external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-10 16:47:24 +01:00
Code Issues Releases Wiki Activity

Replace HMAC-based session API keys with tokens stored in memory in the daemon process

Browse Source 
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
This commit is contained in:
Joshua Tauberer
2021-08-22 16:07:16 -04:00
parent 53ec0f39cb
commit e884c4774f
7 changed files with 149 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
management/templates/login.html
View File

@@ -105,8 +105,8 @@ function do_login() {
api_credentials = [$('#loginEmail').val(), $('#loginPassword').val()]
api(
"/me",
"GET",
"/login",
"POST",
{},
function(response) {
// This API call always succeeds. It returns a JSON object indicating