OWASP-BLT
diff --git a/‎.github/workflows/enforce-issue-number-in-description.yml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/enforce-issue-number-in-description.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎Dockerfile
Lines changed: 32 additions & 23 deletions b/‎Dockerfile
Lines changed: 32 additions & 23 deletions
diff --git a/‎README.md
Lines changed: 11 additions & 0 deletions b/‎README.md
Lines changed: 11 additions & 0 deletions
diff --git a/‎Setup.md
Lines changed: 79 additions & 32 deletions b/‎Setup.md
Lines changed: 79 additions & 32 deletions
diff --git a/‎blt/urls.py
Lines changed: 10 additions & 0 deletions b/‎blt/urls.py
Lines changed: 10 additions & 0 deletions
diff --git a/‎company/views.py
Lines changed: 7 additions & 2 deletions b/‎company/views.py
Lines changed: 7 additions & 2 deletions
@@ -16,6 +16,7 @@ permissions:
 jobs:
   validate_pr_closing_issues:
     runs-on: ubuntu-latest
+    if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' && github.actor != 'dependabot'
     steps:
       - name: Validate PR closing issues with GraphQL
         env:
 
@@ -1,38 +1,47 @@
-FROM python:3.11.2
+# Stage 1: Build stage
+FROM python:3.11.2 AS builder
 
 ENV PYTHONUNBUFFERED 1
-RUN mkdir /blt
 WORKDIR /blt
-COPY . /blt
-
 
-# Install PostgreSQL dependencies
+# Install system dependencies
 RUN apt-get update && \
-    apt-get install -y postgresql-client libpq-dev && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 libmemcached-dev libz-dev \
+    dos2unix && \
     rm -rf /var/lib/apt/lists/*
 
-# Install pylibmc dependencies
-RUN apt-get update && apt-get install -y \
-        libmemcached11 \
-        libmemcachedutil2 \
-        libmemcached-dev \
-        libz-dev
-
-
-RUN pip install poetry 
+# Install Poetry and dependencies
+RUN pip install poetry
 RUN poetry config virtualenvs.create false
+COPY pyproject.toml poetry.lock* ./
 RUN poetry install
+
+# Install additional Python packages
 RUN pip install opentelemetry-api opentelemetry-instrumentation
 
-# Install dos2unix
-RUN apt-get update && apt-get install -y dos2unix
+# Stage 2: Runtime stage
+FROM python:3.11.2-slim
+
+ENV PYTHONUNBUFFERED 1
+WORKDIR /blt
+
+# Copy only necessary files from builder stage
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
 
-# Add entrypoint
+# Install runtime system dependencies
+RUN apt-get update && \
+    apt-get install -y postgresql-client libpq-dev \
+    libmemcached11 libmemcachedutil2 dos2unix && \
+    rm -rf /var/lib/apt/lists/*
 
-COPY entrypoint.sh /entrypoint.sh
-RUN dos2unix .env Dockerfile docker-compose.yml entrypoint.sh ./blt/settings.py
-RUN chmod +x /entrypoint.sh
+# Copy application code
+COPY . /blt
 
+# Convert line endings and set permissions
+RUN dos2unix .env Dockerfile docker-compose.yml entrypoint.sh ./blt/settings.py
+RUN chmod +x /blt/entrypoint.sh
 
-ENTRYPOINT [ "./entrypoint.sh" ]
-CMD [ "poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000" ]
+ENTRYPOINT ["/blt/entrypoint.sh"]
+CMD ["poetry", "run", "python", "manage.py", "runserver", "0.0.0.0:8000"]
@@ -7,3 +7,14 @@
 <img alt="Views" src="https://blt.owasp.org/projects/blt/badge"></a>
 
 Everything is on our <a href="https://blt.owasp.org">homepage</a>
+
+## Star History
+
+<a href="https://star-history.com/#OWASP-BLT/BLT&Date">
+ <picture>
+   <source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date&theme=dark" />
+   <source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+   <img alt="Star History Chart" src="https://api.star-history.com/svg?repos=OWASP-BLT/BLT&type=Date" />
+ </picture>
+</a>
+
@@ -17,37 +17,84 @@ cp .env.example .env
 - Modify the .env file as per your local setup.
 
 ## Step 2: Choose your setup method (Docker recommended)
-### 1.Recommended method: Setting up development server using docker-compose
-
-- Install docker
-
-
-```sh
- # --- build the docker container ---
- docker-compose build
-
- # --- Run the docker container ---
- docker-compose up
-
- # --- Collect static files ---
-
- ### open container bash terminal
- # `app` is the service name in docker-compose.yml
- docker exec -it app /bin/bash
-
- # Below commands are for container shell
- ### migrate SQL commands in the database file
- python manage.py migrate
-
- ### collect staticfiles
- python manage.py collectstatic
-
- # --- exit out of container shell ---
- exit
-
-```
-
-### 2.Setting up development server using vagrant
+#### Prerequisites for Docker method
+Ensure the following are installed on your system before proceeding:
+
+- Docker  
+- Docker Compose  
+- PostgreSQL client (optional, for manual database interaction)  
+
+---
+
+### 1. Ensure LF Line Endings
+Before building the Docker images, ensure all files, especially scripts like `entrypoint.sh`, `.env`, `docker-compose.yml`, `Dockerfile`, `settings.py` use LF line endings. Using CRLF can cause build failures. To verify and correct line endings:
+
+1. If you're working on a Windows machine or collaborating across different operating systems, ensure consistent line endings:
+   - Set `core.autocrlf=input` in Git configurations to enforce LF-style line endings in the repository while preserving your local OS line endings.
+     ```bash
+     git config --global core.autocrlf input
+     ```
+   - Alternatively, in VS Code, you can manually change the line endings:
+     - Open the file in the editor.
+     - Look for the line ending type displayed in the bottom-right corner of the VS Code window (e.g., CRLF or LF).
+     - Click it and select "LF: Unix" from the dropdown to switch the line endings to LF.
+
+2. If the browser **automatically redirects to HTTPS** even in incognito mode, you can try the following:  
+   For **local development**, make these adjustments in `/blt/settings.py` to enable access over **HTTP**:
+   - Set:
+     ```python
+     SECURE_SSL_REDIRECT = False
+     SECURE_PROXY_SSL_HEADER = None
+     ```
+
+3. To convert to LF (if needed):  
+   - Using `dos2unix`:
+     ```bash
+     dos2unix entrypoint.sh
+     ```
+
+⚠️ **Important:**  
+- If line endings are not set to LF, running `docker-compose build` may fail.  
+- Avoid creating a PR to commit these local changes back to the repository.
+
+### 2. PostgreSQL Setup
+The PostgreSQL database listens on a port specified in the .env file.
+Default is 5432 and
+If you encounter conflicts, it might be set to another port (e.g., 5433 in some cases). Adjust the .env file accordingly.
+
+---
+
+## Commands to Set Up the Project
+
+- **Copy and configure the `.env` file:**  
+   ```bash
+   cp .env.example .env
+Update credentials and settings as needed.
+
+- #### Build the Docker images:
+  ```bash
+  docker-compose build
+- #### Start the containers:
+  ```bash
+  docker-compose up
+- #### Access the application:
+
+- Open your browser and navigate to:
+http://localhost:8000/
+- #### Prevent Automatic Redirects to HTTPS: 
+- Use Incognito Mode (Private Browsing): Open the browser in incognito mode and access the application using http://localhost:8000.
+- Ensure you're explicitly using http:// instead of https:// in the URL.
+### Notes
+- The project listens on port 8000 over the HTTP protocol.
+- Ensure all required configurations in .env are correct for seamless setup.
+
+### Error Edge Cases
+- If container fails execute ./entrypoint.sh due to permission error, use `chmod +x ./entrypoint.sh`
+- If you encounter ./entrypoint.sh was not found, then make sure you are using `LF` line ending in place of `CRLF`
+- If you encounter ERR_SSL_PROTOCOL_ERROR when you try to access the server on http://localhost:8000, make sure the Browser doesn't automatically redirect to https://localhost:8000. If it keeps doing this behaviour, then you can set `SECURE_SSL_REDIRECT` to `False` locally only(search for it  /blt/settings.py), stop the container and start it again.
+- If you encounter the same error indicating SSL_REDIRECT in the logs while building the container, set `SECURE_SSL_REDIRECT` to `False`
+
+### Option 2.Setting up development server using vagrant
 
 -Install [vagrant](https://www.vagrantup.com/)
 
@@ -89,7 +136,7 @@ Add a Domain `http://127.0.0.1:8000/admin/website/domain/` with the name 'owasp.
 **Note:** In case you encounter an error with vagrant's vbguest module, run `vagrant plugin install vagrant-vbguest`
 from the host machine.
 
-### 3.Setting up development server using python virtual environment
+### Option 3.Setting up development server using python virtual environment
 
 #### Setup correct python version
 
 
@@ -121,6 +121,8 @@
     admin_company_dashboard,
     admin_company_dashboard_detail,
     approve_activity,
+    checkIN,
+    checkIN_detail,
     company_dashboard,
     company_dashboard_domain_detail,
     company_dashboard_hunt_detail,
@@ -162,6 +164,7 @@
     UserProfileDetailView,
     addbalance,
     assign_badge,
+    badge_user_list,
     contributors,
     contributors_view,
     create_wallet,
@@ -473,6 +476,11 @@
         badge_list,
         name="badges",
     ),
+    re_path(
+        r"^badges/(?P<badge_id>\d+)/users/$",
+        badge_user_list,
+        name="badge_user_list",
+    ),
     re_path(r"^start/$", TemplateView.as_view(template_name="hunt.html"), name="start_hunt"),
     re_path(r"^hunt/$", login_required(HuntCreate.as_view()), name="hunt"),
     re_path(r"^hunts/$", ListHunts.as_view(), name="hunts"),
@@ -639,6 +647,8 @@
     path("auth/delete", AuthApiViewset.as_view({"delete": "delete"}), name="auth-delete-api"),
     path("api/v1/tags", TagApiViewset.as_view({"get": "list", "post": "create"}), name="tags-api"),
     path("sizzle/", sizzle, name="sizzle"),
+    path("check-in/", checkIN, name="checkIN"),
+    path("check-in/<int:report_id>/", checkIN_detail, name="checkIN_detail"),
     path("sizzle-docs/", sizzle_docs, name="sizzle-docs"),
     path("api/timelogsreport/", TimeLogListAPIView, name="timelogsreport"),
     path("time-logs/", TimeLogListView, name="time_logs"),
 
@@ -142,13 +142,18 @@ def post(self, request, *args, **kwargs):
 
         user_domain = get_email_domain(user.email)
         company_name = data.get("company_name", "")
+        company_url = data.get("company_url", "")
 
         if user_domain in restricted_domain:
             messages.error(request, "Login with company email in order to create the company.")
             return redirect("/")
 
-        if Company.objects.filter(name=company_name).exists():
-            messages.error(request, "Company already exists.")
+        if company_name == "" or Company.objects.filter(name=company_name).exists():
+            messages.error(request, "Company name is invalid or already exists.")
+            return redirect("register_company")
+
+        if company_url == "" or Company.objects.filter(url=company_url).exists():
+            messages.error(request, "Company URL is invalid or already exists.")
             return redirect("register_company")
 
         company_logo = request.FILES.get("logo")