Pēteris Caune
234b681df8
Improve docs, addd "Concepts" section
cc: #547
3 years ago
Pēteris Caune
c196dc16d7
Fix latin-1 handling in webhook header values
3 years ago
Pēteris Caune
b43612806f
Fix dark mode bug in selectpicker widgets
3 years ago
Pēteris Caune
544ec7ea69
Add handling for non-latin-1 characters in webhook headers
3 years ago
Pēteris Caune
78113e1aea
Improve "Grace Time" description in docs
cc: #547
3 years ago
Pēteris Caune
74f56a5501
Improve the note about start signals and alerting logic
cc: #547
3 years ago
Pēteris Caune
2a9bc42dd4
Update Changelog for v1.22.0 release
3 years ago
Pēteris Caune
af7e8fc949
Fix the login view to handle already authenticated users
If an already authenticated user visits /accounts/login/,
Healthchecks will now redirect them to their dashboard
instead of showing the login form.
3 years ago
Pēteris Caune
7252f2f101
Fix _allow_redirect function to reject absolute URLs
This fixes a security issue:
- attacker can crafts a redirect URL to an external site
- attacker gets victim to click on it
- victim logs in
- after login, Healthchecks redirects victim to the external site
The _allow_redirect function now additionally
requires the redirect URL is relative (has no scheme or domain).
3 years ago
Pēteris Caune
f85aec225d
Fix redirect-after-login when using TOTP
If user has both WebAuthn and TOTP configured,
when logging in, they will be asked to choose between
"Use security keys" and "Use authenticator app".
The "Use authenticator app" is a link to a different
page (/accounts/login/two_factor/totp/). This commit makes
sure the ?next= query parameter is preserved when navigating
to that page.
For reference, the ?next= query parameter is the URL we should
redirect to after a successful login. Use case:
User is logged out. They click on a bookmarked "Check Details"
link. They get redirected to the login form. After
entering username & password and completing 2FA,
they get redirected to the "Check Details" page they
originally wanted to visit.
3 years ago
Pēteris Caune
e6427995b7
Add Whitenoise and improve README
Fixes : #548
3 years ago
Pēteris Caune
ca3afa33f9
Add auth method selection step
This has dual purpose:
* if user has both WebAuthn and TOTP set up, they can choose
between the two as equal options.
* we initiate WebAuthn flow only after an explicit user action
(button press). This may help with authentication failures
on recent MacOS, iOS and iPadOS versions [1]
[1] https://support.yubico.com/hc/en-us/articles/360022004600-No-reaction-when-using-WebAuthn-on-macOS-iOS-and-iPadOS
3 years ago
Pēteris Caune
f3af13654e
Refactor email sending functions to allow customization
For example, if we need to use a custom From: address,
we can now do:
m = make_message("template-name", recipient, ctx)
m.from_email = "...." # customize here
send(m)
3 years ago
Pēteris Caune
fca600659d
Improve hc.lib.emails.send()
- add optional `from_email` argument
- add test cases that exercise the retry loop
3 years ago
Pēteris Caune
c3d458f6f0
Fix the unsubscribe_reports view to handle already deleted users
3 years ago
Pēteris Caune
934099510d
Upgrade to Django 3.2.6
3 years ago
Pēteris Caune
d60d8a43b6
Add protection against TOTP code reuse
3 years ago
Pēteris Caune
8ed5e93cd2
Add rate limiting for TOTP auth attempts
3 years ago
Pēteris Caune
222722569e
Add support for 2FA using TOTP
Fixes : #354
3 years ago
Pēteris Caune
0d9d094882
Update docs with the Manager role
3 years ago
Pēteris Caune
dfa6f404e6
Improve the "Invite a Team Member" dialog
3 years ago
Pēteris Caune
bbd2786e0f
Optimize queries and fix team member sorting
3 years ago
Pēteris Caune
74427ba3f1
Fix wording in the "Team size limit reached" message
3 years ago
Pēteris Caune
e1c3beb4e9
Add test cases for manager operations
3 years ago
Pēteris Caune
4f83f8c06b
Fix a 403 when transferring a project to a read-only team member
3 years ago
swoga
9640d2242f
feat: add manager role
3 years ago
Pēteris Caune
ce9ff3ac42
Add a migration to remove Member.rw
3 years ago
Pēteris Caune
cb799dbd29
Remove the Member.rw field (superseded by Member.role)
3 years ago
Pēteris Caune
936a5213f8
Switch from Member.rw to Member.role as the source of truth
3 years ago
Pēteris Caune
d19cb8c681
Add a data migration to populate Member.role
3 years ago
Pēteris Caune
5230dbb425
Add Member.role field
3 years ago
Pēteris Caune
e46000ecdf
Add admin action to log in as any user
3 years ago
Pēteris Caune
79dc4d2e7a
Fix html structure in the signup dialog
3 years ago
Pēteris Caune
02cdbb9222
Fix page structure, update copy
3 years ago
Pēteris Caune
94c5ea3e13
Fix page structure
3 years ago
Pēteris Caune
2382bf6722
Add SITE_LOGO_URL setting
Fixes : #323
3 years ago
Pēteris Caune
dd88924660
Fix dark mode styling issues in Cron Syntax Cheatsheet
3 years ago
Pēteris Caune
b75b062559
Remove unsigned token support in hc.front.views.unsubscribe_email
3 years ago
Pēteris Caune
e186d039fc
Upgrade to psycopg2==2.9.1 and requests==2.26.0
3 years ago
Pēteris Caune
2271a4dbb0
Remove glyphicons (unused)
3 years ago
Pēteris Caune
99bb71c920
Use multicolor channel icons for better appearance in the dark mode
3 years ago
Pēteris Caune
5c54afadb5
Fix contrast in "Add Integration" pages, step circles
3 years ago
Pēteris Caune
c94e39c9d3
Add CSS to invert Matrix and Mattermost logos in dark mode
3 years ago
Pēteris Caune
92a9910092
Improve logos for the dark mode
3 years ago
Pēteris Caune
0e7252d8fa
Update Discord logo
3 years ago
Pēteris Caune
5a4c06ffae
Update CHANGELOG for v1.21.0 release
3 years ago
Pēteris Caune
92ef81c0a5
Add workflow_dispatch for testing
3 years ago
Pēteris Caune
83eb10b99e
Rename secret names in publish_docker_image.yml
3 years ago
Pēteris Caune
ec56ceae8f
Merge branch 'master' of https://github.com/mirobertod/healthchecks into mirobertod-master
3 years ago
Pēteris Caune
d243f502d3
Fix off-by-one-month error in monthly reports, downtime columns
Fixes : #539
3 years ago