53 +02:00
elordenador
d0f687f56f
feat: añadir edición y eliminación de valoraciones propias
2026-05-08 14:05:52 +02:00
elordenador
e70a9aeb9c
fix: usar nombre de URL correcto (producto en lugar de product_detail)
2026-05-08 14:04:17 +02:00
elordenador
e0350de530
fix: usar estrellas Unicode en lugar de Bootstrap Icons
2026-05-08 14:03:31 +02:00
elordenador
62bf3fdc08
fix: mostrar mensaje correcto cuando no se puede valorar por no haber compra
2026-05-08 13:58:08 +02:00
elordenador
2b2054ace6
debug: añadir variables de debug al template
2026-05-08 13:57:33 +02:00
elordenador
f129b0462a
fix: permitir valorar si el usuario tiene cualquier OrderItem del producto
2026-05-08 13:53:56 +02:00
elordenador
aa047b3fd8
fix: eliminar campo images del form (widget no soporta multiple)
2026-05-08 13:34:00 +02:00
elordenador
429b531bad
feat: añadir Review al admin para gestionar valoraciones
2026-05-08 13:33:46 +02:00
elordenador
0438a77149
feat: añadir sistema de valoraciones con formulario, vistas y templates
2026-05-08 13:33:37 +02:00
elordenador
40f0ef8ea5
feat: añadir modelo Review para valoraciones de productos
2026-05-08 13:32:33 +02:00
Daniel (elordenador)
e53ecef5dc
Merge pull request #90 from dsaub/security-fixes
...
Security fixes: image validation, email masking, quantity limits
2026-05-08 13:26:38 +02:00
elordenador
bf39724837
Fix security issues: image validation, email masking, quantity limits, min length
...
- #76 : Add file type validation for product images (Media severity)
- #75 : Mask emails in audit logs to prevent information leakage (Media severity)
- #74 : Add max value validator to quantity fields (Low severity)
- #73 : Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador)
6f82787022
Merge pull request #89 from dsaub/fix/issue-77-idor-security
...
Fix IDOR vulnerability in cart operations (#77 )
2026-05-08 13:19:58 +02:00
elordenador
46343c1ea8
Refactor error logging in create_paypal_payment function for clarity
2026-05-08 13:18:52 +02:00
elordenador
76c8a277da
Remove unused send_test_email function from views.py
2026-05-08 13:16:43 +02:00
elordenador
169a6d9dfb
Remove root test .py files
2026-05-08 13:14:52 +02:00
elordenador
f59841b5b8
Add permissions section to test job in Docker workflow
2026-05-08 13:13:27 +02:00
elordenador
32c1e1e6ff
Fix IDOR vulnerability in cart operations (issue #77 )
...
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador
8a0335fabc
Merge branch 'latest' of github.com:dsaub/proyecto-final into latest
2026-05-08 13:07:32 +02:00
elordenador
74b9d3bbc6
Add send_email import
2026-05-08 13:07:06 +02:00
Daniel (elordenador)
ffe7828d8e
Add UV Config file header to pyproject.toml
2026-05-08 13:00:15 +02:00
Daniel (elordenador)
a12954fb84
Update dependabot.yml configuration
2026-05-08 12:59:47 +02:00
Daniel (elordenador)
7f50674bb8
Update Dependabot configuration for Python packages
...
Changed the package ecosystem from 'uv' to 'pip' and updated the schedule to daily. Removed GitHub Actions updates section.
2026-05-08 12:55:42 +02:00
elordenador
f9b3bc7096
Add Procfile
2026-05-08 10:39:38 +02:00