Felix Spöttel
2ea97f0643
Do not log failed login attempts for MissingToken errors
...
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
2020-09-06 13:08:44 +02:00
Felix Spöttel
4791c2fc62
Safeguard against empty mru_token column
...
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
* Currently, this cannot happen but we might not want to store `mru_token` during setup
2020-09-06 13:03:54 +02:00
Felix Spöttel
49c333221a
Use hmac.compare_digest() to compare mru_token
2020-09-06 12:54:45 +02:00
Felix Spöttel
481a333dc0
Address review feedback, thanks @hija
2020-09-04 20:28:15 +02:00
Felix Spöttel
b0df35eba0
conn.close() if mru_token update can't .commit()
2020-09-03 20:39:03 +02:00
Felix Spöttel
08ae3d2b7f
Rename internal validate_two_factor_secret => validate_two_factor_secret
2020-09-03 19:48:54 +02:00
Felix Spöttel
7c4eb0fb70
Add sqlite migration
2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e
Decouple totp from users table by moving to totp_credentials table
...
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7
Update OpenApi docs, rename /2fa/ => /mfa/
2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58
Extract TOTPStrategy class to totp.py
...
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
2020-09-03 11:19:19 +02:00
Felix Spöttel
6594e19a1f
Autofocus otp input when logging in, update layout
2020-09-02 20:30:08 +02:00
Felix Spöttel
8597646a12
Update API route naming, update setup page
...
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
2020-09-02 19:41:06 +02:00
Felix Spöttel
f205c48564
Use pyotp for validating TOTP codes
...
* also implements resynchronisation support via `pyotp`'s `valid_window option
2020-09-02 19:12:15 +02:00
Felix Spöttel
3c3683429b
implement two factor check during login
2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa
add user interface for managing 2fa
...
* update user schema with 2fa columns
2020-09-02 16:48:23 +02:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools ( #1795 )
...
* Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
* Acquire pools with the 'with' statement
2020-08-09 11:42:39 -04:00
Richard Willis
c50170b816
Update "Remove Alias" modal title ( #1800 )
2020-07-29 10:01:20 -04:00
David Duque
5e597bb536
Update deprecated function from dnspython
2020-07-26 01:00:17 +01:00
David Duque
fc0bd12631
Acquire pools with the 'with' statement
2020-07-22 12:42:10 +01:00
David Duque
311e6c63e8
Render the 'Backup now' buttons even if there are already backups
2020-07-21 19:25:48 +01:00
David Duque
a0da88834c
Terminate the status checks process pool before exiting
2020-07-21 19:21:46 +01:00
David Duque
967409b157
Drop requirement for passwords to have no spaces ( #1789 )
2020-07-16 07:23:11 -04:00
David Duque
1b2711fc42
Add 'always' modifier to the HSTS add_header directive ( #1790 )
...
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header )
2020-07-16 07:21:14 -04:00
David Duque
c8fbe2dd5d
Determine the PHP version at runtime (instead of at setup-time)
2020-07-15 15:28:02 +01:00
David Duque
515a74ba11
Render the lsb_release at flask init time
...
Don't change the index.html file at setup time
2020-07-14 11:51:25 +01:00
David Duque
b562e7eefa
Hide the 'Create Backup' buttons when backups are turned off
2020-07-11 15:45:50 +01:00
David Duque
ccf60c7017
Backups: User-initiated and cron-initiated jobs will have the same lockname
...
So that some poor timing (initiating a backup when there's a cron-initiated backup)
doesn't screw everything up.
2020-07-11 09:16:32 +01:00
David Duque
79e2398d71
Fix comment
2020-07-11 08:30:05 +01:00
David Duque
af9ef186b3
Add manual backup option
2020-07-10 15:48:37 +01:00
David Duque
e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses ( #1787 )
2020-07-08 18:26:47 -04:00
David Duque
199c2c50ba
Backups: Fix backup target selector width
2020-07-08 19:32:24 +01:00
David Duque
b98111b4e1
Fix unassigned php version
2020-06-29 09:13:50 +01:00
David Duque
fcb44dafa3
Let's encrypt certbot hotfix
2020-06-27 21:32:36 +01:00
David Duque
022a11e159
Merge remote-tracking branch 'up/master'
2020-06-21 15:52:31 +01:00
David Duque
5d6c23cff9
Finalize php configuration
2020-06-21 15:18:46 +01:00
David Duque
0ccbf1b809
Only spawn a thread pool when strictly needed
...
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
2020-06-21 15:05:17 +01:00
Joshua Tauberer
6fd3195275
Fix MTA-STS policy id so it does not have invalid characters, fixes #1779
2020-06-12 13:09:11 -04:00
David Duque
d01069f7f2
Automatically agree to ToS on SSL provision
2020-06-12 09:27:08 +01:00
Joshua Tauberer
9db2fc7f05
In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag
...
Merges #1432 , more or less.
2020-06-11 12:20:17 -04:00
Joshua Tauberer
e03a6541ce
Don't make autoconfig/autodiscover subdomains and SRV records when the parent domain has no user accounts
...
These subdomains/records are for automatic configuration of mail clients, but if there are no user accounts on a domain, there is no need to publish a DNS record, provision a TLS certificate, or create an nginx server config block.
2020-06-11 12:20:17 -04:00
Vasek Sraier
df9bb263dc
daily_tasks.sh: redirect stderr to stdout ( #1768 )
...
When the management commands fail, they can print something to the standard error output.
The administrator would never notice, because it wouldn't be send to him with the usual emails.
Fixes #1763
2020-06-07 09:56:45 -04:00
Joshua Tauberer
3a4b8da8fd
More for MTA-STS for incoming mail
...
* Create the mta_sts A/AAAA records even if there is no valid TLS certificate because we can't get a TLS certificate if we don't set up the domains.
* Make the policy id in the TXT record stable by using a hash of the policy file so that the DNS record doesn't change every day, which means no nightly notification and also it allows for longer caching by sending MTAs.
2020-05-30 08:04:09 -04:00
Joshua Tauberer
37dad9d4bb
Provision certificates from Let's Encrypt grouped by DNS zone
...
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).
Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.
Fixes #690 .
2020-05-29 15:38:18 -04:00
Joshua Tauberer
b805f8695e
Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain
...
Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly.
2020-05-29 15:38:13 -04:00
Joshua Tauberer
10bedad3a3
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-29 15:36:52 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail ( #1731 )
...
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
David Duque
8ca58798e4
Typo fix
2020-05-28 16:17:10 +01:00
David Duque
235ebe9a4a
Secondary nameservers: Allow IPv6
2020-05-28 15:47:43 +01:00
David Duque
1513655bc4
Make sure that the OS in the admin panel matches the actual system OS
2020-05-17 02:45:35 +01:00
David Duque
ad9979f9c6
Make the Show More link an actual button
2020-04-25 04:26:24 +01:00
David Duque
e75d89113a
Test
2020-04-25 04:17:55 +01:00
David Duque
7984d103a4
Test
2020-04-25 04:13:46 +01:00
David Duque
4309a6a875
Swap show-button order
2020-04-25 03:51:38 +01:00
David Duque
32e42f14fb
Do not apply custom nginx dotfiles to the default webroot
2020-04-24 17:03:13 +01:00
David Duque
d9567c0035
Use proper emojis for status checks
2020-04-24 15:50:01 +01:00
David Duque
372d5d9783
SMTP Relays: Wrap ternary operations correctly
2020-04-21 14:35:51 +01:00
David Duque
2176d59727
Version check will now use the correct endpoint
2020-04-20 23:35:11 +01:00
David Duque
ab9dbdf270
Default conf: don't repeat the upstream php conf
2020-04-20 20:01:19 +01:00
David Duque
502a4d2128
Uhhhh, yeah
2020-04-20 19:38:50 +01:00
David Duque
7ff5a336a6
Always assign default config to primary hostname
2020-04-20 19:35:20 +01:00
David Duque
c401625a01
Don't overwrite
2020-04-20 19:20:26 +01:00
David Duque
5f15c2e53b
Fix some stuff
2020-04-20 19:15:43 +01:00
David Duque
49da79cbd9
Oops (yet again)
2020-04-20 19:06:19 +01:00
David Duque
7f5a939e50
Throw failure reason (web update)
2020-04-20 18:59:02 +01:00
David Duque
3396bdbb22
Use get_web_root instead of raw indexing
2020-04-20 18:54:27 +01:00
David Duque
8c5ff2b523
Screwed up on the path
2020-04-20 18:28:13 +01:00
David Duque
b2c2d61867
Oops
2020-04-20 18:23:45 +01:00
David Duque
72070ee7bd
Create custom nginx files
2020-04-20 18:17:41 +01:00
David Duque
b6342d34d2
Start web templating work
2020-04-20 15:55:05 +01:00
David Duque
9a6a35cadc
Update version display
2020-04-20 00:43:20 +01:00
David Duque
4ed014a50c
Add SMTP Relay status checks
2020-04-18 15:00:51 +01:00
David Duque
ad3a78a300
relayhost, not relay_host, and key, not pass
2020-04-18 11:56:30 +01:00
David Duque
da7fe68daa
pls
2020-04-18 00:38:36 +01:00
David Duque
eee5dbf755
Is this it?
2020-04-18 00:22:10 +01:00
David Duque
8f247e3b70
Import other stuff
2020-04-18 00:13:13 +01:00
David Duque
10e4b79423
Fixing editconf input
2020-04-18 00:00:35 +01:00
David Duque
625eca8ea4
Swap tuple by a list
2020-04-17 23:48:39 +01:00
David Duque
858251045d
Cleanup
2020-04-17 23:39:52 +01:00
David Duque
b9dec64ea1
Merge branch 'master' of github.com:ddavness/mailinabox
2020-04-17 19:54:44 +01:00
David Duque
ca3d794c80
Sanity improvements
2020-04-17 19:54:34 +01:00
David Duque
60294a876d
Allow editconf to be ran
2020-04-17 19:36:04 +01:00
David Duque
02c2657569
Oops
2020-04-17 19:06:19 +01:00
David Duque
df8bacd0ed
Actually edit the files on Postfix's end
2020-04-17 19:05:05 +01:00
David Duque
c653f660bb
Move editconf into management
2020-04-17 18:54:13 +01:00
David Duque
25900758d1
I screwed up badly
2020-04-17 18:09:43 +01:00
David Duque
0e583b9e4f
Booleans are passed as strings
2020-04-17 18:06:16 +01:00
David Duque
6d8e2a5bb9
Cleanup
2020-04-17 10:45:47 +01:00
David Duque
9b6781685a
Move settings away from mailinabox.conf
2020-04-16 22:52:48 +01:00
David Duque
5e080bedb6
Syntax errors.
2020-04-16 22:21:33 +01:00
David Duque
430f6dab38
Actual implementation of the Relay setup daemon
2020-04-16 22:16:02 +01:00
David Duque
7ffc889c08
Bump web dependencies ( #1 )
...
- Bootstrap: 3.3.7 -> 4.4.1
- - New admin panel style and respective corrections applied.
- JQuery: 2.1.4 -> 3.5.0
2020-04-16 19:52:01 +01:00
David Duque
785280c86b
Submission
2020-04-16 17:01:49 +01:00
David Duque
fcf5544fc8
WIP
2020-04-16 14:09:24 +01:00
David Duque
09b3c37885
Oops
2020-04-16 14:04:45 +01:00
David Duque
bf83bd6ff7
MiaB SMTP Daemon: Just return something for now
2020-04-16 12:56:27 +01:00
David Duque
03472788fd
WIP
2020-04-16 12:45:55 +01:00
David Duque
7b60c0850c
Merge remote-tracking branch 'up/master'
2020-04-15 18:03:50 +01:00
David Duque
68768ed112
Fix attempt
2020-04-15 18:01:33 +01:00
David Duque
21196620b6
Code debug
2020-04-15 15:02:20 +01:00
David Duque
bb26a2d12c
Push script zone to the end of the document
2020-04-14 10:08:11 +01:00