external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-30 18:50:53 +00:00
Code Issues Releases Wiki Activity
1,821 Commits 6 Branches 87 Tags 45 MiB
26932ecb10
Commit Graph

19 Commits

Author SHA1 Message Date
Joshua Tauberer
26932ecb10 Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load 
Fixes #2014
 2021-09-06 09:23:58 -04:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process 
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
 2021-09-06 09:23:58 -04:00
NewbieOrange
21ad26e452
Disable auto-complete for 2FA code in the control panel login form (#2013) 2021-07-28 16:39:40 -04:00
Joshua Tauberer
ac9ecc3bd3 Rename tools/mail.py to management/cli.py 2020-10-29 15:41:54 -04:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Felix Spöttel
dcb93d071c Add TOTP secret to user_key hash 
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
 2020-09-12 16:34:06 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
6594e19a1f Autofocus otp input when logging in, update layout 2020-09-02 20:30:08 +02:00
Felix Spöttel
3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Michael Heuberger
0d4c693792 Add missing login form method to keep LastPass happy (#1565) 2019-05-12 05:10:34 -07:00
yodax
b8e99c30a2 When previous panel was login, move to system_status 2016-02-20 18:42:28 +01:00
Richard Willis
f26c0b71d2 Focus on fields in the login form 
This just makes life a little easier...

Squashed the following commits:

* Use $.trim() for better browser support
 2015-08-27 22:17:13 +02:00
Joshua Tauberer
2f8866ef32 if there are no users at all the warning on the control panel login screen was incorrect 2015-04-28 07:17:21 -04:00
Joshua Tauberer
1039a08be6 /admin login now issues a user-specific key for future calls (rather than providing the system-wide API key or passing the password on each request) 2015-01-31 20:42:43 +00:00
Joshua Tauberer
023b38df50 split management daemon authorization from authentication and use 'doveadm pw' rather than 'doveadm auth test' so that it is decoupled from dovecot's login mechanism 
This was done to pave the way for two-factor authentication, but that's still a ways off.
 2015-01-31 20:41:41 +00:00
Joshua Tauberer
1adb1d8307 admin: there is no need to make each panel a separate bootstrap container 
* also fixes the footer alignment to be within a container rather than a container-fluid
* this changed the width of the login form slightly, so am cleaning that up too

see #244
 2014-10-21 11:17:28 +00:00
Joshua Tauberer
2f952a7915 delay an ajax call to see if this fixes the problem of the loading indicator not going away after showing the user a panel after login 2014-10-11 17:06:22 +00:00
Joshua Tauberer
9b8d85de45 if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00
Joshua Tauberer
b30d7ad80a web-based administrative UI 
closes #19
 2014-08-17 22:46:06 +00:00