harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity
1,759 Commits 3 Branches 0 Tags
Commit Graph

1759 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pēteris Caune
c196dc16d7
Fix latin-1 handling in webhook header values 2021-08-10 21:14:05 +03:00
Pēteris Caune
b43612806f
Fix dark mode bug in selectpicker widgets 2021-08-10 16:47:47 +03:00
Pēteris Caune
544ec7ea69
Add handling for non-latin-1 characters in webhook headers 2021-08-10 10:36:58 +03:00
Pēteris Caune
78113e1aea
Improve "Grace Time" description in docs 
cc: #547
 2021-08-09 17:52:20 +03:00
Pēteris Caune
74f56a5501
Improve the note about start signals and alerting logic 
cc: #547
 2021-08-06 16:10:06 +03:00
Pēteris Caune
2a9bc42dd4
Update Changelog for v1.22.0 release 2021-08-06 14:27:15 +03:00
Pēteris Caune
af7e8fc949
Fix the login view to handle already authenticated users 
If an already authenticated user visits /accounts/login/,
Healthchecks will now redirect them to their dashboard
instead of showing the login form.
 2021-08-06 13:54:12 +03:00
Pēteris Caune
7252f2f101
Fix _allow_redirect function to reject absolute URLs 
This fixes a security issue:
- attacker can crafts a redirect URL to an external site
- attacker gets victim to click on it
- victim logs in
- after login, Healthchecks redirects victim to the external site

The _allow_redirect function now additionally
requires the redirect URL is relative (has no scheme or domain).
 2021-08-06 13:34:40 +03:00
Pēteris Caune
f85aec225d
Fix redirect-after-login when using TOTP 
If user has both WebAuthn and TOTP configured,
when logging in, they will be asked to choose between
"Use security keys" and "Use authenticator app".
The "Use authenticator app" is a link to a different
page (/accounts/login/two_factor/totp/). This commit makes
sure the ?next= query parameter is preserved when navigating
to that page.

For reference, the ?next= query parameter is the URL we should
redirect to after a successful login. Use case:
User is logged out. They click on a bookmarked "Check Details"
link. They get redirected to the login form. After
entering username & password and completing 2FA,
they get redirected to the "Check Details" page they
originally wanted to visit.
 2021-08-06 12:09:41 +03:00
Pēteris Caune
e6427995b7
Add Whitenoise and improve README 
Fixes: #548
 2021-08-05 18:06:47 +03:00
Pēteris Caune
ca3afa33f9
Add auth method selection step 
This has dual purpose:

* if user has both WebAuthn and TOTP set up, they can choose
  between the two as equal options.
* we initiate WebAuthn flow only after an explicit user action
  (button press). This may help with authentication failures
  on recent MacOS, iOS and iPadOS versions [1]

[1] https://support.yubico.com/hc/en-us/articles/360022004600-No-reaction-when-using-WebAuthn-on-macOS-iOS-and-iPadOS
 2021-08-05 16:27:06 +03:00
Pēteris Caune
f3af13654e
Refactor email sending functions to allow customization 
For example, if we need to use a custom From: address,
we can now do:

    m = make_message("template-name", recipient, ctx)
    m.from_email = "...."  # customize here
    send(m)
 2021-08-05 14:13:25 +03:00
Pēteris Caune
fca600659d
Improve hc.lib.emails.send() 
- add optional `from_email` argument
- add test cases that exercise the retry loop
 2021-08-03 19:02:25 +03:00
Pēteris Caune
c3d458f6f0
Fix the unsubscribe_reports view to handle already deleted users 2021-08-02 12:51:05 +03:00
Pēteris Caune
934099510d
Upgrade to Django 3.2.6 2021-08-02 10:51:31 +03:00
Pēteris Caune
d60d8a43b6
Add protection against TOTP code reuse 2021-07-30 18:17:21 +03:00
Pēteris Caune
8ed5e93cd2
Add rate limiting for TOTP auth attempts 2021-07-30 17:30:28 +03:00
Pēteris Caune
222722569e
Add support for 2FA using TOTP 
Fixes: #354
 2021-07-30 16:43:23 +03:00
Pēteris Caune
0d9d094882
Update docs with the Manager role 2021-07-26 15:55:08 +03:00
Pēteris Caune
dfa6f404e6
Improve the "Invite a Team Member" dialog 2021-07-26 15:21:45 +03:00
Pēteris Caune
bbd2786e0f
Optimize queries and fix team member sorting 2021-07-26 14:27:03 +03:00
Pēteris Caune
74427ba3f1
Fix wording in the "Team size limit reached" message 2021-07-26 13:12:06 +03:00
Pēteris Caune
e1c3beb4e9
Add test cases for manager operations 2021-07-26 13:07:05 +03:00
Pēteris Caune
4f83f8c06b
Fix a 403 when transferring a project to a read-only team member 2021-07-26 12:50:43 +03:00
swoga
9640d2242f feat: add manager role 2021-07-26 12:26:06 +03:00
Pēteris Caune
ce9ff3ac42
Add a migration to remove Member.rw 2021-07-22 17:40:08 +03:00
Pēteris Caune
cb799dbd29
Remove the Member.rw field (superseded by Member.role) 2021-07-22 17:28:38 +03:00
Pēteris Caune
936a5213f8
Switch from Member.rw to Member.role as the source of truth 2021-07-22 17:16:52 +03:00
Pēteris Caune
d19cb8c681
Add a data migration to populate Member.role 2021-07-22 16:28:02 +03:00
Pēteris Caune
5230dbb425
Add Member.role field 2021-07-22 16:13:41 +03:00
Pēteris Caune
e46000ecdf
Add admin action to log in as any user 2021-07-20 11:16:12 +03:00
Pēteris Caune
79dc4d2e7a
Fix html structure in the signup dialog 2021-07-16 16:45:26 +03:00
Pēteris Caune
02cdbb9222
Fix page structure, update copy 2021-07-16 16:36:32 +03:00
Pēteris Caune
94c5ea3e13
Fix page structure 2021-07-16 16:34:15 +03:00
Pēteris Caune
2382bf6722
Add SITE_LOGO_URL setting 
Fixes: #323
 2021-07-16 15:30:34 +03:00
Pēteris Caune
dd88924660
Fix dark mode styling issues in Cron Syntax Cheatsheet 2021-07-16 12:25:16 +03:00
Pēteris Caune
b75b062559
Remove unsigned token support in hc.front.views.unsubscribe_email 2021-07-16 12:01:44 +03:00
Pēteris Caune
e186d039fc
Upgrade to psycopg2==2.9.1 and requests==2.26.0 2021-07-16 11:24:45 +03:00
Pēteris Caune
2271a4dbb0
Remove glyphicons (unused) 2021-07-07 15:23:35 +03:00
Pēteris Caune
99bb71c920
Use multicolor channel icons for better appearance in the dark mode 2021-07-07 15:23:02 +03:00
Pēteris Caune
5c54afadb5
Fix contrast in "Add Integration" pages, step circles 2021-07-05 18:03:37 +03:00
Pēteris Caune
c94e39c9d3
Add CSS to invert Matrix and Mattermost logos in dark mode 2021-07-05 17:55:13 +03:00
Pēteris Caune
92a9910092
Improve logos for the dark mode 2021-07-05 17:31:10 +03:00
Pēteris Caune
0e7252d8fa
Update Discord logo 2021-07-05 17:16:29 +03:00
Pēteris Caune
5a4c06ffae
Update CHANGELOG for v1.21.0 release 2021-07-02 16:52:24 +03:00
Pēteris Caune
92ef81c0a5
Add workflow_dispatch for testing 2021-07-02 16:47:06 +03:00
Pēteris Caune
83eb10b99e
Rename secret names in publish_docker_image.yml 2021-07-02 16:40:20 +03:00
Pēteris Caune
ec56ceae8f
Merge branch 'master' of https://github.com/mirobertod/healthchecks into mirobertod-master 2021-07-02 16:38:30 +03:00
Pēteris Caune
d243f502d3
Fix off-by-one-month error in monthly reports, downtime columns 
Fixes: #539
 2021-07-02 15:22:51 +03:00
Roberto Dedoro
760c3757f3
update docker image name 2021-07-02 13:23:38 +08:00