1044 Commits

Author SHA1 Message Date
Pēteris Caune
55a22e5043
Split AddSmsForm into PhoneNumberForm and PhoneUpDownForm
The PhoneNumberForm is used in "Add SMS" and "Add Phone Call" pages.
The PhoneUpDownForm is a subclass of PhoneNumberForm and
adds "up" and "down" boolean fields. It is used in "Add Signal"
and "Add WhatsApp" pages.
2021-01-10 15:52:33 +02:00
Pēteris Caune
847a610af9
Sort hc-add-* routes 2021-01-09 16:52:48 +02:00
Pēteris Caune
cd99af14ba
Add Signal integration
Fixes: #428
2021-01-09 11:58:18 +02:00
Pēteris Caune
599f35e4f0
Improve the crontab snippet in the "Check Details" page
Fixes: #465
2020-12-30 13:49:33 +02:00
Pēteris Caune
8fe8e0f605
Update alert email template: more information, less styling
Fixes: #348
2020-12-26 18:11:36 +02:00
Pēteris Caune
823b3dbc7b
Fix tests 2020-12-16 14:11:36 +02:00
Pēteris Caune
0f1abd3498
Add tighter parameter checks in hc.front.views.serve_doc 2020-12-14 19:08:36 +02:00
Pēteris Caune
dfd159ab18
Add a "Lost password?" link with instructions in the Sign In page 2020-12-09 15:38:19 +02:00
Shea Polansky
54a95a0ee2
Add http header auth (#457)
* Add HTTP header authentiation backend/middleware

* Add docs for remote header auth

* Improve docs on external auth

* Add warning for unknown  REMOTE_USER_HEADER_TYPE

* Move active check for header auth to middleware
Add extra header type sanity check to the backend

* Add test cases for remote header login

* Improve header-based authentication

- remove the 'ID' mode
- add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally
- rewrite CustomHeaderBackend and CustomHeaderMiddleware to
use less inherited code
- add more test cases

Co-authored-by: Pēteris Caune <cuu508@gmail.com>
2020-12-09 11:25:56 +02:00
Pēteris Caune
5d650f07fb
Fix db field overflow when copying a check with a long name 2020-12-03 13:01:53 +02:00
Pēteris Caune
617bd92434
Add Ping.exitstatus field, store received exit status values in db
Fixes #455
2020-11-29 12:12:44 +02:00
Pēteris Caune
524d1a7375
Implement badge mode (up/down vs up/late/down) selector
Fixes #282
2020-11-27 12:57:25 +02:00
Pēteris Caune
0b4251bdee
Add logic to handle exceptions thrown by the fido2 library 2020-11-19 16:53:58 +02:00
Pēteris Caune
3cfc31610a
Add extra security checks in the login_webauthn view 2020-11-19 16:21:31 +02:00
Pēteris Caune
8448f882cf
Add notes about adding a second key, and removing the last key 2020-11-19 15:05:08 +02:00
Pēteris Caune
568a287850
Fix WebAuthn registration to use random bytes for user handle
User handle is used in a username-less authentication, to map a
credential received from browser with an user account in the
database. Since we only use security keys as a second factor,
the user handle is not of much use to us.

The user handle:
 - must not be blank,
 - must not be a constant value,
 - must not contain personally identifiable information.

So we use random bytes, and don't store them on our end.
2020-11-19 13:59:23 +02:00
Pēteris Caune
8dbf9e02af
Fix capitalization, Webauthn -> WebAuthn 2020-11-19 13:01:26 +02:00
Pēteris Caune
7124383a53
Add checks for RP_ID, add a 2FA section in README 2020-11-19 12:54:00 +02:00
Pēteris Caune
9401bc3987
Update the "Close Account" function to use confirmation codes 2020-11-16 16:22:25 +02:00
Pēteris Caune
48750ee668
Update "Change Password" to show messages in panel's footer 2020-11-16 15:45:25 +02:00
Pēteris Caune
fb79948759
Update the "Change Email" function to use confirmation codes 2020-11-16 15:33:29 +02:00
Pēteris Caune
ed6b15bfa9
Update the "Set Password" function to use confirmation codes 2020-11-16 14:53:50 +02:00
Pēteris Caune
1ca4caa3a8
Update the set_password view to use update_session_auth_hash
Changing user's password logs themselves out. To avoid that,
we were logging the user back in right after changing the password.

I recently discovered update_session_auth_hash, which seems to
be the proper way to do this.

Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change
2020-11-16 14:29:52 +02:00
Pēteris Caune
adb7702f39
Rename login_tfa to login_webauthn 2020-11-16 14:16:06 +02:00
Pēteris Caune
7639f0dd69
Add test cases for the login_tfa view 2020-11-16 14:01:04 +02:00
Pēteris Caune
d0f327b213
Add Base64Field field (base64-encoded binary data) 2020-11-16 13:10:38 +02:00
Pēteris Caune
839c309cf7
Refactor for testability, add more test cases 2020-11-16 12:52:26 +02:00
Pēteris Caune
155a1f132b
Simplify super() calls in tests 2020-11-16 11:20:01 +02:00
Pēteris Caune
155226d82a
Add tests for sudo mode 2020-11-16 10:58:38 +02:00
Pēteris Caune
ecf964ea3b
Remove a verify_origin workaround 2020-11-15 21:49:25 +02:00
Pēteris Caune
9f58ebfd3e
Hook up a 2FA check after a password or email link authentication 2020-11-15 21:39:49 +02:00
Pēteris Caune
64be87137b
Add a two-factor authentication form (WIP) 2020-11-14 12:54:26 +02:00
Pēteris Caune
2ac0f87560
Implement a "Remove Security Key" feature 2020-11-14 11:45:09 +02:00
Pēteris Caune
42497fe91a
Add rate limiting to the sudo code form 2020-11-13 22:04:19 +02:00
Pēteris Caune
2c3286c280
Improve the "add security key" UX, require sudo mode 2020-11-13 16:23:28 +02:00
Pēteris Caune
e3aedd3b03
Add require_sudo_mode decorator
Planning to use it for sensitive operations (add/remove security keys),
change email, change password, close account.

The decorator sends a six-digit confirmation code to user's email
and renders a form for entering it back. If the user enters the
correct code, the decorators sets a sudo=active marker in
user's session, valid for 30 minutes.
2020-11-13 11:08:06 +02:00
Pēteris Caune
03ea725612
Add Credential.created field 2020-11-12 18:03:12 +02:00
Pēteris Caune
53688f1d87
Add error handling on the client side, use Django form API 2020-11-12 17:08:23 +02:00
Pēteris Caune
1eaa216d3a
Add experimental code for registering Webauthn credentials 2020-11-12 16:15:07 +02:00
Pēteris Caune
cdd2e98bd0
Remove USE_I18N and USE_L10N from settings
They have the default values and so are redundant.
2020-11-06 18:51:30 +02:00
Pēteris Caune
816c158744
Fix code formatting in the Notification model 2020-11-06 18:50:23 +02:00
Pēteris Caune
d5502c50ca
Add retries to the the email sending logic
When sending email using Django's default email
backend (SMTP), and if there is a network issue, the backend
can throw SMTPServerDisconnected.

This commit adds a retry logic which retries sending the
email two times when SMTPServerDisconnected is thrown.
2020-10-30 14:18:38 +02:00
Pēteris Caune
0b685e8b5a
Disable retries when testing webhook integration
Normally, when a webhook call fails (timeout, connection
error, non-2xx response), the HTTP request is retried up to two
times (so up to 3 times total). This is useful when sending
actual notifications, in case the webhook target has a temporary
glitch.

When interactively testing a webhook integration
("Send Test Notification" in the
"Integrations" page), we would prefer to see any errors ASAP
on the screen instead of retrying and so possibly swallowing them.

One specific use case is webhook targets that take long time to
generate a response. "Send Test Notification" is synchronous,
meaning that the user could be stuck for
5 x 3 = 15 seconds waiting for the  test HTTP request to time out
three times.
2020-10-30 12:36:17 +02:00
Pēteris Caune
f7e004b2ea
Improve phone number sanitization: remove spaces and hyphens 2020-10-30 11:32:09 +02:00
Pēteris Caune
81e59ac553
Add support for script's exit status in ping URLs
Fixes: #429
2020-10-28 14:28:32 +02:00
Pēteris Caune
6f56ed7f92
Reduce the number of SQL queries used in the "Get Checks" API call 2020-10-27 16:19:57 +02:00
Pēteris Caune
a37e83aca8
Update AddSmsForm to remove any invisible unicode characers 2020-10-20 15:53:27 +03:00
Pēteris Caune
7534f1856f
Add testcases for setting channels in the "Create Check" API call 2020-10-14 18:12:35 +03:00
Pēteris Caune
7e56156d32
Optimize the "Update Check" API call
In the "Update Check" API call, if no fields have changed,
don't save the changes to the database.
2020-10-14 18:03:13 +03:00
Pēteris Caune
0e77064c44
Update API to allow specifying channels by names
Fixes: #440
2020-10-14 15:37:04 +03:00