OWASP-BLT · fredfalcon · Feb 18, 2023 · Feb 9, 2023 · Feb 9, 2023 · Feb 18, 2023
diff --git a/blt/settings.py b/blt/settings.py
@@ -13,7 +13,7 @@
 from django.http import Http404
 from django.utils.translation import gettext_lazy as _
 import environ
-#from google.oauth2 import service_account
+# from google.oauth2 import service_account
 
 env = environ.Env()
 # reading .env file
@@ -71,11 +71,11 @@
     "rest_framework",
     "django_filters",
     "rest_framework.authtoken",
-    #"django_cron",
+    # "django_cron",
     "mdeditor",
-    #"bootstrap_datepicker_plus",
+    # "bootstrap_datepicker_plus",
     "tz_detect",
-    #"tellme",
+    # "tellme",
     "star_ratings",
     "drf_yasg",
     "captcha",
@@ -84,7 +84,7 @@
 )
 
 
-#CRON_CLASSES = ["website.views.CreateIssue"]
+# CRON_CLASSES = ["website.views.CreateIssue"]
 
 MIDDLEWARE = (
     "django.contrib.sessions.middleware.SessionMiddleware",
@@ -274,7 +274,7 @@
 
 else:
     if not TESTING:
-        DEBUG=True
+        DEBUG = True
 
 # local dev needs to set SMTP backend or fail at startup
 if DEBUG:
@@ -336,13 +336,12 @@
     os.makedirs(AVATAR_PATH)
 
 if DEBUG == True or TESTING:
-    CACHES = {"default": {
-        "BACKEND": "django.core.cache.backends.locmem.LocMemCache"}}
+    CACHES = {"default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}}
 else:
     if os.environ.get("MEMCACHIER_SERVERS", ""):
-        os.environ["MEMCACHE_SERVERS"] = os.environ.get("MEMCACHIER_SERVERS", "").replace(
-            ",", ";"
-        )
+        os.environ["MEMCACHE_SERVERS"] = os.environ.get(
+            "MEMCACHIER_SERVERS", ""
+        ).replace(",", ";")
         os.environ["MEMCACHE_USERNAME"] = os.environ.get("MEMCACHIER_USERNAME", "")
         os.environ["MEMCACHE_PASSWORD"] = os.environ.get("MEMCACHIER_PASSWORD", "")
 
@@ -366,8 +365,9 @@
             }
         }
     else:
-        CACHES = {"default": {
-            "BACKEND": "django.core.cache.backends.locmem.LocMemCache"}} 
+        CACHES = {
+            "default": {"BACKEND": "django.core.cache.backends.locmem.LocMemCache"}
+        }
 
 
 REST_FRAMEWORK = {
@@ -441,8 +441,7 @@
 STRIPE_LIVE_PUBLIC_KEY = os.environ.get(
     "STRIPE_LIVE_PUBLIC_KEY", "<your publishable key>"
 )
-STRIPE_LIVE_SECRET_KEY = os.environ.get(
-    "STRIPE_LIVE_SECRET_KEY", "<your secret key>")
+STRIPE_LIVE_SECRET_KEY = os.environ.get("STRIPE_LIVE_SECRET_KEY", "<your secret key>")
 STRIPE_TEST_PUBLIC_KEY = os.environ.get(
     "STRIPE_TEST_PUBLIC_KEY",
     "pk_test_51HFiXMFf0OkkOVnDkNs4opFLqM0Sx5GA6Pedf63uGzG1gHhumFYHEOLfCA7yzZwXUpjaa5j9ZhS1yciNhouYCMh400pSx5ZEx6",
@@ -467,6 +466,6 @@
 
 # allow captcha bypass during test
 IS_TEST = False
-if 'test' in sys.argv:
+if "test" in sys.argv:
     CAPTCHA_TEST_MODE = True
-    IS_TEST = True
+    IS_TEST = True
diff --git a/website/static/css/style.css b/website/static/css/style.css
@@ -525,7 +525,6 @@ textarea {
 .comment_link {
     font-size: small;
     font-weight: initial;
-    color: grey;
     position: relative;
     top: 35px;
 }

diff --git a/website/templates/_activity.html b/website/templates/_activity.html
@@ -1,6 +1,6 @@
 {% load gravatar %}
 {% load static %}
-<div class="list-group-item activity-strip">
+<div class="list-group-item activity-strip overflow-auto">
     <div class="activity-strip-section">
         {% if activity.user.userprofile.avatar %}
             <img src="{{ activity.user.userprofile.avatar }}" width="100" class="img-responsive img-rounded">
@@ -30,17 +30,17 @@
                     href="/domain/{{ activity.domain_name }}">{{ activity.domain_title }}</a> {{ activity.created|timesince }}
                 ago
             </div>
-            <a class="comment_link" href="{{ activity.get_absolute_url }}#comments">
+            <a class="whitespace-nowrap" href="{{ activity.get_absolute_url }}#comments">
                 {% if activity.comments.all|length > 0 %}
                     {{ activity.comments.all|length }} comments
                 {% endif %}
             </a>
             {% if activity.status == "open" %}
-            <span class="label label-success text-capitalize">{{ activity.status }}</span>
+            <span class="label label-success text-capitalize !leading-loose">{{ activity.status }}</span>
         {% else %}
-            <span class="label label-danger text-capitalize">{{ activity.status }}</span>
+            <span class="label label-danger text-capitalize !leading-loose">{{ activity.status }}</span>
         {% endif %}
-        <span class="label label-info bug-type">{{ activity.get_label_display }}</span>
+        <span class="label label-info !leading-loose">{{ activity.get_label_display }}</span>
         </div>
     </div>
     <div class="activity-screenshot">

diff --git a/website/test_api.py b/website/test_api.py
@@ -9,9 +9,9 @@
 
 class APITests(APITestCase):
 
-    register_url = '/auth/registration/'
-    login_url = '/auth/login/'
-    password_reset_url = '/auth/password/reset/'
+    register_url = "/auth/registration/"
+    login_url = "/auth/login/"
+    password_reset_url = "/auth/password/reset/"
 
     USERNAME = 'person'
     PASS = 'Gassword123&&'
@@ -31,8 +31,8 @@ def _generate_uid_and_token(self, user):
         from django.utils.encoding import force_bytes
         from django.contrib.auth.tokens import default_token_generator
         from django.utils.http import urlsafe_base64_encode
-        result['uid'] = urlsafe_base64_encode(force_bytes(user.pk))
-        result['token'] = default_token_generator.make_token(user)
+        result["uid"] = urlsafe_base64_encode(force_bytes(user.pk))
+        result["token"] = default_token_generator.make_token(user)
         return result
 
     def test_login_by_email(self):
@@ -52,22 +52,22 @@ def test_login_by_email(self):
             'password': self.PASS,
         }
         response = self.client.post(self.login_url, data=payload)
-        self.assertEqual('key' in response.json().keys(), True)
-        self.token = response.json()['key']
+        self.assertEqual("key" in response.json().keys(), True)
+        self.token = response.json()["key"]
 
 
     def test_registration(self):
         user_count = get_user_model().objects.all().count()
         result = self.client.post(self.register_url, data=self.REGISTRATION_DATA, status_code=201)
-        self.assertIn('key', result.data)
+        self.assertIn("key", result.data)
         self.assertEqual(get_user_model().objects.all().count(), user_count + 1)
 
         new_user = get_user_model().objects.latest('id')
         self.assertEqual(new_user.username, self.REGISTRATION_DATA['username'])
 
     def test_create_issue(self):
 
-        @atomic 
+        @atomic
         def create_issue():
             url = "/api/v1/issues/"
             with open("website/static/img/background.png", 'rb') as _file: