harmacist/healthchecks
1
0
Fork 0
forked from GithubBackups/healthchecks
Code Issues Pull Requests Projects Releases Wiki Activity
1,744 Commits 3 Branches 0 Tags
Commit Graph

148 Commits

Author SHA1 Message Date
Pēteris Caune
d60d8a43b6
Add protection against TOTP code reuse 2021-07-30 18:17:21 +03:00
Pēteris Caune
8ed5e93cd2
Add rate limiting for TOTP auth attempts 2021-07-30 17:30:28 +03:00
Pēteris Caune
222722569e
Add support for 2FA using TOTP 
Fixes: #354
 2021-07-30 16:43:23 +03:00
Pēteris Caune
bbd2786e0f
Optimize queries and fix team member sorting 2021-07-26 14:27:03 +03:00
Pēteris Caune
e1c3beb4e9
Add test cases for manager operations 2021-07-26 13:07:05 +03:00
Pēteris Caune
4f83f8c06b
Fix a 403 when transferring a project to a read-only team member 2021-07-26 12:50:43 +03:00
swoga
9640d2242f feat: add manager role 2021-07-26 12:26:06 +03:00
Pēteris Caune
cb799dbd29
Remove the Member.rw field (superseded by Member.role) 2021-07-22 17:28:38 +03:00
Pēteris Caune
936a5213f8
Switch from Member.rw to Member.role as the source of truth 2021-07-22 17:16:52 +03:00
Pēteris Caune
5230dbb425
Add Member.role field 2021-07-22 16:13:41 +03:00
Pēteris Caune
61a8a8de26
Remove Profile.reports_allowed (obsolete) 
It is obsoleted by Profile.reports
 2021-06-29 14:38:06 +03:00
Pēteris Caune
548b2ac33c
Update the signup form to collect browser's timezone 2021-05-24 14:38:12 +03:00
Pēteris Caune
fa5dd8b45a
Add mitigation for bad tz values 2021-05-24 14:04:05 +03:00
Pēteris Caune
df44ee58c0
Add an option for weekly reports (in addition to monthly) 2021-05-24 13:44:34 +03:00
Pēteris Caune
03a538c5e2
Add Profile.reports field 
This is in preparation of adding an option for weekly
reports (#407)
 2021-05-24 11:20:28 +03:00
Pēteris Caune
6ed983cdd5
Improve copy in "Profile" > "Email and Password" section 
When an account has a password, replace "Set Password"
button's label with "Change Password"
 2021-04-22 10:31:35 +03:00
Pēteris Caune
67d11e8d40
Fix the month boundary calculation in monthly reports 
Fixes: #497
 2021-04-02 13:49:55 +03:00
Pēteris Caune
68b1d5bb8b
Fix the "Email Reports" screen to clear Profile.next_nag_date 2021-03-15 13:06:57 +02:00
Pēteris Caune
1d6b75d5dc
Move Profile *model* tests to test_profile_model 2021-03-15 12:56:07 +02:00
Pēteris Caune
7ba5fcbb71
Fix sendalerts to clear Profile.next_nag_date if all checks up 
Profile.next_nag_date tracks when the next hourly/daily reminder
should be sent. Normally, sendalerts sets this field when
a check goes down, and sendreports clears it out whenever
it is about to send a reminder but realizes all checks are up.

The problem: sendalerts can set next_nag_date to a non-null
value, but it does not clear it out when all checks are up.
This can result in a hourly/daily reminder being sent out
at the wrong time. Specific example, assuming hourly reminders:

13:00: Check A goes down. next_nag_date gets set to 14:00.
13:05: Check A goes up. next_nag_date remains set to 14:00.
13:55: Check B goes down. next_nag_date remains set to 14:00.
14:00: Healthchecks sends a hourly reminder, just 5 minutes
       after Check B going down. It should have sent the reminder
       at 13:55 + 1 hour = 14:55

The fix: sendalerts can now both set and clear the next_nag_date
field. The main changes are in Project.update_next_nag_dates()
and in Profile.update_next_nag_date(). With the fix:

13:00: Check A goes down. next_nag_date gets set to 14:00.
13:05: Check A goes up. next_nag_date gets set to null.
13:55: Check B goes down. next_nag_date gets set to 14:55.
14:55: Healthchecks sends a hourly reminder.
 2021-03-15 12:34:39 +02:00
Pēteris Caune
725be65bdd
Add the PROMETHEUS_ENABLED setting 2021-01-29 15:05:42 +02:00
Shea Polansky
54a95a0ee2
Add http header auth (#457) 
* Add HTTP header authentiation backend/middleware

* Add docs for remote header auth

* Improve docs on external auth

* Add warning for unknown  REMOTE_USER_HEADER_TYPE

* Move active check for header auth to middleware
Add extra header type sanity check to the backend

* Add test cases for remote header login

* Improve header-based authentication

- remove the 'ID' mode
- add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally
- rewrite CustomHeaderBackend and CustomHeaderMiddleware to
use less inherited code
- add more test cases

Co-authored-by: Pēteris Caune <cuu508@gmail.com>
 2020-12-09 11:25:56 +02:00
Pēteris Caune
0b4251bdee
Add logic to handle exceptions thrown by the fido2 library 2020-11-19 16:53:58 +02:00
Pēteris Caune
3cfc31610a
Add extra security checks in the login_webauthn view 2020-11-19 16:21:31 +02:00
Pēteris Caune
8dbf9e02af
Fix capitalization, Webauthn -> WebAuthn 2020-11-19 13:01:26 +02:00
Pēteris Caune
7124383a53
Add checks for RP_ID, add a 2FA section in README 2020-11-19 12:54:00 +02:00
Pēteris Caune
9401bc3987
Update the "Close Account" function to use confirmation codes 2020-11-16 16:22:25 +02:00
Pēteris Caune
fb79948759
Update the "Change Email" function to use confirmation codes 2020-11-16 15:33:29 +02:00
Pēteris Caune
ed6b15bfa9
Update the "Set Password" function to use confirmation codes 2020-11-16 14:53:50 +02:00
Pēteris Caune
adb7702f39
Rename login_tfa to login_webauthn 2020-11-16 14:16:06 +02:00
Pēteris Caune
7639f0dd69
Add test cases for the login_tfa view 2020-11-16 14:01:04 +02:00
Pēteris Caune
d0f327b213
Add Base64Field field (base64-encoded binary data) 2020-11-16 13:10:38 +02:00
Pēteris Caune
839c309cf7
Refactor for testability, add more test cases 2020-11-16 12:52:26 +02:00
Pēteris Caune
155a1f132b
Simplify super() calls in tests 2020-11-16 11:20:01 +02:00
Pēteris Caune
155226d82a
Add tests for sudo mode 2020-11-16 10:58:38 +02:00
Pēteris Caune
0a85c5ed12
In Account Settings > My Projects, indicate read-only memberships as read-only 2020-08-31 11:07:39 +03:00
Pēteris Caune
d73de68f70
Specify the read-write/read-only flag when inviting a team member. 2020-08-26 16:09:17 +03:00
Pēteris Caune
adb004b333
Read-only users cannot change project settings. 2020-08-26 15:04:12 +03:00
Pēteris Caune
2346ac3e80
Bugfix: don't allow duplicate team memberships 2020-08-19 12:07:48 +03:00
Pēteris Caune
c7af52637a
Less verbose output in the senddeletionnotices command 2020-08-18 11:05:04 +03:00
Pēteris Caune
697cb19bde
Handle excessively long email addresses in the team member invite form. 2020-08-17 12:05:19 +03:00
Pēteris Caune
ffafc16fe5
Handle excessively long email addresses in the signup form. 2020-08-17 11:31:24 +03:00
Pēteris Caune
f131123e0e
In the test_it_sends_link testcase, explicitly set the USE_PAYMENTS setting. This way tests work regardless of what's in the environment variable or local_settings.py file. 2020-08-05 17:35:37 +03:00
Ronald Ip
c476f042ba
Fix logic bug in test_signup (#408) 
Resolves #408 by fixing the test_signup logic bug introduced in 8c13457.
 2020-08-05 22:27:44 +08:00
Pēteris Caune
8c13457037
Use separate counters for SMS and phone calls. 2020-08-03 17:52:09 +03:00
Pēteris Caune
ca715dd8d4
Check membership when initiating project's transfer. Use transaction.atomic() when completing the transfer. 2020-04-13 15:19:37 +03:00
Pēteris Caune
57da17b8e2
Send an "Ownership Transfer Request" email notification. 2020-04-13 15:04:59 +03:00
Pēteris Caune
3bf1ad9746
Fix invite suggestions. 2020-04-13 12:26:05 +03:00
Pēteris Caune
f7acaa57af
Adding tests. 2020-04-12 18:21:08 +03:00
Pēteris Caune
4bcfba728e
Use unittest.mock 2020-03-01 22:30:12 +02:00