downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							5deb88ab60 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh 
						
					 
					
						2020-09-29 22:20:15 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ada2167d08 
							
						 
					 
					
						
						
							
							Only update mru_token for matched mfa row  
						
						
						
					 
					
						2020-09-29 20:05:58 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							be5032ffbe 
							
						 
					 
					
						
						
							
							Don't expose mru_token and secret for enabled mfas over HTTP  
						
						
						
					 
					
						2020-09-29 19:46:02 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							00b3a3b0a9 
							
						 
					 
					
						
						
							
							Remove unique key constraint on foreign key user_id in mfa table  
						
						
						
					 
					
						2020-09-29 19:39:40 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							e2dea39e5b 
							
						 
					 
					
						
						
							
							Advance the x-ordered counter  
						
						
						
					 
					
						2020-09-29 08:55:32 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							75fb6d2a5d 
							
						 
					 
					
						
						
							
							Rename a function  
						
						
						
					 
					
						2020-09-29 08:55:04 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							18d9cd99ea 
							
						 
					 
					
						
						
							
							Restart management daemon in case it was already started  
						
						
						
					 
					
						2020-09-29 08:54:16 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							2bdcbc9b6c 
							
						 
					 
					
						
						
							
							Run upgrade tests before default ones  
						
						
						
					 
					
						2020-09-29 08:52:33 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							37777ae904 
							
						 
					 
					
						
						
							
							Add a vagrant vanilla install with port forwarding  
						
						
						
					 
					
						2020-09-29 08:33:57 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							042e8b4a56 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						
						
					 
					
						2020-09-28 23:25:29 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							00fc94d3c1 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh 
						
					 
					
						2020-09-28 23:25:16 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							6d82c0035a 
							
						 
					 
					
						
						
							
							Update openAPI docs  
						
						
						
					 
					
						2020-09-28 21:27:24 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							4dced10a3f 
							
						 
					 
					
						
						
							
							Fix handling of bad input when enabling mfa  
						
						
						
					 
					
						2020-09-28 21:06:59 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b80f225691 
							
						 
					 
					
						
						
							
							Reorganize MFA front-end and add label column  
						
						
						
					 
					
						2020-09-27 08:31:23 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a8ea456b49 
							
						 
					 
					
						
						
							
							Reorganize the MFA backend methods  
						
						
						
					 
					
						2020-09-26 09:58:25 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							cf888d3f30 
							
						 
					 
					
						
						
							
							Set miab-ldap migration version during first-time setup  
						
						
						
					 
					
						2020-09-16 09:39:49 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							7c29628530 
							
						 
					 
					
						
						
							
							Separate miab and miab-ldap migrations  
						
						... 
						
						
						
						Add tests for migrating from miab w/totp (migration 13) to miab-ldap 
						
					 
					
						2020-09-16 09:00:27 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							b3e789a4e2 
							
						 
					 
					
						
						
							
							Migrate TOTP secrets  
						
						
						
					 
					
						2020-09-15 07:51:27 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							b6ba3a054c 
							
						 
					 
					
						
						
							
							Fix regexp: \d => [0-9]  
						
						
						
					 
					
						2020-09-12 20:07:50 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							d68a89af61 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/mailconfig.py 
						
					 
					
						2020-09-12 19:44:22 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							7d6427904f 
							
						 
					 
					
						
						
							
							Typo  
						
						
						
					 
					
						2020-09-12 16:38:44 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb93d071c 
							
						 
					 
					
						
						
							
							Add TOTP secret to user_key hash  
						
						... 
						
						
						
						thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code` 
						
					 
					
						2020-09-12 16:34:06 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							14b6ab4262 
							
						 
					 
					
						
						
							
							Add a simple command-line "authenticator app" for testing  
						
						
						
					 
					
						2020-09-10 18:20:31 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							752da93a37 
							
						 
					 
					
						
						
							
							Refactor: move code for obtaining totp tokens to tests/lib/totp.sh  
						
						
						
					 
					
						2020-09-10 18:19:29 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							c0431474c9 
							
						 
					 
					
						
						
							
							Detect warning ahead of errors  
						
						
						
					 
					
						2020-09-10 17:50:06 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							445cd812e6 
							
						 
					 
					
						
						
							
							Check system logs for errors  
						
						
						
					 
					
						2020-09-10 17:07:33 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							c6816d5641 
							
						 
					 
					
						
						
							
							Fix comment  
						
						
						
					 
					
						2020-09-10 17:05:56 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							ba85b6fd7b 
							
						 
					 
					
						
						
							
							Ignore named connection reset error and reduce reported slapd log output  
						
						
						
					 
					
						2020-09-10 16:35:19 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							5852a7aabb 
							
						 
					 
					
						
						
							
							Add QA tests for TOTP  
						
						
						
					 
					
						2020-09-10 15:24:47 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							24ae913d68 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py 
						
					 
					
						2020-09-10 15:23:27 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							b10f82152a 
							
						 
					 
					
						
						
							
							Add message regarding errors during roundcube carddav refresh  
						
						
						
					 
					
						2020-09-06 09:26:42 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea97f0643 
							
						 
					 
					
						
						
							
							Do not log failed login attempts for MissingToken errors  
						
						... 
						
						
						
						* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point. 
						
					 
					
						2020-09-06 13:08:44 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							4791c2fc62 
							
						 
					 
					
						
						
							
							Safeguard against empty mru_token column  
						
						... 
						
						
						
						* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup 
						
					 
					
						2020-09-06 13:03:54 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							49c333221a 
							
						 
					 
					
						
						
							
							Use hmac.compare_digest() to compare mru_token  
						
						
						
					 
					
						2020-09-06 12:54:45 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							481a333dc0 
							
						 
					 
					
						
						
							
							Address review feedback, thanks @hija  
						
						
						
					 
					
						2020-09-04 20:28:15 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							b0df35eba0 
							
						 
					 
					
						
						
							
							conn.close() if mru_token update can't .commit()  
						
						
						
					 
					
						2020-09-03 20:39:03 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							08ae3d2b7f 
							
						 
					 
					
						
						
							
							Rename internal validate_two_factor_secret => validate_two_factor_secret  
						
						
						
					 
					
						2020-09-03 19:48:54 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4eb0fb70 
							
						 
					 
					
						
						
							
							Add sqlite migration  
						
						
						
					 
					
						2020-09-03 19:39:29 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ee01eae55e 
							
						 
					 
					
						
						
							
							Decouple totp from users table by moving to totp_credentials table  
						
						... 
						
						
						
						* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level 
						
					 
					
						2020-09-03 19:07:21 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							89b301afc7 
							
						 
					 
					
						
						
							
							Update OpenApi docs, rename /2fa/ => /mfa/  
						
						
						
					 
					
						2020-09-03 13:54:28 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ce70f44c58 
							
						 
					 
					
						
						
							
							Extract TOTPStrategy class to totp.py  
						
						... 
						
						
						
						* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1` 
						
					 
					
						2020-09-03 11:19:19 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							6594e19a1f 
							
						 
					 
					
						
						
							
							Autofocus otp input when logging in, update layout  
						
						
						
					 
					
						2020-09-02 20:30:08 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							8597646a12 
							
						 
					 
					
						
						
							
							Update API route naming, update setup page  
						
						... 
						
						
						
						* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types 
						
					 
					
						2020-09-02 19:41:06 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							f205c48564 
							
						 
					 
					
						
						
							
							Use pyotp for validating TOTP codes  
						
						... 
						
						
						
						* also implements resynchronisation support via `pyotp`'s `valid_window option 
						
					 
					
						2020-09-02 19:12:15 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							3c3683429b 
							
						 
					 
					
						
						
							
							implement two factor check during login  
						
						
						
					 
					
						2020-09-02 17:23:32 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							a7a66929aa 
							
						 
					 
					
						
						
							
							add user interface for managing 2fa  
						
						... 
						
						
						
						* update user schema with 2fa columns 
						
					 
					
						2020-09-02 16:48:23 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							caf90702cc 
							
						 
					 
					
						
						
							
							Wording changes  
						
						
						
					 
					
						2020-08-29 06:57:33 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							da7468a6b3 
							
						 
					 
					
						
						
							
							Fix unbound variable  
						
						
						
					 
					
						2020-08-28 18:14:14 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							f49590d52a 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						... 
						
						
						
						# Conflicts:
#	README.md 
						
					 
					
						2020-08-26 16:17:28 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							0d72566c99 
							
						 
					 
					
						
						
							
							Merge v0.48 point release branch  
						
						
						
					 
					
						2020-08-26 14:11:56 -04:00