146 Commits (ac83bf889634ea8e9aa38f45972fc373292ca7e7)

Author SHA1 Message Date
  Pēteris Caune 68b1d5bb8b
Fix the "Email Reports" screen to clear Profile.next_nag_date 4 years ago
  Pēteris Caune 5321f772fe
Add a link to check's details page in Slack notifications 4 years ago
  Pēteris Caune 725be65bdd
Add the PROMETHEUS_ENABLED setting 4 years ago
  Pēteris Caune dfd159ab18
Add a "Lost password?" link with instructions in the Sign In page 4 years ago
  Pēteris Caune 0b4251bdee
Add logic to handle exceptions thrown by the fido2 library 4 years ago
  Pēteris Caune 3cfc31610a
Add extra security checks in the login_webauthn view 4 years ago
  Pēteris Caune 8448f882cf
Add notes about adding a second key, and removing the last key 4 years ago
  Pēteris Caune 568a287850
Fix WebAuthn registration to use random bytes for user handle 4 years ago
  Pēteris Caune 8dbf9e02af
Fix capitalization, Webauthn -> WebAuthn 4 years ago
  Pēteris Caune 7124383a53
Add checks for RP_ID, add a 2FA section in README 4 years ago
  Pēteris Caune 9401bc3987
Update the "Close Account" function to use confirmation codes 4 years ago
  Pēteris Caune 48750ee668
Update "Change Password" to show messages in panel's footer 4 years ago
  Pēteris Caune fb79948759
Update the "Change Email" function to use confirmation codes 4 years ago
  Pēteris Caune ed6b15bfa9
Update the "Set Password" function to use confirmation codes 4 years ago
  Pēteris Caune 1ca4caa3a8
Update the set_password view to use update_session_auth_hash 4 years ago
  Pēteris Caune adb7702f39
Rename login_tfa to login_webauthn 4 years ago
  Pēteris Caune 839c309cf7
Refactor for testability, add more test cases 4 years ago
  Pēteris Caune ecf964ea3b
Remove a verify_origin workaround 4 years ago
  Pēteris Caune 9f58ebfd3e
Hook up a 2FA check after a password or email link authentication 4 years ago
  Pēteris Caune 64be87137b
Add a two-factor authentication form (WIP) 4 years ago
  Pēteris Caune 2ac0f87560
Implement a "Remove Security Key" feature 4 years ago
  Pēteris Caune 2c3286c280
Improve the "add security key" UX, require sudo mode 4 years ago
  Pēteris Caune 53688f1d87
Add error handling on the client side, use Django form API 4 years ago
  Pēteris Caune 1eaa216d3a
Add experimental code for registering Webauthn credentials 4 years ago
  Pēteris Caune ad720af242
Rename "hc-p-channels" to "hc-channels" 4 years ago
  Pēteris Caune 0a85c5ed12
In Account Settings > My Projects, indicate read-only memberships as read-only 4 years ago
  Pēteris Caune e424176a1f
Remove mentions of "whitelist" 4 years ago
  Pēteris Caune d73de68f70
Specify the read-write/read-only flag when inviting a team member. 4 years ago
  Pēteris Caune adb004b333
Read-only users cannot change project settings. 4 years ago
  Pēteris Caune 2346ac3e80
Bugfix: don't allow duplicate team memberships 4 years ago
  Pēteris Caune ca715dd8d4
Check membership when initiating project's transfer. Use transaction.atomic() when completing the transfer. 5 years ago
  Pēteris Caune 57da17b8e2
Send an "Ownership Transfer Request" email notification. 5 years ago
  Pēteris Caune 532b752e3c
cleanup: don't import each form individually 5 years ago
  Pēteris Caune f7acaa57af
Adding tests. 5 years ago
  Pēteris Caune f42b2b144a
New feature: Project Settings > Transfer Ownership (WIP, missing tests) 5 years ago
  Pēteris Caune 29e016d0fc
Update Telegram instructions. Fix redirect after login when adding Telegram integration. 5 years ago
  Pēteris Caune 0c9c453ea0
Profile.current_project not used any more, remove last remaining references. cc: #336 5 years ago
  Pēteris Caune 6a0c90853b
request.project is now unused, removing 5 years ago
  Pēteris Caune 318934697f
Remove last references of the hc-channels route. 5 years ago
  Pēteris Caune acce0808ce
Project code in URL for the "Add Slack" page. cc: #336 5 years ago
  Pēteris Caune 0ff4bd01e0
Improved UI to invite users from account's other projects. Fixes #258. 5 years ago
  Pēteris Caune f51a0a257e
Don't delete customer data in braintree when closing account. 5 years ago
  Pēteris Caune 0d2c6217d3
Auto-submit the unsubscribe confirmation form only if signature is more than 5 minutes old. Idea from https://stackoverflow.com/questions/59281750/strategies-to-prevent-email-scanners-from-activating-unsubscribe-links/59381066#59381066 5 years ago
  Pēteris Caune 8d81d27af3
Unsubscribe links serve a form, and require HTTP POST to actually unsubscribe 5 years ago
  Pēteris Caune 1cdb6e6d1d
Don't set CSRF cookie on first visit. Signup is exempt from CSRF protection. 5 years ago
  Pēteris Caune 163b020116
Signup form sets the "auto-login" cookie to avoid an extra click during first login 5 years ago
  Pēteris Caune 2bb769f7bb
Send monthly reports on 1st of every month, not randomly during the month 5 years ago
  Pēteris Caune 391921d8af
Revert deterministic username generation feature – it causes problems when users change their email address. See #290 for details. 5 years ago
  Pēteris Caune 41a0871452
Generate usernames as uuid3(const, email). Prevents multiple accts with the same email. Prevent double-clicking the submit button in signup form. Fixes #290 5 years ago
  Pēteris Caune dfee69584b
Don't show the "Sign Up" link in the login page if registration is closed. Fixes #280 5 years ago