allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kentontay...@apache.org
Subject [allura] branch kt/8274 updated: fixup! [#8274]
Date Mon, 08 Apr 2019 15:45:20 GMT
This is an automated email from the ASF dual-hosted git repository.

kentontaylor pushed a commit to branch kt/8274
in repository https://gitbox.apache.org/repos/asf/allura.git


The following commit(s) were added to refs/heads/kt/8274 by this push:
     new 4d94af9  fixup! [#8274]
4d94af9 is described below

commit 4d94af99252e312abc7ba8aec8e3bcddae667415
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
AuthorDate: Mon Apr 8 15:45:06 2019 +0000

    fixup! [#8274]
---
 Allura/allura/lib/security.py | 3 ++-
 Allura/development.ini        | 4 ++++
 Allura/docker-dev.ini         | 2 --
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Allura/allura/lib/security.py b/Allura/allura/lib/security.py
index e55524b..899d325 100644
--- a/Allura/allura/lib/security.py
+++ b/Allura/allura/lib/security.py
@@ -30,6 +30,7 @@ from pylons import request
 from webob import exc
 from itertools import chain
 from ming.utils import LazyProperty
+import tg
 
 from allura.lib.utils import TruthyCallable
 
@@ -546,7 +547,7 @@ class HIBPClient(object):
             sha_1_first_5 = sha_1[:5]
 
             # hit HIBP API
-            headers = {'User-Agent': 'SourceForge-pwnage-checker'}
+            headers = {'User-Agent': '{}-pwnage-checker'.format(tg.config.get('site_name',
'Allura'))}
             resp = requests.get('https://api.pwnedpasswords.com/range/{}'.format(sha_1_first_5),
timeout=1,
                                 headers=headers)
 
diff --git a/Allura/development.ini b/Allura/development.ini
index 8f86fca..6be1e19 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -588,6 +588,10 @@ limit_param_max = 500
 ; Hide private info (email addresses) in places like commit messages, since they cannot be
edited.
 hide_private_info = true
 
+; Optionally enable password hash checks against haveibeenpwned.com during password changes,
and disallow any
+; that are known to be compromised
+hibp_password_check = true
+
 
 ;
 ; Settings for the Blog tool
diff --git a/Allura/docker-dev.ini b/Allura/docker-dev.ini
index c9147ca..9842d9b 100644
--- a/Allura/docker-dev.ini
+++ b/Allura/docker-dev.ini
@@ -64,8 +64,6 @@ smtp_port = 8826
 forgemail.host = 0.0.0.0
 forgemail.port = 8825
 
-;hibp_password_check = true
-
 [app:task]
 use = main
 override_root = task ; TurboGears will use controllers/task.py as root controller


Mime
View raw message