Commit Graph

252 Commits

Author SHA1 Message Date
elordenador bf39724837 Fix security issues: image validation, email masking, quantity limits, min length
- #76: Add file type validation for product images (Media severity)
- #75: Mask emails in audit logs to prevent information leakage (Media severity)
- #74: Add max value validator to quantity fields (Low severity)
- #73: Add min length validation to password fields (Low severity)
2026-05-08 13:24:54 +02:00
Daniel (elordenador) 6f82787022 Merge pull request #89 from dsaub/fix/issue-77-idor-security
Fix IDOR vulnerability in cart operations (#77)
2026-05-08 13:19:58 +02:00
elordenador 46343c1ea8 Refactor error logging in create_paypal_payment function for clarity 2026-05-08 13:18:52 +02:00
elordenador 76c8a277da Remove unused send_test_email function from views.py 2026-05-08 13:16:43 +02:00
elordenador 169a6d9dfb Remove root test .py files 2026-05-08 13:14:52 +02:00
elordenador f59841b5b8 Add permissions section to test job in Docker workflow 2026-05-08 13:13:27 +02:00
elordenador 32c1e1e6ff Fix IDOR vulnerability in cart operations (issue #77)
- Add _get_cart_item_owner_filters() helper to validate CartItem ownership
- Update update_cart_item and remove_from_cart to validate ownership
- Prevents users from manipulating item_id to access other users' cart items
2026-05-08 13:09:50 +02:00
elordenador 8a0335fabc Merge branch 'latest' of github.com:dsaub/proyecto-final into latest 2026-05-08 13:07:32 +02:00
elordenador 74b9d3bbc6 Add send_email import 2026-05-08 13:07:06 +02:00
Daniel (elordenador) ffe7828d8e Add UV Config file header to pyproject.toml 2026-05-08 13:00:15 +02:00
Daniel (elordenador) a12954fb84 Update dependabot.yml configuration 2026-05-08 12:59:47 +02:00
Daniel (elordenador) 7f50674bb8 Update Dependabot configuration for Python packages
Changed the package ecosystem from 'uv' to 'pip' and updated the schedule to daily. Removed GitHub Actions updates section.
2026-05-08 12:55:42 +02:00
elordenador f9b3bc7096 Add Procfile 2026-05-08 10:39:38 +02:00
elordenador 932fe7316b Update 2026-05-08 10:37:09 +02:00
elordenador 84f125c4b3 Update Python version 2026-05-08 10:34:28 +02:00
elordenador bb4d9993ec Remove requirements.txt 2026-05-08 10:12:29 +02:00
Daniel (elordenador) beb74539e3 Update dependabot.yml 2026-05-08 10:06:47 +02:00
Daniel (elordenador) f9eda0ca57 Merge pull request #80 from dsaub/development
Development
2026-05-08 10:04:51 +02:00
Daniel (elordenador) 4a30b68b5c Merge pull request #79 from dsaub/copilot/transition-pip-dependencies-to-uv
Migrate dependency management to uv with direct-only Python deps and Dependabot support
2026-05-08 10:03:44 +02:00
copilot-swe-agent[bot] e18ff79ba7 Add Dependabot configuration
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:58:40 +00:00
copilot-swe-agent[bot] 1ce2efd736 Finalize Dockerfile comment wording
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:57:00 +00:00
copilot-swe-agent[bot] 36046ef816 Polish Dockerfile uv sync instructions
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:55:56 +00:00
copilot-swe-agent[bot] e8a26f497e Apply validation feedback for uv lock and dependency docs
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:54:56 +00:00
copilot-swe-agent[bot] 1ff72c7a94 Update PayPal docs and helper script to uv commands
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:53:06 +00:00
copilot-swe-agent[bot] 580d60ec4f Add uv project config and switch CI/Docker installs to uv
Agent-Logs-Url: https://github.com/dsaub/proyecto-final/sessions/7a547c09-9817-47a6-979e-c19cbcaa4c08

Co-authored-by: dsaub <54474838+dsaub@users.noreply.github.com>
2026-05-08 07:51:40 +00:00
elordenador 72def373e3 Merge pull request 'Rewrite all forms to use Django Forms with validation' (#1) from form-rewrite into development
Reviewed-on: #1
2026-05-08 07:46:01 +00:00
elordenador a50cadc873 Finish Form Rewrite 2026-05-08 09:43:19 +02:00
elordenador 551057b067 Rewrite all forms to use Django Forms with validation
- Add ProductEditForm, EditProfileForm, ChangePasswordForm, ShippingAddressForm
- Add ResetPasswordForm, ResetPasswordPhase2Form
- Update views to use new Django Forms
- Add form validation tests (terms required, password mismatch, etc)
- Update templates to use Django Forms {{ form.as_p }}
2026-05-08 09:42:44 +02:00
elordenador ad7ddbe887 Fix formatting in settings.json by adding a missing comma 2026-05-07 08:54:24 +02:00
elordenador d6b7cdfe6a Add error handling for product creation to manage DataError exceptions 2026-05-07 08:37:07 +02:00
elordenador 56286c2fd9 Add limit to briefdesc and description on Product model, for issue #73 2026-05-07 08:01:46 +02:00
elordenador ba4f6ad65d Add CSRF protection to payment endpoints 2026-05-07 07:53:38 +02:00
elordenador ed7041ae40 Add user ban check to login view and log failed attempts 2026-05-06 11:59:59 +02:00
elordenador fa948a98e2 Add desbanear_usuario_action to UserAdmin actions 2026-05-06 11:45:21 +02:00
elordenador e8a5091dfd Add unban email template to notify users of account reinstatement 2026-05-06 11:39:10 +02:00
elordenador a0ee6ecd14 Update short description for desbanear_usuario_action in UserAdmin 2026-05-06 11:37:43 +02:00
elordenador d6c9aa3db3 Implement user unban functionality and enhance ban action with product deletion 2026-05-06 11:37:26 +02:00
elordenador 9751d19401 Add desbanear_usuario task to send unban email notifications 2026-05-06 10:52:32 +02:00
elordenador cda9adb986 Enhance user ban action to delete products by creator and add success message 2026-05-06 10:37:48 +02:00
elordenador e7e7fd118d Refactor user ban action to streamline user deactivation and product deletion 2026-05-06 10:25:13 +02:00
elordenador 132b1e1722 Remove user ban link from admin submit line template 2026-05-06 10:22:34 +02:00
elordenador 7f557a3247 Implement user ban functionality to delete associated products 2026-05-06 09:48:55 +02:00
elordenador 8cf1a55161 Add user ban functionality with email notification 2026-05-06 09:47:47 +02:00
elordenador 61a04e5040 Fix logins int() None 2026-05-06 09:23:33 +02:00
elordenador e5a0caa8b6 Fix text overflow 2026-05-06 09:23:23 +02:00
elordenador 25e6088355 Fix: correct user_options assignment in Celery app 2026-05-05 16:19:59 +02:00
elordenador 8ec391ccde Update AGENTS.md 2026-05-05 15:51:52 +02:00
elordenador 3b007f324f Fix: add COMPRESS_URL setting 2026-05-05 14:03:27 +02:00
elordenador 6e003009fa Fix: add COMPRESS_ROOT setting 2026-05-05 14:01:44 +02:00
elordenador 69578f1dba Fix: add user_options attribute to Celery app 2026-05-05 14:00:36 +02:00