Mercurial > kallithea

view .coveragerc @ 8093:8b47181750a8 stable

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350) htmlfill would remove the CSRF token from the form when substituting the query parameters, causing password reset to break. By default, htmlfill will clear all input fields that doesn't have a new "default" value provided. It could be fixed by setting force_defaults to False - see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could also be fixed by providing the CSRF token in the defaults to be substituted in the form. Instead, refactor password_reset_confirmation to have more explicitly safe handling of query parameters. Replace htmlfill with the usual template variables. The URLs are generated in kallithea/model/user.py send_reset_password_email() and should only contain email, timestamp (integer as digit string) and a hex token from get_reset_password_token() .
author Mads Kiilerich <mads@kiilerich.com>
date Thu, 09 Jan 2020 12:28:33 +0100
parents 4b241f198cf2
children d332fca29474
line wrap: on
line source

[run]
omit =
    # the bin scripts are not part of the Kallithea web app
    kallithea/bin/*
    # we ship with no active extensions
    kallithea/config/rcextensions/*
    # dbmigrate is not a part of the Kallithea web app
    kallithea/lib/dbmigrate/*
    # the tests themselves should not be part of the coverage report
    kallithea/tests/*
    # the scm hooks are not run in the kallithea process
    kallithea/config/post_receive_tmpl.py
    kallithea/config/pre_receive_tmpl.py

# same omit lines should be present in sections 'run' and 'report'
[report]
omit =
    # the bin scripts are not part of the Kallithea web app
    kallithea/bin/*
    # we ship with no active extensions
    kallithea/config/rcextensions/*
    # dbmigrate is not a part of the Kallithea web app
    kallithea/lib/dbmigrate/*
    # the tests themselves should not be part of the coverage report
    kallithea/tests/*
    # the scm hooks are not run in the kallithea process
    kallithea/config/post_receive_tmpl.py
    kallithea/config/pre_receive_tmpl.py

[paths]
source =
    kallithea/
    **/workspace/*/kallithea