* fix: remove synchronization with mailman2
* feat: manage non wg mailing lists explicitly
* chore: black
* fix: update tests for new nonwg view
* feat: drop unused models
* fix: Don't redirect user to the login page when logging in (#5876)
(Embrace and extend c4bf508cd8.)
* test: Add test case for login button
* refactor: The template filter just strips off a path prefix, so rename/recode accordingly
Also test with a non-trivial redirect target.
This change allows password reset with any email address associated with the
account.
The password reset will only be sent to the active email addresses associated
with the account.
Fixes#5057
* fix: Only send password reset email to known, active addresses
Limits password reset to Users with a Person and at least one active
address on file. Avoids the possibility of sending a password reset to
a spoofed address as in CVE-2019-19844.
* test: Use factory instead of explicit construction
* test: Test that a User with no Person cannot reset password
* fix: Fix handling of User.person field when it's null
* test: Test that reset emails are sent to known, active addresses
* chore: Use codespell to fix typos in code.
Second part of replacement of #4651
@rjsparks, I probably need to revert some things here, and I also
still need to add that new migration - how do I do that?
* Revert migrations
* Migrate "Whitelisted" to "Allowlisted"
* TEST_COVERAGE_MASTER_FILE -> TEST_COVERAGE_MAIN_FILE
* Fix permissions
* Add suggestions from @jennifer-richards
* fix: remove help/personal-information and the prompt-for-consent email management command.
* fix: remove gdpr treatment except for consent checkbox. Rename Submit.
* fix: drom the consent column from Person and Person.History
* fix: remove the consent boolean. Reorganize the account info form.
* chore: reorder migrations
* refactor: replace datetime.now with timezone.now
* refactor: migrate model fields to use timezone.now as default
* refactor: replace datetime.today with timezone.now
datetime.datetime.today() is equivalent to datetime.datetime.now(); both
return a naive datetime with the current local time.
* refactor: rephrase datetime.now(tz) as timezone.now().astimezone(tz)
This is effectively the same, but is less likely to encourage accidental
use of naive datetimes.
* refactor: revert datetime.today() change to old migrations
* refactor: change a missed datetime.now to timezone.now
* chore: renumber timezone_now migration
* chore: renumber migrations
* feat: add pronouns
* fix: include migrations
* fix: correct daggers on person form.
* fix: clean pronouns
* feat: add choices to pronouns
* feat: show pronouns on public profile
* feat: add pronouns to oidc userinfo
* fix: move pronouns to new claim. Add tests.
* fix: improve html generated by new widget
* feat: use a MultiWidget for pronouns
* refactor: use two fields on Person for the two types of pronoun entry.
* chore: update copyrights
From Kesara Rathnayake: Expire password reset links on use, password change through other mechanics, login, or a short configurable time (initially one hour). Patched in at 7.45.0.p2.
- Legacy-Id: 19968
Note: SVN reference [19967] has been migrated to Git commit 682392081bddbd1b8653df9135388e6b7c48ee1c
Use temporary directories instead of 'real' filesystem for tests. Fixes#3414.
- Legacy-Id: 19561
Note: SVN reference [19555] has been migrated to Git commit 81d9234d54
