zulip/zproject
Mateusz Mandera a014ef75a3 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.
A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.
2021-12-01 23:14:04 +00:00
..
jinja2 refactor: Rename and move app_filters.py. 2021-06-11 07:43:22 -07:00
__init__.py
backends.py saml: Add some docstrings to SAMLDocument class. 2021-11-10 12:08:56 -08:00
computed_settings.py Revert "settings: Silence CryptographyDeprecationWarning spam from a dependency." 2021-11-29 16:04:53 -08:00
config.py sentry: Set environment from `machine.deploy_type` config. 2021-07-15 15:01:43 -07:00
configured_settings.py python: Sort imports with isort. 2020-06-11 16:45:32 -07:00
default_settings.py deletion: Preserve deleted objects for 30 days rather than 7. 2021-11-17 18:03:31 -08:00
dev_settings.py auth: Add support for using SCIM for account management. 2021-10-14 12:29:10 -07:00
dev_urls.py typing: Fix function signatures with django-stubs. 2021-08-20 06:02:55 -07:00
email_backends.py zproject: Fix typing errors under the zproject directory. 2021-08-20 05:54:19 -07:00
legacy_urls.py python: Normalize quotes with Black. 2021-02-12 13:11:19 -08:00
prod_settings.pyi zproject: Add prod_settings mypy stub, aliasing prod_settings_template. 2021-07-05 09:53:41 -07:00
prod_settings_template.py rate_limit: Add a flag to lump all TOR exit node IPs together. 2021-11-16 11:42:00 -08:00
sentry.py sentry: Increase shutdown_timeout from 2s to 10s. 2021-11-08 18:11:47 -08:00
settings.py python: Add noqa comments for the specific star imports we allow. 2020-06-11 15:36:43 -07:00
terms.md.template docs: Capitalize Markdown consistently. 2020-08-11 10:23:06 -07:00
test_extra_settings.py settings: Add rate limiting for email address changes. 2021-11-04 20:34:39 -07:00
test_settings.py test_settings: Use TEST_EXTERNAL_HOST to override ‘testserver’ default. 2020-12-17 13:07:59 -08:00
urls.py CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath. 2021-12-01 23:14:04 +00:00
wsgi.py python: Normalize quotes with Black. 2021-02-12 13:11:19 -08:00