healthchecks

Commit Graph

Author	SHA1	Message	Date
Pēteris Caune	c3d458f6f0	Fix the unsubscribe_reports view to handle already deleted users	3 years ago
Pēteris Caune	d60d8a43b6	Add protection against TOTP code reuse	3 years ago
Pēteris Caune	8ed5e93cd2	Add rate limiting for TOTP auth attempts	3 years ago
Pēteris Caune	222722569e	Add support for 2FA using TOTP Fixes: #354	3 years ago
Pēteris Caune	bbd2786e0f	Optimize queries and fix team member sorting	3 years ago
Pēteris Caune	4f83f8c06b	Fix a 403 when transferring a project to a read-only team member	3 years ago
swoga	9640d2242f	feat: add manager role	3 years ago
Pēteris Caune	936a5213f8	Switch from Member.rw to Member.role as the source of truth	3 years ago
Pēteris Caune	61a8a8de26	Remove Profile.reports_allowed (obsolete) It is obsoleted by Profile.reports	3 years ago
Pēteris Caune	6c10980889	Add Account Settings > Appearance page	3 years ago
Pēteris Caune	548b2ac33c	Update the signup form to collect browser's timezone	4 years ago
Pēteris Caune	fa5dd8b45a	Add mitigation for bad tz values	4 years ago
Pēteris Caune	df44ee58c0	Add an option for weekly reports (in addition to monthly)	4 years ago
Pēteris Caune	03a538c5e2	Add Profile.reports field This is in preparation of adding an option for weekly reports (#407)	4 years ago
Pēteris Caune	68b1d5bb8b	Fix the "Email Reports" screen to clear Profile.next_nag_date	4 years ago
Pēteris Caune	5321f772fe	Add a link to check's details page in Slack notifications Fixes: #486	4 years ago
Pēteris Caune	725be65bdd	Add the PROMETHEUS_ENABLED setting	4 years ago
Pēteris Caune	dfd159ab18	Add a "Lost password?" link with instructions in the Sign In page	4 years ago
Pēteris Caune	0b4251bdee	Add logic to handle exceptions thrown by the fido2 library	4 years ago
Pēteris Caune	3cfc31610a	Add extra security checks in the login_webauthn view	4 years ago
Pēteris Caune	8448f882cf	Add notes about adding a second key, and removing the last key	4 years ago
Pēteris Caune	568a287850	Fix WebAuthn registration to use random bytes for user handle User handle is used in a username-less authentication, to map a credential received from browser with an user account in the database. Since we only use security keys as a second factor, the user handle is not of much use to us. The user handle: - must not be blank, - must not be a constant value, - must not contain personally identifiable information. So we use random bytes, and don't store them on our end.	4 years ago
Pēteris Caune	8dbf9e02af	Fix capitalization, Webauthn -> WebAuthn	4 years ago
Pēteris Caune	7124383a53	Add checks for RP_ID, add a 2FA section in README	4 years ago
Pēteris Caune	9401bc3987	Update the "Close Account" function to use confirmation codes	4 years ago
Pēteris Caune	48750ee668	Update "Change Password" to show messages in panel's footer	4 years ago
Pēteris Caune	fb79948759	Update the "Change Email" function to use confirmation codes	4 years ago
Pēteris Caune	ed6b15bfa9	Update the "Set Password" function to use confirmation codes	4 years ago
Pēteris Caune	1ca4caa3a8	Update the set_password view to use update_session_auth_hash Changing user's password logs themselves out. To avoid that, we were logging the user back in right after changing the password. I recently discovered update_session_auth_hash, which seems to be the proper way to do this. Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change	4 years ago
Pēteris Caune	adb7702f39	Rename login_tfa to login_webauthn	4 years ago
Pēteris Caune	839c309cf7	Refactor for testability, add more test cases	4 years ago
Pēteris Caune	ecf964ea3b	Remove a verify_origin workaround	4 years ago
Pēteris Caune	9f58ebfd3e	Hook up a 2FA check after a password or email link authentication	4 years ago
Pēteris Caune	64be87137b	Add a two-factor authentication form (WIP)	4 years ago
Pēteris Caune	2ac0f87560	Implement a "Remove Security Key" feature	4 years ago
Pēteris Caune	2c3286c280	Improve the "add security key" UX, require sudo mode	4 years ago
Pēteris Caune	53688f1d87	Add error handling on the client side, use Django form API	4 years ago
Pēteris Caune	1eaa216d3a	Add experimental code for registering Webauthn credentials	4 years ago
Pēteris Caune	ad720af242	Rename "hc-p-channels" to "hc-channels"	4 years ago
Pēteris Caune	0a85c5ed12	In Account Settings > My Projects, indicate read-only memberships as read-only	4 years ago
Pēteris Caune	e424176a1f	Remove mentions of "whitelist"	4 years ago
Pēteris Caune	d73de68f70	Specify the read-write/read-only flag when inviting a team member.	4 years ago
Pēteris Caune	adb004b333	Read-only users cannot change project settings.	4 years ago
Pēteris Caune	2346ac3e80	Bugfix: don't allow duplicate team memberships	4 years ago
Pēteris Caune	ca715dd8d4	Check membership when initiating project's transfer. Use transaction.atomic() when completing the transfer.	5 years ago
Pēteris Caune	57da17b8e2	Send an "Ownership Transfer Request" email notification.	5 years ago
Pēteris Caune	532b752e3c	cleanup: don't import each form individually	5 years ago
Pēteris Caune	f7acaa57af	Adding tests.	5 years ago
Pēteris Caune	f42b2b144a	New feature: Project Settings > Transfer Ownership (WIP, missing tests)	5 years ago
Pēteris Caune	29e016d0fc	Update Telegram instructions. Fix redirect after login when adding Telegram integration.	5 years ago

1 2 3 4

160 Commits (f3af13654ef8b8e4dac4f2bbdc7066deeda91f54)