external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Code Issues Releases Wiki Activity
1,933 Commits 6 Branches 85 Tags 43 MiB
100acb119b
Commit Graph

644 Commits

Author SHA1 Message Date
downtownallday
100acb119b Add a totpMruTokenTime value to record the time when the mru token was used 
Use the totpMruTokenTime as the id to uniquely identify a totp entry
 2020-09-30 11:00:58 -04:00
downtownallday
a5ebd07549 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/mfa.py
 2020-09-30 09:05:03 -04:00
Felix Spöttel
1f0e493b8c Exclude mru_token in user key hash 2020-09-30 12:34:26 +02:00
downtownallday
5deb88ab60 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh
 2020-09-29 22:20:15 -04:00
Felix Spöttel
ada2167d08 Only update mru_token for matched mfa row 2020-09-29 20:05:58 +02:00
Felix Spöttel
be5032ffbe Don't expose mru_token and secret for enabled mfas over HTTP 2020-09-29 19:46:02 +02:00
downtownallday
75fb6d2a5d Rename a function 2020-09-29 08:55:04 -04:00
downtownallday
042e8b4a56 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 2020-09-28 23:25:29 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
 2020-09-28 23:25:16 -04:00
Felix Spöttel
4dced10a3f Fix handling of bad input when enabling mfa 2020-09-28 21:06:59 +02:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Joshua Tauberer
a8ea456b49 Reorganize the MFA backend methods 2020-09-26 09:58:25 -04:00
downtownallday
d68a89af61 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/mailconfig.py
 2020-09-12 19:44:22 -04:00
Felix Spöttel
7d6427904f Typo 2020-09-12 16:38:44 +02:00
Felix Spöttel
dcb93d071c Add TOTP secret to user_key hash 
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
 2020-09-12 16:34:06 +02:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
 2020-09-10 15:23:27 -04:00
Felix Spöttel
2ea97f0643 Do not log failed login attempts for MissingToken errors 
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
 2020-09-06 13:08:44 +02:00
Felix Spöttel
4791c2fc62 Safeguard against empty mru_token column 
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup
 2020-09-06 13:03:54 +02:00
Felix Spöttel
49c333221a Use hmac.compare_digest() to compare mru_token 2020-09-06 12:54:45 +02:00
Felix Spöttel
481a333dc0 Address review feedback, thanks @hija 2020-09-04 20:28:15 +02:00
Felix Spöttel
b0df35eba0 conn.close() if mru_token update can't .commit() 2020-09-03 20:39:03 +02:00
Felix Spöttel
08ae3d2b7f Rename internal validate_two_factor_secret => validate_two_factor_secret 2020-09-03 19:48:54 +02:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58 Extract TOTPStrategy class to totp.py 
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
 2020-09-03 11:19:19 +02:00
Felix Spöttel
6594e19a1f Autofocus otp input when logging in, update layout 2020-09-02 20:30:08 +02:00
Felix Spöttel
8597646a12 Update API route naming, update setup page 
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
 2020-09-02 19:41:06 +02:00
Felix Spöttel
f205c48564 Use pyotp for validating TOTP codes 
* also implements resynchronisation support via `pyotp`'s `valid_window option
 2020-09-02 19:12:15 +02:00
Felix Spöttel
3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa 
* update user schema with 2fa columns
 2020-09-02 16:48:23 +02:00
downtownallday
caf90702cc Wording changes 2020-08-29 06:57:33 -04:00
downtownallday
191b575ab2 Add a display name for users, saved as 'cn' in LDAP 2020-08-25 16:33:06 -04:00
downtownallday
1fb9316904 spaces -> tabs 2020-08-25 12:21:11 -04:00
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
downtownallday
d0d12fbc1c Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-08-09 12:13:31 -04:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools (#1795) 
* Only spawn a thread pool when strictly needed

For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.

* Acquire pools with the 'with' statement
 2020-08-09 11:42:39 -04:00
downtownallday
ac35bdc544 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-29 10:34:47 -04:00
Richard Willis
c50170b816
Update "Remove Alias" modal title (#1800) 2020-07-29 10:01:20 -04:00
downtownallday
ccb0421729 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-16 07:57:09 -04:00
David Duque
967409b157
Drop requirement for passwords to have no spaces (#1789) 2020-07-16 07:23:11 -04:00
David Duque
1b2711fc42
Add 'always' modifier to the HSTS add_header directive (#1790) 
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header)
 2020-07-16 07:21:14 -04:00
downtownallday
c866b4d0fa Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-08 19:36:15 -04:00
David Duque
e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses (#1787) 2020-07-08 18:26:47 -04:00
downtownallday
5f008d91b8 Ignore alias domains that have no forward-to because we don't accept mail locally for the alias 2020-06-15 12:26:12 -04:00
downtownallday
77145e2f38 Fix server error on non-change: 
"ldap3.core.exceptions.LDAPChangeError: no changes in modify request"
 2020-06-15 12:24:03 -04:00
downtownallday
979c36b8c1 Merge branch 'qa-upgrade' 2020-06-14 18:38:42 -04:00
downtownallday
b0090edd52 Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite 2020-06-14 13:51:00 -04:00
downtownallday
49920ee332 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-06-13 06:30:55 -04:00
Joshua Tauberer
6fd3195275 Fix MTA-STS policy id so it does not have invalid characters, fixes #1779 2020-06-12 13:09:11 -04:00