Pēteris Caune
7124383a53
Add checks for RP_ID, add a 2FA section in README
4 years ago
Pēteris Caune
9401bc3987
Update the "Close Account" function to use confirmation codes
4 years ago
Pēteris Caune
48750ee668
Update "Change Password" to show messages in panel's footer
4 years ago
Pēteris Caune
fb79948759
Update the "Change Email" function to use confirmation codes
4 years ago
Pēteris Caune
ed6b15bfa9
Update the "Set Password" function to use confirmation codes
4 years ago
Pēteris Caune
1ca4caa3a8
Update the set_password view to use update_session_auth_hash
Changing user's password logs themselves out. To avoid that,
we were logging the user back in right after changing the password.
I recently discovered update_session_auth_hash, which seems to
be the proper way to do this.
Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change
4 years ago
Pēteris Caune
adb7702f39
Rename login_tfa to login_webauthn
4 years ago
Pēteris Caune
7639f0dd69
Add test cases for the login_tfa view
4 years ago
Pēteris Caune
d0f327b213
Add Base64Field field (base64-encoded binary data)
4 years ago
Pēteris Caune
839c309cf7
Refactor for testability, add more test cases
4 years ago
Pēteris Caune
155a1f132b
Simplify super() calls in tests
4 years ago
Pēteris Caune
155226d82a
Add tests for sudo mode
4 years ago
Pēteris Caune
ecf964ea3b
Remove a verify_origin workaround
4 years ago
Pēteris Caune
9f58ebfd3e
Hook up a 2FA check after a password or email link authentication
4 years ago
Pēteris Caune
64be87137b
Add a two-factor authentication form (WIP)
4 years ago
Pēteris Caune
2ac0f87560
Implement a "Remove Security Key" feature
4 years ago
Pēteris Caune
42497fe91a
Add rate limiting to the sudo code form
4 years ago
Pēteris Caune
2c3286c280
Improve the "add security key" UX, require sudo mode
4 years ago
Pēteris Caune
e3aedd3b03
Add require_sudo_mode decorator
Planning to use it for sensitive operations (add/remove security keys),
change email, change password, close account.
The decorator sends a six-digit confirmation code to user's email
and renders a form for entering it back. If the user enters the
correct code, the decorators sets a sudo=active marker in
user's session, valid for 30 minutes.
4 years ago
Pēteris Caune
03ea725612
Add Credential.created field
4 years ago
Pēteris Caune
53688f1d87
Add error handling on the client side, use Django form API
4 years ago
Pēteris Caune
1eaa216d3a
Add experimental code for registering Webauthn credentials
4 years ago
Pēteris Caune
ad720af242
Rename "hc-p-channels" to "hc-channels"
4 years ago
Pēteris Caune
0a85c5ed12
In Account Settings > My Projects, indicate read-only memberships as read-only
4 years ago
Pēteris Caune
e424176a1f
Remove mentions of "whitelist"
4 years ago
Pēteris Caune
d73de68f70
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Pēteris Caune
adb004b333
Read-only users cannot change project settings.
4 years ago
Pēteris Caune
00790dc33c
Member.rw flag. Read-only users cannot edit check's name/desc/tags or schedule
4 years ago
Pēteris Caune
2346ac3e80
Bugfix: don't allow duplicate team memberships
4 years ago
Pēteris Caune
b7e2404f98
Host a read-only dashboard (from github.com/healthchecks/dashboard/), link to it from "Project Settings" > "Show API keys"
4 years ago
Pēteris Caune
c75a37570e
In channels admin, don't show the notification counts, querying it is too expensive.
4 years ago
Pēteris Caune
c7af52637a
Less verbose output in the `senddeletionnotices` command
4 years ago
Pēteris Caune
697cb19bde
Handle excessively long email addresses in the team member invite form.
4 years ago
Pēteris Caune
ffafc16fe5
Handle excessively long email addresses in the signup form.
4 years ago
Pēteris Caune
b63f3bed8e
Limit project name to 60 characters to prevent abuse
4 years ago
Pēteris Caune
f131123e0e
In the test_it_sends_link testcase, explicitly set the USE_PAYMENTS setting. This way tests work regardless of what's in the environment variable or local_settings.py file.
4 years ago
Ronald Ip
c476f042ba
Fix logic bug in test_signup ( #408 )
Resolves #408 by fixing the test_signup logic bug introduced in 8c13457
.
4 years ago
Pēteris Caune
d05691f86f
SMS and phone calls now have separate "limit reached" email templates.
4 years ago
Pēteris Caune
8c13457037
Use separate counters for SMS and phone calls.
4 years ago
Pēteris Caune
f814035f03
Declutter /admin/accounts/profile/
4 years ago
Pēteris Caune
e89229a2ca
In admin, visualize account's number of checks
4 years ago
Pēteris Caune
a18eb134f5
Refactor: change Check.get_status(with_started=...) default value from True to False (with_started=False is or will be useful in more places)
4 years ago
Pēteris Caune
7994259003
When an invited user logs in, redirect them to the new project
5 years ago
Pēteris Caune
e04a92ccf1
Profiles admin: filtering by number of checks, show check count by project.
5 years ago
Pēteris Caune
abdff95ce8
Admin tweaks.
5 years ago
Pēteris Caune
ca715dd8d4
Check membership when initiating project's transfer. Use transaction.atomic() when completing the transfer.
5 years ago
Pēteris Caune
57da17b8e2
Send an "Ownership Transfer Request" email notification.
5 years ago
Pēteris Caune
3bf1ad9746
Fix invite suggestions.
5 years ago
Pēteris Caune
532b752e3c
cleanup: don't import each form individually
5 years ago
Pēteris Caune
f7acaa57af
Adding tests.
5 years ago