Security hardening: env-based config, CSRF protection, secure code generation, plus presenter management and email communications system
- Move all credentials from hardcoded to .env with python-dotenv (add .env.example template and .gitignore) - Add CSRF token generation and validation on all state-changing requests - Replace random.choices with secrets.choice for all secure code generation - Add session cookie security headers (HttpOnly, Secure, SameSite) - Add presenter management: assign/remove presenters to breakout sessions, presenter QR scanning - Add email communications system: templates per event, custom email sending, sent email tracking - Add staff/organizer profile pages with staff code display - New DB tables: event_email_templates, sent_emails, user_communications - New DB columns: staff.reminder_count/reminder_dates, breakout_session_organizers.presenter_code - Expand English translation strings across all new features Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -10,11 +10,11 @@
|
||||
<form method="POST" action="{{ url_for('reset_password', token=token) }}">
|
||||
<div class="form-group">
|
||||
<label for="password">{{ 'new_password'|t }}</label>
|
||||
<input type="password" id="password" name="password" required minlength="6">
|
||||
<input type="password" id="password" name="password" required minlength="8">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="confirm_password">{{ 'confirm_password'|t }}</label>
|
||||
<input type="password" id="confirm_password" name="confirm_password" required minlength="6">
|
||||
<input type="password" id="confirm_password" name="confirm_password" required minlength="8">
|
||||
</div>
|
||||
|
||||
<button type="submit" class="btn btn-primary btn-block">{{ 'reset_password'|t }}</button>
|
||||
|
||||
Reference in New Issue
Block a user