Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							79966e36e3 
							
						 
					 
					
						
						
							
							Set a cookie for /admin/munin pages to grant access to Munin reports  
						
						... 
						
						
						
						The /admin/munin routes used the same Authorization: header logic as the other API routes, but they are browsed directly in the browser because they are handled as static pages or as a proxy to a CGI script.
This required users to enter their email username/password for HTTP basic authentication in the standard browser auth prompt, which wasn't ideal (and may leak the password in browser storage). It also stopped working when MFA was enabled for user accounts.
A token is now set in a cookie when visiting /admin/munin which is then checked in the routes that proxy the Munin pages. The cookie's lifetime is kept limited to limit the opportunity for any unknown CSRF attacks via the Munin CGI script. 
						
					 
					
						2021-09-24 08:11:36 -04:00 
						 
				 
			
				
					
						
							
							
								Elsie Hupp 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							353084ce67 
							
						 
					 
					
						
						
							
							Use "smart invert" for dark mode ( #2038 )  
						
						... 
						
						
						
						* Use "smart invert" for dark mode
Signed-off-by: Elsie Hupp <9206310+elsiehupp@users.noreply.github.com>
* Add more contrast to form controls
Co-authored-by: Joshua Tauberer <jt@occams.info> 
						
					 
					
						2021-09-19 09:53:03 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e5909a6287 
							
						 
					 
					
						
						
							
							Allow non-admin login to the control panel and show/hide menu items depending on the login state  
						
						... 
						
						
						
						* When logged out, no menu items are shown.
* When logged in, Log Out is shown.
* When logged in as an admin, the remaining menu items are also shown.
* When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown.
Fixes  #1987  
						
					 
					
						2021-09-06 09:23:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							26932ecb10 
							
						 
					 
					
						
						
							
							Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load  
						
						... 
						
						
						
						Fixes  #2014  
					
						2021-09-06 09:23:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							e884c4774f 
							
						 
					 
					
						
						
							
							Replace HMAC-based session API keys with tokens stored in memory in the daemon process  
						
						... 
						
						
						
						Since the session cache clears keys after a period of time, this fixes  #1821 .
Based on https://github.com/mail-in-a-box/mailinabox/pull/2012 , and so:
Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>
Also fixes  #2029  by not revealing through the login failure error message whether a user exists or not. 
						
					 
					
						2021-09-06 09:23:58 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b80f225691 
							
						 
					 
					
						
						
							
							Reorganize MFA front-end and add label column  
						
						
						
					 
					
						2020-09-27 08:31:23 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb93d071c 
							
						 
					 
					
						
						
							
							Add TOTP secret to user_key hash  
						
						... 
						
						
						
						thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code` 
						
					 
					
						2020-09-12 16:34:06 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ee01eae55e 
							
						 
					 
					
						
						
							
							Decouple totp from users table by moving to totp_credentials table  
						
						... 
						
						
						
						* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level 
						
					 
					
						2020-09-03 19:07:21 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							8597646a12 
							
						 
					 
					
						
						
							
							Update API route naming, update setup page  
						
						... 
						
						
						
						* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types 
						
					 
					
						2020-09-02 19:41:06 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							3c3683429b 
							
						 
					 
					
						
						
							
							implement two factor check during login  
						
						
						
					 
					
						2020-09-02 17:23:32 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							a7a66929aa 
							
						 
					 
					
						
						
							
							add user interface for managing 2fa  
						
						... 
						
						
						
						* update user schema with 2fa columns 
						
					 
					
						2020-09-02 16:48:23 +02:00 
						 
				 
			
				
					
						
							
							
								Marius Blüm 
							
						 
					 
					
						
						
						
						
							
						
						
							48ff664ee9 
							
						 
					 
					
						
						
							
							Remove the ? from "Log out" ( #1231 )  
						
						... 
						
						
						
						Signed-off-by: Marius Blüm <marius@lineone.io> 
						
					 
					
						2017-08-23 19:46:45 -04:00 
						 
				 
			
				
					
						
							
							
								Michael Kroes 
							
						 
					 
					
						
						
						
						
							
						
						
							e49c99890b 
							
						 
					 
					
						
						
							
							fetch whole bootstrap - fixes missing icons in admin ( #1185 )  
						
						
						
					 
					
						2017-05-31 07:36:17 -04:00 
						 
				 
			
				
					
						
							
							
								Git Repository 
							
						 
					 
					
						
						
						
						
							
						
						
							18f1689f45 
							
						 
					 
					
						
						
							
							changed the location we store the web-assets for the admin pages to /usr/local/mailinabox ( #1179 )  
						
						
						
					 
					
						2017-05-23 19:22:53 -04:00 
						 
				 
			
				
					
						
							
							
								Git Repository 
							
						 
					 
					
						
						
						
						
							
						
						
							8234a5a9f4 
							
						 
					 
					
						
						
							
							download jQuery and Bootstrap during setup and serve locally so that we don't rely on a CDN which is blocked in some parts of the world ( #1167 ) ( #1171 )  
						
						
						
					 
					
						2017-05-08 07:25:16 -04:00 
						 
				 
			
				
					
						
							
							
								Marius Blüm 
							
						 
					 
					
						
						
						
						
							
						
						
							942bcfc7c5 
							
						 
					 
					
						
						
							
							Update Bootstrap to 3.3.7 ( #909 )  
						
						... 
						
						
						
						Signed-off-by: Marius Blüm <marius@lineone.io> 
						
					 
					
						2016-08-15 18:06:12 -04:00 
						 
				 
			
				
					
						
							
							
								Arnaud 
							
						 
					 
					
						
						
						
						
							
						
						
							ff7d4196a6 
							
						 
					 
					
						
						
							
							target to blank for munin link in tempalte ( #822 )  
						
						... 
						
						
						
						adding :
target="_blank"
to 
<li><a href="/admin/munin">Munin Monitoring</a></li> on line 96
Why ?
Because when you click on munin link, and follow links, you lose your index, or click back many times...
So i propose my pull request.
Et voilà ^^ 
						
					 
					
						2016-05-17 19:46:45 -04:00 
						 
				 
			
				
					
						
							
							
								aspdye 
							
						 
					 
					
						
						
						
						
							
						
						
							f65d9d3196 
							
						 
					 
					
						
						
							
							Upgrade Bootstrap 3.3.5 to 3.3.6  
						
						
						
					 
					
						2016-04-09 13:27:27 +02:00 
						 
				 
			
				
					
						
							
							
								Jeroen Jacobs 
							
						 
					 
					
						
						
						
						
							
						
						
							70111dafbc 
							
						 
					 
					
						
						
							
							Removes border and rounded corners from navbar  
						
						
						
					 
					
						2016-01-14 15:48:39 +01:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							4b4f670adf 
							
						 
					 
					
						
						
							
							s/SSL/TLS/ in user-visible text throughout the project  
						
						
						
					 
					
						2016-01-04 18:43:16 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6c8ee1862a 
							
						 
					 
					
						
						
							
							use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts);  fixes   #234  
						
						
						
					 
					
						2015-09-18 19:04:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							75a75a6f84 
							
						 
					 
					
						
						
							
							admin: rename my ajax javascript function to ajax_with_indicator; see  79c57c2303 
						
						
						
					 
					
						2015-09-04 18:40:56 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2e99589336 
							
						 
					 
					
						
						
							
							admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top)  
						
						
						
					 
					
						2015-09-04 22:21:10 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							188b21dd36 
							
						 
					 
					
						
						
							
							bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin  
						
						
						
					 
					
						2015-09-04 22:13:56 +00:00 
						 
				 
			
				
					
						
							
							
								Norman Stanke 
							
						 
					 
					
						
						
						
						
							
						
						
							1a525df8ad 
							
						 
					 
					
						
						
							
							Add Mail-in-a-Box version status check.  
						
						
						
					 
					
						2015-08-28 11:55:21 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							7527b4dc27 
							
						 
					 
					
						
						
							
							show the Mail-in-a-Box version in the control panel and a button to ping the MiaB website for the latest version  
						
						... 
						
						
						
						fixes  #441  
					
						2015-06-25 13:43:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1990f32ca4 
							
						 
					 
					
						
						
							
							typo,  fixes   #435  
						
						
						
					 
					
						2015-06-06 13:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9857db96cd 
							
						 
					 
					
						
						
							
							add a link to the /admin/munin page from the control panel nav bar  
						
						
						
					 
					
						2015-06-06 12:52:16 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1e9c587b92 
							
						 
					 
					
						
						
							
							rewrite the DNS API to permit setting multiple records of the same type on the same domain  
						
						... 
						
						
						
						e.g. multiple TXT records
fixes  #333  
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							542877ee46 
							
						 
					 
					
						
						
							
							use the font-awesome .fa-spinner.fa-pulse classes for the AJAX loading indicator, rather than the static glyphicon-time icon  
						
						
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f1760b516d 
							
						 
					 
					
						
						
							
							control panel: sometimes the ajax loading modal would show after operations were already done  
						
						... 
						
						
						
						Needed to add the clearQueue flag to jQuery's stop() method 
						
					 
					
						2015-05-03 13:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							35f4a49d10 
							
						 
					 
					
						
						
							
							my html5 stub was wrong;  8c3aed2846 
						
						
						
					 
					
						2015-04-19 13:21:38 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							8c3aed2846 
							
						 
					 
					
						
						
							
							update the control panel html template to my latest html5 stub  
						
						... 
						
						
						
						jquery 1.11.1, bootstrap 3.3.0, better accessibility, see https://github.com/JoshData/html5-stub  
						
					 
					
						2015-04-11 15:40:19 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							ec039719de 
							
						 
					 
					
						
						
							
							prevent caching of ajax responses in the control panel  
						
						... 
						
						
						
						GET requests might be cached. Definitely happens on Internet Explorer. Makes it look like the user is getting unauthorized access.
See https://discourse.mailinabox.email/t/fresh-install-can-login-to-webmail-but-not-admin/394/4 . 
						
					 
					
						2015-03-31 14:52:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							2b76fd299e 
							
						 
					 
					
						
						
							
							admin: ensure multiple concurrent api calls dont confuse the ajax loading indicator (track number of open requets, stop fade animation when it is time to hide)  
						
						
						
					 
					
						2014-12-21 22:47:11 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							90592bb157 
							
						 
					 
					
						
						
							
							add a control panel for setting custom dns records so that we dont have to use the api manually  
						
						
						
					 
					
						2014-12-21 11:31:24 -05:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							47dd59c2a7 
							
						 
					 
					
						
						
							
							admin mail guide: use bootstrap .panel to style the tips  
						
						... 
						
						
						
						also give more space for the login settings and less space to the tips 
						
					 
					
						2014-10-21 11:17:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							cce1184090 
							
						 
					 
					
						
						
							
							admin: change the css class name around the panels to not invoke the bootstrap 'panel' css  
						
						
						
					 
					
						2014-10-21 11:17:49 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							1adb1d8307 
							
						 
					 
					
						
						
							
							admin: there is no need to make each panel a separate bootstrap container  
						
						... 
						
						
						
						* also fixes the footer alignment to be within a container rather than a container-fluid
* this changed the width of the login form slightly, so am cleaning that up too
see #244  
						
					 
					
						2014-10-21 11:17:28 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							82851d6d2d 
							
						 
					 
					
						
						
							
							suppress "Something went wrong, sorry." when the management daemon's api key has changed  
						
						
						
					 
					
						2014-10-11 17:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							17331e7d82 
							
						 
					 
					
						
						
							
							adding a really slick ssl certificate installation form in the control panel  
						
						
						
					 
					
						2014-10-10 15:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							6ab29c3244 
							
						 
					 
					
						
						
							
							add instructions for static web hosting into the control panel  
						
						
						
					 
					
						2014-10-07 16:05:42 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							9210ebdb9f 
							
						 
					 
					
						
						
							
							control panel tweaks  
						
						
						
					 
					
						2014-10-07 15:12:35 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							092c842a87 
							
						 
					 
					
						
						
							
							split external/custom dns into separate pages in the admin  
						
						
						
					 
					
						2014-10-05 13:38:23 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							c2ddabe683 
							
						 
					 
					
						
						
							
							fix ajax loading indicator positioning  
						
						
						
					 
					
						2014-09-21 17:41:46 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							846768efcb 
							
						 
					 
					
						
						
							
							admin: update user's password from the admin  
						
						
						
					 
					
						2014-09-21 17:24:01 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							f77f1e656c 
							
						 
					 
					
						
						
							
							split CardDAV instrctions into a new page and add CalDAV instructions; create nice redirects at /cloud/calendar and /cloud/contacts  
						
						
						
					 
					
						2014-09-03 10:51:19 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							3853e8dd93 
							
						 
					 
					
						
						
							
							show the status of backups in the control panel  
						
						
						
					 
					
						2014-09-01 13:06:53 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							684d9b3c70 
							
						 
					 
					
						
						
							
							prettify the custom DNS docs  
						
						
						
					 
					
						2014-08-27 12:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b76cbae5a0 
							
						 
					 
					
						
						
							
							document the DNS API in the control panel  
						
						... 
						
						
						
						see #140 , #155 , df20d447a9 
						
					 
					
						2014-08-25 23:52:41 +00:00