Commit Graph

275 Commits

Author SHA1 Message Date
elordenador b143d92cb2 fix: consolidate RUN commands in Dockerfile for improved layer caching 2026-05-26 10:08:41 +02:00
elordenador 9d7a7f7432 Merge branch 'latest' of github.com:dsaub/proyecto-final into latest 2026-05-26 10:01:31 +02:00
elordenador 0bb2eeeaa6 fix: add integrity attributes to Stripe and n8n stylesheets for security 2026-05-26 10:00:29 +02:00
Daniel (elordenador) b9acf6a1c7 Merge pull request #98 from dsaub/dependabot/uv/idna-3.15
Bump idna from 3.13 to 3.15
2026-05-26 09:54:31 +02:00
elordenador 57efd95b0c fix: add integrity attribute to Stripe script for security 2026-05-26 09:51:05 +02:00
elordenador 5696fdddaa fix: remove hardcoded IP address from ALLOWED_HOSTS 2026-05-26 09:45:02 +02:00
elordenador 37383b0736 fix: update SECRET_KEY to use environment variable instead of hardcoded value 2026-05-26 09:44:53 +02:00
dependabot[bot] 784fdd1284 Bump idna from 3.13 to 3.15
Bumps [idna](https://github.com/kjd/idna) from 3.13 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](https://github.com/kjd/idna/compare/v3.13...v3.15)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 22:36:59 +00:00
Daniel (elordenador) 336e499973 Merge pull request #94 from dsaub/dependabot/pip/requests-2.34.2
Bump requests from 2.33.1 to 2.34.2
2026-05-15 13:19:08 +02:00
elordenador e4fa941fd6 Add API for AI Agent 2026-05-15 12:35:23 +02:00
dependabot[bot] 48b3f46623 Bump requests from 2.33.1 to 2.34.2
Bumps [requests](https://github.com/psf/requests) from 2.33.1 to 2.34.2.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.33.1...v2.34.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-15 09:52:43 +00:00
Daniel (elordenador) 8caba9b85b Merge pull request #91 from dsaub/feature/valoraciones
feat: sistema de valoraciones de productos
2026-05-12 10:51:53 +02:00
elordenador d0f687f56f feat: añadir edición y eliminación de valoraciones propias 2026-05-08 14:05:52 +02:00
elordenador e70a9aeb9c fix: usar nombre de URL correcto (producto en lugar de product_detail) 2026-05-08 14:04:17 +02:00
elordenador e0350de530 fix: usar estrellas Unicode en lugar de Bootstrap Icons 2026-05-08 14:03:31 +02:00
elordenador 62bf3fdc08 fix: mostrar mensaje correcto cuando no se puede valorar por no haber compra 2026-05-08 13:58:08 +02:00
elordenador 2b2054ace6 debug: añadir variables de debug al template 2026-05-08 13:57:33 +02:00
elordenador f129b0462a fix: permitir valorar si el usuario tiene cualquier OrderItem del producto 2026-05-08 13:53:56 +02:00
elordenador aa047b3fd8 fix: eliminar campo images del form (widget no soporta multiple) 2026-05-08 13:34:00 +02:00
elordenador 429b531bad feat: añadir Review al admin para gestionar valoraciones 2026-05-08 13:33:46 +02:00
elordenador 0438a77149 feat: añadir sistema de valoraciones con formulario, vistas y templates 2026-05-08 13:33:37 +02:00
elordenador 40f0ef8ea5 feat: añadir modelo Review para valoraciones de productos 2026-05-08 13:32:33 +02:00
Daniel (elordenador) e53ecef5dc Merge pull request #90 from dsaub/security-fixes
Security fixes: image validation, email masking, quantity limits
2026-05-08 13:26:38 +02:00
elordenador bf39724837 Fix security issues: image validation, email masking, quantity limits, min length
- #76: Add file type validation for product images (Media severity)
- #75: Mask emails in audit logs to prevent information leakage (Media severity)
- #74: Add max value validator to quantity fields (Low severity)
- #73: Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador) 6f82787022 Merge pull request #89 from dsaub/fix/issue-77-idor-security
Fix IDOR vulnerability in cart operations (#77)
2026-05-08 13:19:58 +02:00
elordenador 46343c1ea8 Refactor error logging in create_paypal_payment function for clarity 2026-05-08 13:18:52 +02:00
elordenador 76c8a277da Remove unused send_test_email function from views.py 2026-05-08 13:16:43 +02:00
elordenador 169a6d9dfb Remove root test .py files 2026-05-08 13:14:52 +02:00
elordenador f59841b5b8 Add permissions section to test job in Docker workflow 2026-05-08 13:13:27 +02:00
elordenador 32c1e1e6ff Fix IDOR vulnerability in cart operations (issue #77)
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador 8a0335fabc Merge branch 'latest' of github.com:dsaub/proyecto-final into latest 2026-05-08 13:07:32 +02:00
elordenador 74b9d3bbc6 Add send_email import 2026-05-08 13:07:06 +02:00
Daniel (elordenador) ffe7828d8e Add UV Config file header to pyproject.toml 2026-05-08 13:00:15 +02:00
Daniel (elordenador) a12954fb84 Update dependabot.yml configuration 2026-05-08 12:59:47 +02:00
Daniel (elordenador) 7f50674bb8 Update Dependabot configuration for Python packages
Changed the package ecosystem from 'uv' to 'pip' and updated the schedule to daily. Removed GitHub Actions updates section.
2026-05-08 12:55:42 +02:00
elordenador f9b3bc7096 Add Procfile 2026-05-08 10:39:38 +02:00
elordenador 932fe7316b Update 2026-05-08 10:37:09 +02:00
elordenador 84f125c4b3 Update Python version 2026-05-08 10:34:28 +02:00
elordenador bb4d9993ec Remove requirements.txt 2026-05-08 10:12:29 +02:00
Daniel (elordenador) beb74539e3 Update dependabot.yml 2026-05-08 10:06:47 +02:00
Daniel (elordenador) f9eda0ca57 Merge pull request #80 from dsaub/development
Development
2026-05-08 10:04:51 +02:00
Daniel (elordenador) 4a30b68b5c Merge pull request #79 from dsaub/copilot/transition-pip-dependencies-to-uv
Migrate dependency management to uv with direct-only Python deps and Dependabot support
2026-05-08 10:03:44 +02:00
copilot-swe-agent[bot] e18ff79ba7 Add Dependabot configuration
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:58:40 +00:00
copilot-swe-agent[bot] 1ce2efd736 Finalize Dockerfile comment wording
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:57:00 +00:00
copilot-swe-agent[bot] 36046ef816 Polish Dockerfile uv sync instructions
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:55:56 +00:00
copilot-swe-agent[bot] e8a26f497e Apply validation feedback for uv lock and dependency docs
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:54:56 +00:00
copilot-swe-agent[bot] 1ff72c7a94 Update PayPal docs and helper script to uv commands
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:53:06 +00:00
copilot-swe-agent[bot] 580d60ec4f Add uv project config and switch CI/Docker installs to uv
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:51:40 +00:00
elordenador 72def373e3 Merge pull request 'Rewrite all forms to use Django Forms with validation' (#1) from form-rewrite into development
Reviewed-on: #1
2026-05-08 07:46:01 +00:00
elordenador a50cadc873 Finish Form Rewrite 2026-05-08 09:43:19 +02:00