f98afac6df
if you make an API call with a user-specific API key (e.g. from control panel) but your account no longer exists on the system, there was an unhandled error
...
see 1039a08be6
2015-04-28 07:17:21 -04:00
1039a08be6
/admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request)
2015-01-31 20:42:43 +00:00
023b38df50
split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism
...
This was done to pave the way for two-factor authentication, but that's still a ways off.
2015-01-31 20:41:41 +00:00
b30d7ad80a
web-based administrative UI
...
closes #19
2014-08-17 22:46:06 +00:00
f41ec93cbe
management: dont raise an exception on a poorly formatted authentication header
2014-08-17 11:50:05 -04:00
9e63ec62fb
Cleanup: remove env dependency
2014-06-22 08:55:19 -04:00
d100a790a0
Remove API_KEY_FILE setting
2014-06-22 08:45:29 -04:00
067052d4ea
Add key-based authentication to management service
...
Intended to be the simplest auth possible: every time the service
starts, a random key is written to `/var/lib/mailinabox/api.key`. In
order to authenticate to the service, the client must pass the contents
of `api.key` in an HTTP basic auth header. In this way, users who do not
have read access to that file are not able to communicate with the
service.
2014-06-21 23:42:48 +00:00
Joshua Tauberer
Michael Kropat