healthchecks

Author	SHA1	Message	Date
Pēteris Caune	dfd159ab18	Add a "Lost password?" link with instructions in the Sign In page	2020-12-09 15:38:19 +02:00
Pēteris Caune	eed7ef36d1	Improve text instructions	2020-11-19 17:35:21 +02:00
Pēteris Caune	c8d387aee4	Improve text instructions	2020-11-19 16:35:44 +02:00
Pēteris Caune	8448f882cf	Add notes about adding a second key, and removing the last key	2020-11-19 15:05:08 +02:00
Pēteris Caune	7124383a53	Add checks for RP_ID, add a 2FA section in README	2020-11-19 12:54:00 +02:00
Pēteris Caune	9401bc3987	Update the "Close Account" function to use confirmation codes	2020-11-16 16:22:25 +02:00
Pēteris Caune	48750ee668	Update "Change Password" to show messages in panel's footer	2020-11-16 15:45:25 +02:00
Pēteris Caune	fb79948759	Update the "Change Email" function to use confirmation codes	2020-11-16 15:33:29 +02:00
Pēteris Caune	ed6b15bfa9	Update the "Set Password" function to use confirmation codes	2020-11-16 14:53:50 +02:00
Pēteris Caune	adb7702f39	Rename login_tfa to login_webauthn	2020-11-16 14:16:06 +02:00
Pēteris Caune	64be87137b	Add a two-factor authentication form (WIP)	2020-11-14 12:54:26 +02:00
Pēteris Caune	2ac0f87560	Implement a "Remove Security Key" feature	2020-11-14 11:45:09 +02:00
Pēteris Caune	42497fe91a	Add rate limiting to the sudo code form	2020-11-13 22:04:19 +02:00
Pēteris Caune	2c3286c280	Improve the "add security key" UX, require sudo mode	2020-11-13 16:23:28 +02:00
Pēteris Caune	e3aedd3b03	Add require_sudo_mode decorator Planning to use it for sensitive operations (add/remove security keys), change email, change password, close account. The decorator sends a six-digit confirmation code to user's email and renders a form for entering it back. If the user enters the correct code, the decorators sets a sudo=active marker in user's session, valid for 30 minutes.	2020-11-13 11:08:06 +02:00
Pēteris Caune	03ea725612	Add Credential.created field	2020-11-12 18:03:12 +02:00
Pēteris Caune	53688f1d87	Add error handling on the client side, use Django form API	2020-11-12 17:08:23 +02:00
Pēteris Caune	1eaa216d3a	Add experimental code for registering Webauthn credentials	2020-11-12 16:15:07 +02:00
Pēteris Caune	0a85c5ed12	In Account Settings > My Projects, indicate read-only memberships as read-only	2020-08-31 11:07:39 +03:00
Pēteris Caune	d73de68f70	Specify the read-write/read-only flag when inviting a team member.	2020-08-26 16:09:17 +03:00
Pēteris Caune	adb004b333	Read-only users cannot change project settings.	2020-08-26 15:04:12 +03:00
Pēteris Caune	2346ac3e80	Bugfix: don't allow duplicate team memberships	2020-08-19 12:07:48 +03:00
Pēteris Caune	9a1127005e	Link to the "Security" section in dashboard's README	2020-08-18 14:21:38 +03:00
Pēteris Caune	b7e2404f98	Host a read-only dashboard (from github.com/healthchecks/dashboard/), link to it from "Project Settings" > "Show API keys"	2020-08-18 14:07:55 +03:00
Pēteris Caune	697cb19bde	Handle excessively long email addresses in the team member invite form.	2020-08-17 12:05:19 +03:00
Pēteris Caune	b63f3bed8e	Limit project name to 60 characters to prevent abuse	2020-08-10 11:23:59 +03:00
Pēteris Caune	519a666057	{% site_name %} -> {{ site_name }} so we can use blocktrans tags for L10N	2020-07-21 17:59:39 +03:00
Pēteris Caune	cfb294862f	DRY, have a single "No billing address" modal dialog.	2020-05-29 15:33:33 +03:00
Pēteris Caune	95279f6f3f	Billing page allows setting up a subscription before a payment method is added.	2020-05-29 15:08:00 +03:00
Pēteris Caune	c057dbfb2c	Cleanup.	2020-04-20 11:54:27 +03:00
Pēteris Caune	57da17b8e2	Send an "Ownership Transfer Request" email notification.	2020-04-13 15:04:59 +03:00
Pēteris Caune	3bf1ad9746	Fix invite suggestions.	2020-04-13 12:26:05 +03:00
Pēteris Caune	f42b2b144a	New feature: Project Settings > Transfer Ownership (WIP, missing tests)	2020-04-12 14:46:12 +03:00
Pēteris Caune	f1880657fd	Added "Supporter" billing plan.	2020-04-07 12:32:20 +03:00
Pēteris Caune	eb7f51f6f5	Focus the "name" input in the "Add Project" modal.	2020-03-05 16:05:06 +02:00
Pēteris Caune	e52ac9af91	Put API key in the path (not query string) cc: #300	2020-02-14 16:39:31 +02:00
Pēteris Caune	12b946acf3	Experimental Prometheus metrics endpoint. cc: #300	2020-02-14 16:12:13 +02:00
Pēteris Caune	0ff4bd01e0	Improved UI to invite users from account's other projects. Fixes #258 . The team size limit is applied to the number of distinct users across all projects. Fixes #332.	2020-02-14 13:05:21 +02:00
Pēteris Caune	3048a20f9b	link rel="canonical" in the sign in page	2020-02-04 11:29:38 +02:00
Pēteris Caune	0d2c6217d3	Auto-submit the unsubscribe confirmation form only if signature is more than 5 minutes old. Idea from https://stackoverflow.com/questions/59281750/strategies-to-prevent-email-scanners-from-activating-unsubscribe-links/59381066#59381066	2019-12-18 16:10:30 +02:00
Pēteris Caune	eafff677d9	Don't auto-submit the unsubscribe form. Email security scanners like Office 365 Enterprise open links and execute JS causing users to automatically unsubscribe the first time they receive an email. Can't think of a sane fix for this :-(	2019-12-10 10:41:10 +02:00
Pēteris Caune	4ee92a44ff	Unsubscribe is CSRF exempt.	2019-12-09 16:14:50 +02:00
Pēteris Caune	dfee69584b	Don't show the "Sign Up" link in the login page if registration is closed. Fixes #280	2019-08-26 10:55:41 +03:00
Pēteris Caune	fa16bd4e42	Prepare for 3DS 2	2019-08-18 18:16:37 +03:00
Pēteris Caune	8f6726d1ee	Prevent email clients from opening the one-time login links. Fixes #255	2019-05-21 11:26:55 +03:00
Pēteris Caune	ffa23b6504	Empty meta description for the login page.	2019-05-07 10:53:10 +03:00
Pēteris Caune	fcff4b48c6	Fixing markup.	2019-04-29 23:27:46 +03:00
Pēteris Caune	23b197526c	Password strength meter and length check in the "Set Password" form	2019-04-29 23:16:49 +03:00
Pēteris Caune	afaa8767cd	Rate limit login-with-password attempts.	2019-04-26 15:51:10 +03:00
Pēteris Caune	d682f79075	Update braintree dropin version.	2019-04-12 18:29:00 +03:00

1 2 3

127 Commits