external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-04 00:17:06 +00:00
Code Issues Releases Wiki Activity
1,922 Commits 6 Branches 85 Tags 43 MiB
37777ae904
Commit Graph

1922 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
downtownallday
37777ae904 Add a vagrant vanilla install with port forwarding 2020-09-29 08:33:57 -04:00
downtownallday
042e8b4a56 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 2020-09-28 23:25:29 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
 2020-09-28 23:25:16 -04:00
Felix Spöttel
6d82c0035a Update openAPI docs 2020-09-28 21:27:24 +02:00
Felix Spöttel
4dced10a3f Fix handling of bad input when enabling mfa 2020-09-28 21:06:59 +02:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Joshua Tauberer
a8ea456b49 Reorganize the MFA backend methods 2020-09-26 09:58:25 -04:00
downtownallday
cf888d3f30 Set miab-ldap migration version during first-time setup 2020-09-16 09:39:49 -04:00
downtownallday
7c29628530 Separate miab and miab-ldap migrations 
Add tests for migrating from miab w/totp (migration 13) to miab-ldap
 2020-09-16 09:00:27 -04:00
downtownallday
b3e789a4e2 Migrate TOTP secrets 2020-09-15 07:51:27 -04:00
downtownallday
b6ba3a054c Fix regexp: \d => [0-9] 2020-09-12 20:07:50 -04:00
downtownallday
d68a89af61 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/mailconfig.py
 2020-09-12 19:44:22 -04:00
Felix Spöttel
7d6427904f Typo 2020-09-12 16:38:44 +02:00
Felix Spöttel
dcb93d071c Add TOTP secret to user_key hash 
thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`
 2020-09-12 16:34:06 +02:00
downtownallday
14b6ab4262 Add a simple command-line "authenticator app" for testing 2020-09-10 18:20:31 -04:00
downtownallday
752da93a37 Refactor: move code for obtaining totp tokens to tests/lib/totp.sh 2020-09-10 18:19:29 -04:00
downtownallday
c0431474c9 Detect warning ahead of errors 2020-09-10 17:50:06 -04:00
downtownallday
445cd812e6 Check system logs for errors 2020-09-10 17:07:33 -04:00
downtownallday
c6816d5641 Fix comment 2020-09-10 17:05:56 -04:00
downtownallday
ba85b6fd7b Ignore named connection reset error and reduce reported slapd log output 2020-09-10 16:35:19 -04:00
downtownallday
5852a7aabb Add QA tests for TOTP 2020-09-10 15:24:47 -04:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
 2020-09-10 15:23:27 -04:00
downtownallday
b10f82152a Add message regarding errors during roundcube carddav refresh 2020-09-06 09:26:42 -04:00
Felix Spöttel
2ea97f0643 Do not log failed login attempts for MissingToken errors 
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
 2020-09-06 13:08:44 +02:00
Felix Spöttel
4791c2fc62 Safeguard against empty mru_token column 
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup
 2020-09-06 13:03:54 +02:00
Felix Spöttel
49c333221a Use hmac.compare_digest() to compare mru_token 2020-09-06 12:54:45 +02:00
Felix Spöttel
481a333dc0 Address review feedback, thanks @hija 2020-09-04 20:28:15 +02:00
Felix Spöttel
b0df35eba0 conn.close() if mru_token update can't .commit() 2020-09-03 20:39:03 +02:00
Felix Spöttel
08ae3d2b7f Rename internal validate_two_factor_secret => validate_two_factor_secret 2020-09-03 19:48:54 +02:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58 Extract TOTPStrategy class to totp.py 
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
 2020-09-03 11:19:19 +02:00
Felix Spöttel
6594e19a1f Autofocus otp input when logging in, update layout 2020-09-02 20:30:08 +02:00
Felix Spöttel
8597646a12 Update API route naming, update setup page 
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
 2020-09-02 19:41:06 +02:00
Felix Spöttel
f205c48564 Use pyotp for validating TOTP codes 
* also implements resynchronisation support via `pyotp`'s `valid_window option
 2020-09-02 19:12:15 +02:00
Felix Spöttel
3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa 
* update user schema with 2fa columns
 2020-09-02 16:48:23 +02:00
downtownallday
caf90702cc Wording changes 2020-08-29 06:57:33 -04:00
downtownallday
da7468a6b3 Fix unbound variable 2020-08-28 18:14:14 -04:00
downtownallday
f49590d52a Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	README.md
 2020-08-26 16:17:28 -04:00
Joshua Tauberer
0d72566c99 Merge v0.48 point release branch 2020-08-26 14:11:56 -04:00
Joshua Tauberer
62db58eaaf v0.48 2020-08-26 14:11:01 -04:00
Joshua Tauberer
891de8d6c3 Upgrade Roundcube to 1.4.8 
Merges #1809
 2020-08-26 14:10:04 -04:00
Downtown Allday
52aa77f624
Merge pull request #2 from downtownallday/user-displayname 
Add a display name field to user accounts
 2020-08-25 17:11:06 -04:00
downtownallday
07d83d1e5c Make installed state comparisons ignore new user and alias attributes when comparing MiaB to MiaB-LDAP 2020-08-25 16:36:01 -04:00
downtownallday
5eb008cae9 Skip system updates if SKIP_SYSTEM_UPDATE environment variable is set to "1" 2020-08-25 16:34:56 -04:00
downtownallday
2b2856b517 Fix wording 2020-08-25 16:33:20 -04:00
downtownallday
191b575ab2 Add a display name for users, saved as 'cn' in LDAP 2020-08-25 16:33:06 -04:00
downtownallday
05f4164793 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-08-25 12:37:37 -04:00