0ct0pu5/healthchecks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
3197 commits 2 branches 66 tags 26 MiB
Commit graph

3197 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pēteris Caune
e2e289da2a
Add form double submit protection when registering a WebAuthn key 2023-02-20 11:05:55 +02:00
Pēteris Caune
04c9398da3
Fix the "Test" button in the Integrations screen for read-only users 
(I broke it by accident in 963f1758de)
 2023-02-20 10:21:41 +02:00
Pēteris Caune
d84a97acef
Add @sensitive_post_parameters() to views that handle passwords 2023-02-20 10:09:16 +02:00
Pēteris Caune
c2f828df83
Add custom ExceptionReporterFilter which filters out TWILIO_AUTH 2023-02-20 09:43:03 +02:00
Pēteris Caune
a316c36086
Fix more typos, spelling and grammar mistakes in docs 2023-02-19 14:37:19 +02:00
Krasimir Nedelchev
2d42e5af11
Fix typo in docs (#795) 2023-02-19 13:47:50 +02:00
Pēteris Caune
b62faf5bd0
Clean up promise chaining in signup.js 2023-02-15 09:41:15 +02:00
Pēteris Caune
423dac4b19
Add a protection for non-bool settings.SESSION_COOKIE_SECURE value 2023-02-15 09:20:00 +02:00
Pēteris Caune
3d728325fe
Fix the SameSite and Secure attributes on the "auto-login" cookie 
The "auto-login" cookie is a part of a work-around for
some email clients automatically clicking links in emails:

- when sending an one-time sign-in link, server also sends the
  "auto-login" cookie to the client
- when end user clicks on the sign-in link, the server checks
  if client's request contains the "auto-login" cookie
- if the "auto-login" cookie is present, log the user in
- if the "auto-login" cookie is absent, serve a HTTP POST form
  with a submit button. The user must click the button to log in.

This commit fixes attributes on the "auto-login" cookie:

- it sets SameSite=Lax
- it sets Secure=true if SESSION_COOKIE_SECURE=True
 2023-02-15 09:17:09 +02:00
Pēteris Caune
c8750ad05b
Fix the signup form to work with httpOnly CSRF cookies 2023-02-14 14:20:27 +02:00
Pēteris Caune
8531ef89b5
Bump Django version to 4.1.7 2023-02-14 14:02:06 +02:00
Pēteris Caune
e46cf3725b
Add CSRF protection in the signup view 2023-02-14 09:15:46 +02:00
Pēteris Caune
f27e7c82a2
Optimize SQL query in hc.front.views.status 
Filter checks by project.id instead of project.code,
this avoids a JOIN in the query.
 2023-02-10 12:06:56 +02:00
Pēteris Caune
0d0087d898
Update Telegram notification template to include more data 2023-02-08 15:28:39 +02:00
Pēteris Caune
b1d47abd97
Fix tests when TELEGRAM_BOT_NAME has a custom value 2023-02-08 14:22:55 +02:00
Pēteris Caune
311f7064dc
Fix a race condition in Check.ping method 
The code in Check.ping() updates a Check object, then
creates a Ping object. There's a possible race condition
where the "sendalerts" command sees# the updated Check object
before the Ping object is created. This is especially likely
when offloading ping bodies to S3, because Ping gets created
*after* the upload completes, which can take some time.

To avoid this, put both operations inside a transaction,
but keep the S3 upload *outside* the transaction--uploads
can hang, and we want to avoid long transactions.
 2023-02-08 13:12:05 +02:00
Fabrizio Ferrai
9939e45c5a
Add body to Telegram notifications (#783) 
Add body to Telegram notifications

---------

Co-authored-by: Pēteris Caune <cuu508@gmail.com>
 2023-02-08 12:52:36 +02:00
Pēteris Caune
08849d6f22
Update Docker image's uwsgi.ini to use SMTPD_PORT env var 
Fixes: #791
 2023-02-07 13:38:05 +02:00
Pēteris Caune
42a47463f9
Add a note about private ips in the http_proxy section 2023-02-03 10:26:51 +02:00
Pēteris Caune
19383d0414
Improve the error message about rejected private IPs 2023-02-03 10:08:06 +02:00
Pēteris Caune
e79fc0bdc2
Fix Mattermost and Matrix icon display in dark mode 2023-02-01 13:59:47 +02:00
Pēteris Caune
ac354179ac
Upgrade to Django==4.1.6 2023-02-01 13:32:13 +02:00
Pēteris Caune
ba9ebc5a96
Update CHANGELOG 2023-02-01 13:25:15 +02:00
boopzz
55361d5ae2
Amended Mattermost class to include the BODY in the message (#785) 
Add last ping body in Mattermost notifications

---------

Co-authored-by: Pēteris Caune <cuu508@gmail.com>
 2023-02-01 13:22:54 +02:00
Pēteris Caune
8fa932470f
Improve the example in docs/attaching_logs.md 2023-02-01 12:11:24 +02:00
Pēteris Caune
73c46a7ac1
Add another example in docs/attaching_logs.md 2023-02-01 12:09:25 +02:00
Pēteris Caune
e995d299b8
Improve hc.lib.s3 tests 2023-02-01 10:25:17 +02:00
Pēteris Caune
3992c0927b
Add handling for ProtocolError exceptions in hc.lib.s3.get_object 2023-02-01 09:31:15 +02:00
Pēteris Caune
091310f34b
Add HiDPI Telegram setup illustrations 2023-01-30 15:37:42 +02:00
Pēteris Caune
114faf1d42
Improve type hints 2023-01-30 13:07:03 +02:00
Pēteris Caune
88325b4d90
Fix mypy warnings 2023-01-30 13:02:00 +02:00
Pēteris Caune
f4bd1d69f2
Fix URL validation to allow hostnames with no TLD 
Fixes: #782
 2023-01-30 11:19:51 +02:00
Pēteris Caune
09593c80d9
Fix a crash in the "createsuperuser" management command 
Fixes: #779
 2023-01-26 09:20:35 +02:00
Pēteris Caune
f406ce8d4d
Improve title 2023-01-25 14:08:31 +02:00
Pēteris Caune
7099305df5
Document exported metrics in Prometheus docs 2023-01-25 13:53:53 +02:00
Pēteris Caune
6c40ff8684
Update package versions 2023-01-24 09:14:20 +02:00
Pēteris Caune
1660e8076c
Remove unused bit 2023-01-24 09:06:02 +02:00
Pēteris Caune
d67144ed3a
Update CHANGELOG for release 2023-01-23 15:01:53 +02:00
Pēteris Caune
737405679f
Fix EmailLoginForm initialization 2023-01-23 14:53:49 +02:00
Pēteris Caune
2cfb37f097
Add rate limiting by client IP in the signup and login views 2023-01-23 14:35:45 +02:00
Pēteris Caune
359edbd270
Fix login and signup views to make email enumeration harder 2023-01-23 13:05:49 +02:00
Pēteris Caune
e8c226220a
Upgrade to django==4.1.5 2023-01-23 13:05:46 +02:00
Pēteris Caune
58c6bd0a86
Create SECURITY.md 
Fixes: #777
 2023-01-21 11:20:19 +02:00
Pēteris Caune
a9b084ec9a
Add "Start Keyword" filtering for inbound emails 
Fixes: #716
 2023-01-16 13:19:35 +02:00
Pēteris Caune
f849c5e1a1
Fix wording in the invite email when inviting read-only users 2023-01-12 10:14:18 +02:00
Pēteris Caune
4716168da2
Fix check transfer between same account's projects when at check limit 2023-01-12 09:46:02 +02:00
Pēteris Caune
a161498e85
Tighten Signal number verification rate limiting 2023-01-11 15:33:04 +02:00
Pēteris Caune
188b261000
Improve the "Send test message!" button 2023-01-11 14:50:01 +02:00
Pēteris Caune
8d06a3e896
Add a "verify number" step in the Signal onboarding flow 2023-01-10 12:54:25 +02:00
Pēteris Caune
39baf36340
Update the bundled dashboard to use api v2 2022-12-22 16:40:16 +02:00