Pēteris Caune
d60d8a43b6
Add protection against TOTP code reuse
2021-07-30 18:17:21 +03:00
Pēteris Caune
8ed5e93cd2
Add rate limiting for TOTP auth attempts
2021-07-30 17:30:28 +03:00
Pēteris Caune
222722569e
Add support for 2FA using TOTP
...
Fixes : #354
2021-07-30 16:43:23 +03:00
Pēteris Caune
bbd2786e0f
Optimize queries and fix team member sorting
2021-07-26 14:27:03 +03:00
Pēteris Caune
4f83f8c06b
Fix a 403 when transferring a project to a read-only team member
2021-07-26 12:50:43 +03:00
swoga
9640d2242f
feat: add manager role
2021-07-26 12:26:06 +03:00
Pēteris Caune
936a5213f8
Switch from Member.rw to Member.role as the source of truth
2021-07-22 17:16:52 +03:00
Pēteris Caune
61a8a8de26
Remove Profile.reports_allowed (obsolete)
...
It is obsoleted by Profile.reports
2021-06-29 14:38:06 +03:00
Pēteris Caune
6c10980889
Add Account Settings > Appearance page
2021-06-18 13:51:07 +03:00
Pēteris Caune
548b2ac33c
Update the signup form to collect browser's timezone
2021-05-24 14:38:12 +03:00
Pēteris Caune
fa5dd8b45a
Add mitigation for bad tz values
2021-05-24 14:04:05 +03:00
Pēteris Caune
df44ee58c0
Add an option for weekly reports (in addition to monthly)
2021-05-24 13:44:34 +03:00
Pēteris Caune
03a538c5e2
Add Profile.reports field
...
This is in preparation of adding an option for weekly
reports (#407 )
2021-05-24 11:20:28 +03:00
Pēteris Caune
68b1d5bb8b
Fix the "Email Reports" screen to clear Profile.next_nag_date
2021-03-15 13:06:57 +02:00
Pēteris Caune
5321f772fe
Add a link to check's details page in Slack notifications
...
Fixes : #486
2021-03-04 15:51:35 +02:00
Pēteris Caune
725be65bdd
Add the PROMETHEUS_ENABLED setting
2021-01-29 15:05:42 +02:00
Pēteris Caune
dfd159ab18
Add a "Lost password?" link with instructions in the Sign In page
2020-12-09 15:38:19 +02:00
Pēteris Caune
0b4251bdee
Add logic to handle exceptions thrown by the fido2 library
2020-11-19 16:53:58 +02:00
Pēteris Caune
3cfc31610a
Add extra security checks in the login_webauthn view
2020-11-19 16:21:31 +02:00
Pēteris Caune
8448f882cf
Add notes about adding a second key, and removing the last key
2020-11-19 15:05:08 +02:00
Pēteris Caune
568a287850
Fix WebAuthn registration to use random bytes for user handle
...
User handle is used in a username-less authentication, to map a
credential received from browser with an user account in the
database. Since we only use security keys as a second factor,
the user handle is not of much use to us.
The user handle:
- must not be blank,
- must not be a constant value,
- must not contain personally identifiable information.
So we use random bytes, and don't store them on our end.
2020-11-19 13:59:23 +02:00
Pēteris Caune
8dbf9e02af
Fix capitalization, Webauthn -> WebAuthn
2020-11-19 13:01:26 +02:00
Pēteris Caune
7124383a53
Add checks for RP_ID, add a 2FA section in README
2020-11-19 12:54:00 +02:00
Pēteris Caune
9401bc3987
Update the "Close Account" function to use confirmation codes
2020-11-16 16:22:25 +02:00
Pēteris Caune
48750ee668
Update "Change Password" to show messages in panel's footer
2020-11-16 15:45:25 +02:00
Pēteris Caune
fb79948759
Update the "Change Email" function to use confirmation codes
2020-11-16 15:33:29 +02:00
Pēteris Caune
ed6b15bfa9
Update the "Set Password" function to use confirmation codes
2020-11-16 14:53:50 +02:00
Pēteris Caune
1ca4caa3a8
Update the set_password view to use update_session_auth_hash
...
Changing user's password logs themselves out. To avoid that,
we were logging the user back in right after changing the password.
I recently discovered update_session_auth_hash, which seems to
be the proper way to do this.
Docs: https://docs.djangoproject.com/en/3.1/topics/auth/default/#session-invalidation-on-password-change
2020-11-16 14:29:52 +02:00
Pēteris Caune
adb7702f39
Rename login_tfa to login_webauthn
2020-11-16 14:16:06 +02:00
Pēteris Caune
839c309cf7
Refactor for testability, add more test cases
2020-11-16 12:52:26 +02:00
Pēteris Caune
ecf964ea3b
Remove a verify_origin workaround
2020-11-15 21:49:25 +02:00
Pēteris Caune
9f58ebfd3e
Hook up a 2FA check after a password or email link authentication
2020-11-15 21:39:49 +02:00
Pēteris Caune
64be87137b
Add a two-factor authentication form (WIP)
2020-11-14 12:54:26 +02:00
Pēteris Caune
2ac0f87560
Implement a "Remove Security Key" feature
2020-11-14 11:45:09 +02:00
Pēteris Caune
2c3286c280
Improve the "add security key" UX, require sudo mode
2020-11-13 16:23:28 +02:00
Pēteris Caune
53688f1d87
Add error handling on the client side, use Django form API
2020-11-12 17:08:23 +02:00
Pēteris Caune
1eaa216d3a
Add experimental code for registering Webauthn credentials
2020-11-12 16:15:07 +02:00
Pēteris Caune
ad720af242
Rename "hc-p-channels" to "hc-channels"
2020-09-01 12:56:35 +03:00
Pēteris Caune
0a85c5ed12
In Account Settings > My Projects, indicate read-only memberships as read-only
2020-08-31 11:07:39 +03:00
Pēteris Caune
e424176a1f
Remove mentions of "whitelist"
2020-08-26 16:38:29 +03:00
Pēteris Caune
d73de68f70
Specify the read-write/read-only flag when inviting a team member.
2020-08-26 16:09:17 +03:00
Pēteris Caune
adb004b333
Read-only users cannot change project settings.
2020-08-26 15:04:12 +03:00
Pēteris Caune
2346ac3e80
Bugfix: don't allow duplicate team memberships
2020-08-19 12:07:48 +03:00
Pēteris Caune
ca715dd8d4
Check membership when initiating project's transfer. Use transaction.atomic() when completing the transfer.
2020-04-13 15:19:37 +03:00
Pēteris Caune
57da17b8e2
Send an "Ownership Transfer Request" email notification.
2020-04-13 15:04:59 +03:00
Pēteris Caune
532b752e3c
cleanup: don't import each form individually
2020-04-13 12:16:39 +03:00
Pēteris Caune
f7acaa57af
Adding tests.
2020-04-12 18:21:08 +03:00
Pēteris Caune
f42b2b144a
New feature: Project Settings > Transfer Ownership (WIP, missing tests)
2020-04-12 14:46:12 +03:00
Pēteris Caune
29e016d0fc
Update Telegram instructions. Fix redirect after login when adding Telegram integration.
2020-02-27 15:52:00 +02:00
Pēteris Caune
0c9c453ea0
Profile.current_project not used any more, remove last remaining references. cc: #336
2020-02-27 12:34:21 +02:00
