Pēteris Caune
eed7ef36d1
Improve text instructions
4 years ago
Pēteris Caune
c8d387aee4
Improve text instructions
4 years ago
Pēteris Caune
8448f882cf
Add notes about adding a second key, and removing the last key
4 years ago
Pēteris Caune
7124383a53
Add checks for RP_ID, add a 2FA section in README
4 years ago
Pēteris Caune
9401bc3987
Update the "Close Account" function to use confirmation codes
4 years ago
Pēteris Caune
48750ee668
Update "Change Password" to show messages in panel's footer
4 years ago
Pēteris Caune
fb79948759
Update the "Change Email" function to use confirmation codes
4 years ago
Pēteris Caune
ed6b15bfa9
Update the "Set Password" function to use confirmation codes
4 years ago
Pēteris Caune
adb7702f39
Rename login_tfa to login_webauthn
4 years ago
Pēteris Caune
64be87137b
Add a two-factor authentication form (WIP)
4 years ago
Pēteris Caune
2ac0f87560
Implement a "Remove Security Key" feature
4 years ago
Pēteris Caune
42497fe91a
Add rate limiting to the sudo code form
4 years ago
Pēteris Caune
2c3286c280
Improve the "add security key" UX, require sudo mode
4 years ago
Pēteris Caune
e3aedd3b03
Add require_sudo_mode decorator
Planning to use it for sensitive operations (add/remove security keys),
change email, change password, close account.
The decorator sends a six-digit confirmation code to user's email
and renders a form for entering it back. If the user enters the
correct code, the decorators sets a sudo=active marker in
user's session, valid for 30 minutes.
4 years ago
Pēteris Caune
03ea725612
Add Credential.created field
4 years ago
Pēteris Caune
53688f1d87
Add error handling on the client side, use Django form API
4 years ago
Pēteris Caune
1eaa216d3a
Add experimental code for registering Webauthn credentials
4 years ago
Pēteris Caune
0a85c5ed12
In Account Settings > My Projects, indicate read-only memberships as read-only
4 years ago
Pēteris Caune
d73de68f70
Specify the read-write/read-only flag when inviting a team member.
4 years ago
Pēteris Caune
adb004b333
Read-only users cannot change project settings.
4 years ago
Pēteris Caune
2346ac3e80
Bugfix: don't allow duplicate team memberships
4 years ago
Pēteris Caune
9a1127005e
Link to the "Security" section in dashboard's README
4 years ago
Pēteris Caune
b7e2404f98
Host a read-only dashboard (from github.com/healthchecks/dashboard/), link to it from "Project Settings" > "Show API keys"
4 years ago
Pēteris Caune
697cb19bde
Handle excessively long email addresses in the team member invite form.
4 years ago
Pēteris Caune
b63f3bed8e
Limit project name to 60 characters to prevent abuse
4 years ago
Pēteris Caune
519a666057
{% site_name %} -> {{ site_name }} so we can use blocktrans tags for L10N
4 years ago
Pēteris Caune
cfb294862f
DRY, have a single "No billing address" modal dialog.
5 years ago
Pēteris Caune
95279f6f3f
Billing page allows setting up a subscription before a payment method is added.
5 years ago
Pēteris Caune
c057dbfb2c
Cleanup.
5 years ago
Pēteris Caune
57da17b8e2
Send an "Ownership Transfer Request" email notification.
5 years ago
Pēteris Caune
3bf1ad9746
Fix invite suggestions.
5 years ago
Pēteris Caune
f42b2b144a
New feature: Project Settings > Transfer Ownership (WIP, missing tests)
5 years ago
Pēteris Caune
f1880657fd
Added "Supporter" billing plan.
5 years ago
Pēteris Caune
eb7f51f6f5
Focus the "name" input in the "Add Project" modal.
5 years ago
Pēteris Caune
e52ac9af91
Put API key in the path (not query string) cc: #300
5 years ago
Pēteris Caune
12b946acf3
Experimental Prometheus metrics endpoint. cc: #300
5 years ago
Pēteris Caune
0ff4bd01e0
Improved UI to invite users from account's other projects. Fixes #258 .
The team size limit is applied to the number of distinct users across all projects. Fixes #332 .
5 years ago
Pēteris Caune
3048a20f9b
link rel="canonical" in the sign in page
5 years ago
Pēteris Caune
0d2c6217d3
Auto-submit the unsubscribe confirmation form only if signature is more than 5 minutes old. Idea from https://stackoverflow.com/questions/59281750/strategies-to-prevent-email-scanners-from-activating-unsubscribe-links/59381066#59381066
5 years ago
Pēteris Caune
eafff677d9
Don't auto-submit the unsubscribe form. Email security scanners like Office 365 Enterprise open links and *execute JS* causing users to automatically unsubscribe the first time they receive an email. Can't think of a sane fix for this :-(
5 years ago
Pēteris Caune
4ee92a44ff
Unsubscribe is CSRF exempt.
5 years ago
Pēteris Caune
dfee69584b
Don't show the "Sign Up" link in the login page if registration is closed. Fixes #280
5 years ago
Pēteris Caune
fa16bd4e42
Prepare for 3DS 2
5 years ago
Pēteris Caune
8f6726d1ee
Prevent email clients from opening the one-time login links. Fixes #255
6 years ago
Pēteris Caune
ffa23b6504
Empty meta description for the login page.
6 years ago
Pēteris Caune
fcff4b48c6
Fixing markup.
6 years ago
Pēteris Caune
23b197526c
Password strength meter and length check in the "Set Password" form
6 years ago
Pēteris Caune
afaa8767cd
Rate limit login-with-password attempts.
6 years ago
Pēteris Caune
d682f79075
Update braintree dropin version.
6 years ago
Pēteris Caune
a4fde44e3a
Can configure the email integration to only report the "down" events. Fixes #231
6 years ago