Prosody now enforces some password policies, including a minimum length of 10
characters. If this fails, we currently show a rather unfriendly error to the
user. By adding this validation, the user should get nicer feedback and never
see that error.
There is a known issue that we don't currently validate all the policies that
Prosody does - for example, Prosody won't accept a password that contains the
username.
Ultimately we should fix the error handling anyway.
This is needed because jinja2 had an update which caused the portal to
not work at all:
```
ImportError: cannot import name 'escape' from 'jinja2'
```
Quart needed updating for that.
This update required a lot of typefixes. Apparently, the "canned"
responses (like redirect) are now plain werkzeug responses, while
quart.Response does not inherit from werkzeug.Response (otherwise, we
could've changed the type annotations to werkzeug.Response everywhere,
but that doesn't work because a quart.Response is not a
werkzeug.Response).
P.S.: This time, I *did* check that avatar uploads don't break (see
b007afc).
This is more robust, as it indicates the request was successfully
authenticated and processed, but that there is no data to export. This is
different from the URL not existing (which would also happen if the module was
unavailable, which should be a notable error instead).
This reverts commit 486596f89f.
It was discovered that multipart/form-data forms do not work
correctly with Quart 0.15. The upgrade to Quart 0.15 was rushed
and not tested correctly, which I apologize for.
See-Also: https://github.com/pgjones/quart/issues/126
This checks the avatar size on the client side (if available) and
on the server side against a configuration-defined limit. The
default limit is set to use the same value as in the original
report, as no sensible limit value is known.
Fixes#67.
Previously, some kinds of errors would throw nice and fun cascades
of exceptions.
We now have a nice, clean error page for 500 and 503 (backend
connectivity) errors which includes minimal debugging information
for productive setups and a traceback for development setups.
In any case, the full exception is logged to the log with an error
ID which is printed on the error page.
- Avoid fighting import cycles using a factory function
- Collapse useless subpackages into simple modules
- Move flask plugins / infrastructure in own module
- Refactor how blueprints are used to localize information about
URL routing to app factory
