Block a user
c58d702063
Fixed the back URL of the creation forms, applying the accounting_or_next filter for the decoded next URI instead of getting the next URI directly.
89948eeec2
Moved the "__as_next" utility from the test site to the "accounting.utils.next_uri" module, and applied it to the template of the unmatched offset list.
861e66d72d
Removed excess spaces from the test_change_date test of the JournalEntryReorderTestCase test case.
19a219466e
Applied URLSafeSerializer to the next URI utilities to encode and decode the next URI to prevent tampering the next URI.
822c8fc49b
Renamed the "__get_next_uri" function to "__get_next" in the "accounting.utils.next_uri" module.
3b8a2e3bb1
Replaced the "accounting-dummy-form" name with the dummy CSRF token to work with OWASP ZAP CSRF token scans.
9e4927ee0b
Replaced the get_errors_view with the get_messages_view in the create_test_app function in testlib.py.
3b030c577c
Added the integrity value of the CDN stylesheet links in the base template of the test site.
60b33f2a3b
Revised the link to the stylesheet of tempus dominus in the base template of the test site.
08fdf59844
Revised the indent of the flashed success messages in the base template of the test site.
b397515457
Removed the size restriction in the next URI utilities. Buffer overflow may happen with any parameter, not only the "next" parameter. It should be solved in uWSGI, but not the application.
65e7dcdf6d
Replaced the "/next" next URI with the NEXT_URI constant in the test_reorder test of the JournalEntryReorderTestCase test case.
74e414badf
Removed unnecessary f-strings from the test_reorder test of the JournalEntryReorderTestCase test case.
69175979ff
Added the form name to the dummy forms so that they can be excluded by OWASP ZAP scanner for Anti-CSRF tokens.
2f69e0f215
Added the form name to the search forms so that they can be excluded by OWASP ZAP scanner for Anti-CSRF tokens.
961385c389
Added SESSION_COOKIE_SAMESITE and SESSION_COOKIE_SECURE to create_app of the test site, to set the SameSite and Secure flags for the session cookie.
4408bbfc82
Updated the JavaScript library versions, and added decimal.js-light to the documentation.
433110f486
Revised the way to query accounts with Flask-SQLAlchemy style queries in the accounts method of the CurrentAccount data model.
bc888195ad
Disabled logging in the AuthenticationTestCase and FlaskLoginTestCase test cases, for clearer test output.
8e69733cf6
Updated the login_required view decorator of the DigestAuth class, replaced writing to STDERR directly with warning through the Flask logger.
15ea650ddd
Revised the code that handles the "qop" and "stale" parameters of the "WWW-Authenticate" response HTTP header for the upcoming Werkzeug 2.4.
78a5faae31
Revised the code that handles the "qop" and "stale" parameters of the "WWW-Authenticate" response HTTP header to work with Werkzeug 2.4.
5b255b6504
Split the Flask-Login login manager initialization from the init_app method to the __init_login_manager method in the DigestAuth class, to simplify the code.
919b8d0dc3
Removed the unnecessary f-string in the __make_response_header method of the DigestAuth class.