Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore) - Add CSRF token generation and validation on all state-changing requests - Replace random.choices with secrets.choice for all secure code generation - Add session cookie security headers (HttpOnly, Secure, SameSite) - Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning - Add email communications system: templates per event, custom email sending, sent email tracking - Add staff/organizer profile pages with staff code display - New DB tables: event_email_templates, sent_emails, user_communications - New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code - Expand English translation strings across all new features Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -11,8 +11,8 @@
|
||||
{% if event.location %}
|
||||
<span class="event-location">{{ event.location }}</span>
|
||||
{% endif %}
|
||||
{% if event.start_date %}
|
||||
<span class="event-date">{{ event.start_date|format_date }}</span>
|
||||
{% if event.start_time %}
|
||||
<span class="event-date">{{ event.start_time|localized_date }}</span>
|
||||
{% endif %}
|
||||
</div>
|
||||
{% if event.description %}
|
||||
@@ -42,11 +42,11 @@
|
||||
{% if att.profile_picture %}
|
||||
<img src="{{ url_for('static', filename='uploads/' + att.profile_picture) }}" alt="Photo">
|
||||
{% else %}
|
||||
<div class="no-photo">{{ att.first_name[0] }}{{ att.last_name[0] }}</div>
|
||||
<div class="no-photo"><span class="first-name">{{ att.first_name[0] }}</span><span class="last-name">{{ att.last_name[0] }}</span></div>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="attendee-info">
|
||||
<h3>{{ att.first_name }} {{ att.last_name }}</h3>
|
||||
<h3><span class="first-name">{{ att.first_name }}</span> <span class="last-name">{{ att.last_name }}</span></h3>
|
||||
<p class="attendee-org">{{ att.organisation if att.organisation else '' }}</p>
|
||||
<p class="attendee-role">{{ att.role if att.role else '' }}</p>
|
||||
{% if att.introduction %}
|
||||
|
||||
Reference in New Issue
Block a user