Commit Graph

77 Commits

Author SHA1 Message Date
KiekerJan 1ce9766204 merge upstream changes to update to ubuntu 2204 2022-09-04 20:52:56 +02:00
KiekerJan cb87310c73 update contact and calendar nextcloud apps 2022-06-05 23:56:35 +02:00
KiekerJan 2a6ecd38b3 now really merge 2204 changes 2022-05-25 22:26:08 +02:00
KiekerJan a2a2e7ce24 nextcloud update 2022-05-24 22:10:48 +02:00
KiekerJan fccbb591e3 remove superfluous command 2022-05-22 00:17:29 +02:00
KiekerJan adbfeb6088 nextcloud 23 needs user_external 3.0.0 2022-05-21 20:10:13 +02:00
KiekerJan 4457eaf3a4 fixes to installation 2022-05-15 22:16:48 +02:00
KiekerJan 314955a648 update nextcloud to 24 2022-05-12 23:09:31 +02:00
KiekerJan bf4ec5697b merge upstream 2022-05-12 22:15:52 +02:00
Austin Ewens eeee712cf3
Switched to using tags over releases for NextCloud contacts/calendar (#2105)
See [mailinabox issue #2088](https://github.com/mail-in-a-box/mailinabox/issues/2088). This also updates the commit hashes to for anyone updating from NextCloud version 17 (as shown in the related issue) since a different hash is used for tags vs releases.

This was tested and verified to work on a setup previously running v0.44 and then updating to the latest version (v56).
2022-05-04 17:09:53 -04:00
KiekerJan d8de1f5279 prepare for update of user_external nextcloud plugin 2022-04-21 21:58:47 +02:00
KiekerJan f1bc7187b2 update nextcloud to 23.0.2 2022-04-03 16:42:53 +02:00
github@kiekerjan.isdronken.nl 2e23e44582 merge prelim 22.04 changes from upstream 2022-02-16 23:32:30 +01:00
github@kiekerjan.isdronken.nl 686e878af5 merge master 2022-02-02 12:15:22 +01:00
KiekerJan 72b08d6b9a fix installer bugs 2022-02-01 23:14:26 +01:00
github@kiekerjan.isdronken.nl d017c8b04c fixes to installer 2022-02-01 22:48:09 +01:00
KiekerJan 7e3af574d2 move command to web.sh setup 2022-02-01 22:43:43 +01:00
KiekerJan 4c89d503b6 upgrade nextcloud to 21 2022-02-01 22:41:28 +01:00
github@kiekerjan.isdronken.nl 99c960fc56 dkimpy dev and nextcloud installation details 2022-02-01 21:36:06 +01:00
github@kiekerjan.isdronken.nl 8d5f52db0f update nextcloud and webmail plugins 2022-02-01 21:36:06 +01:00
jvolkenant 28b801607d Don't die if column already exists on Nextcloud 18 upgrade (#2078) 2022-02-01 21:36:02 +01:00
KiekerJan 2f86aa4eee upgraded nextcloud to 22 2022-02-01 21:31:30 +01:00
KiekerJan a041737f88 move command to web.sh setup 2022-02-01 21:31:30 +01:00
KiekerJan 2496f4783f upgrade nextcloud to 21 2022-02-01 21:31:30 +01:00
Joshua Tauberer a312acc3bc Update to Nextcloud 20.0.8 and update apps 2022-01-08 09:00:12 -05:00
jvolkenant c92fd02262
Don't die if column already exists on Nextcloud 18 upgrade (#2078) 2021-12-25 10:17:34 -05:00
KiekerJan 53c6c0fcc4 update nextcloud to 2.0.14 2021-11-17 00:25:05 +01:00
KiekerJan daff60ee13 add totp two factor auth to nextcloud 2021-11-07 22:54:43 +01:00
KiekerJan 91d4dfc88c fix downloaded version of nextcloud contacts app 2021-10-25 16:24:18 +02:00
KiekerJan 5403f7eea7 updated version nextcloud 2021-10-25 00:09:32 +02:00
KiekerJan 606e66fe80 fixes 2021-06-22 23:33:11 +02:00
github@kiekerjan.isdronken.nl ca5fb3c2e0 Merge changes from upstream v0.54 2021-06-20 23:36:54 +02:00
KiekerJan cc234c2cab add notes app to nextcloud 2021-06-12 09:52:37 +02:00
Joshua Tauberer dbd6dae5ce Fix exit status issue cased by 69fc2fdd 2021-05-08 09:02:48 -04:00
jvolkenant 49813534bd
Updated Nextcloud to 20.0.8, contacts to 3.5.1, calendar to 2.2.0 (#1960) 2021-05-08 08:24:04 -04:00
Joshua Tauberer 69fc2fdd3a Hide spurrious Nextcloud setup output 2021-05-03 19:41:00 -04:00
Joshua Tauberer 9b07d86bf7 Use $(...) notation instead of legacy backtick notation for embedded shell commands
shellcheck reported

    SC2006: Use $(...) notation instead of legacy backticked `...`.

Fixed by applying shellcheck's diff output as a patch.
2021-05-03 19:28:23 -04:00
github@kiekerjan.isdronken.nl f51c0934ab update owncloud version 2021-04-28 11:24:24 +02:00
github@kiekerjan.isdronken.nl bd2605221a Synchronize with upstream 2021-04-13 09:58:56 +02:00
github@kiekerjan.isdronken.nl c24ca5abd4 include changes from v0.53. Remove some POWER modifications to closer follow original mialinabox 2021-04-13 09:50:23 +02:00
Jan van de Wijdeven d9629caab7 Fixes for 20.04 version 2021-04-11 23:09:41 +02:00
github@kiekerjan.isdronken.nl 12d0aee27a Add own changes 2021-04-11 12:14:41 +02:00
github@kiekerjan.isdronken.nl 98c6bdbf27 Move editconf.py 2021-03-11 23:25:58 +01:00
Jan van de Wijdeven 7b82b3023c Merge remote-tracking branch 'powermiab/master' into 20.04 2021-03-11 22:57:17 +01:00
jvolkenant af62e7a99b
Fixes unbound variable when upgrading from Nextcloud 13 (#1913) 2021-02-06 16:49:43 -05:00
David Duque 18d36831dc
Update NextCloud components 2021-02-01 01:49:05 +00:00
David Duque 4829e687ff
Merge changes from master 2021-01-31 16:20:15 +00:00
Joshua Tauberer 7fd35bbd11 Disable default Nextcloud apps that we don't support
Contacts and calendar are the only supported apps in Mail-in-a-Box.

Files can't be disabled.

Fixes #1864
2020-11-15 17:17:58 -05:00
David Duque a67a57913d v0.51 (November 14, 2020)
Software updates:
 
 * Upgraded Nextcloud from 17.0.6 to 20.0.1 (with Contacts from 3.3.0 to 3.4.1 and Calendar from 2.0.3 to 2.1.2)
 * Upgraded Roundcube to version 1.4.9.
 
 Mail:
 
 * The MTA-STA max_age value was increased to the normal one week.
 
 Control Panel:
 
 * Two-factor authentication can now be enabled for logins to the control panel. However, keep in mind that many online services (including domain name registrars, cloud server providers, and TLS certificate providers) may allow an attacker to take over your account or issue a fraudulent TLS certificate with only access to your email address, and this new two-factor authentication does not protect access to your inbox. It therefore remains very important that user accounts with administrative email addresses have strong passwords.
 * TLS certificate expiry dates are now shown in ISO8601 format for clarity.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl+v8k4PHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BMYUIAJTD1iKzY1SoDNSp8JMPn2sWusOnJNrnvYEV
 vsrBM4AzwJv3DIZKSkYCitbTQW2FsTcjF6Jl5PCavEmAGe55AIKAPM/52Uq6jqDE
 aR8EZvI9ca1i7yR7DOHEI043QSPmp/iCFD48vvmKgN/LZy67TaHaOlGJbc3nfpk0
 y7ejMpF/6RP6ik4snnRQoWTFShaOpB9WcEVnUO7CHZdWcpSCZ55c9yi6A6ExGk7e
 97R5+JN1MgOdZ6rzWZuMWiz7EZ/Ew4jYLZpOwg8qJm0HNbYJ6+/xxsQBwaQzyBw3
 TsTl4GmunNPfoNrmKdJeLy0sBwiVBv/rysjWjim5v8jAYBoKoUQ=
 =2oRU
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl+xc7sACgkQLzJ3OKPA
 rjo6Zw//eYyTBlfQfFHIsLYKxJbwh6fDrIG6/Za6898cPhkJ/ugBeJlNEyT/EjpU
 MvtIgEU9xbG/tjsnQXsgAXJ6s7ZWm1QB5D+wqUIEeAFUn5IkCnXo0wPZJhSTNZhD
 4InnWsicYZj/ByuSH179xHyTAx2uYDBbPT4HjUlzIsaopvWOKLvAfzY3r42AiNvZ
 e79MhKbtOs9kDkrB2LULRzz6WzJDKb11fJccf7UaBerwFvOarMr8hSpOysK0ocHk
 H0wbrGxjb8iBjczVP4OFh36satQ5l4B1W+QVIxZG9ufVAOe3dhv8HngaHqAVyUgF
 gWjDYTnL/anoMMew+kbn2sjeKH6m2ZA+u9g+mDyMGSECVVYhkpOpcbPjZlmlNAQN
 C5BHmHltIg90uicrhzEEPFDBR1JF7JrYO42EwnOWMwjhzRkH2cepVw86lDr+pbrH
 s3hvoWiFFt7cs5ShCpgZDL20ey1e+9wL6b72Qlo7ls7MK3vfZvLPxJLpTi+bnymD
 CNt82Mjpu3BrhjCIGp+px9E2JU/7wUwqyUbgWFtyqxCdJOZXA4ZXVtDs5pQFzhug
 G+Z1HxFmhxck17SD0uHhXJKRD8IRttnO5sBESJaLNB4Ws/KspHVPePNskB/1XSfr
 pFOqikZsoKOICZnpd/eTnUlciqFygqvB0WuFsJNttQN2dBpJViA=
 =ZMFZ
 -----END PGP SIGNATURE-----

Merge upstream v0.51
2020-11-15 18:30:19 +00:00
Joshua Tauberer 6a979f4f52
Add TOTP two-factor authentication to admin panel login (#1814)
* add user interface for managing 2fa

* update user schema with 2fa columns

* implement two factor check during login

* Use pyotp for validating TOTP codes

* also implements resynchronisation support via `pyotp`'s `valid_window option

* Update API route naming, update setup page

* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types

* Autofocus otp input when logging in, update layout

* Extract TOTPStrategy class to totp.py

* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`

* Update OpenApi docs, rename /2fa/ => /mfa/

* Decouple totp from users table by moving to totp_credentials table

* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level

* Add sqlite migration

* Rename internal validate_two_factor_secret => validate_two_factor_secret

* conn.close() if mru_token update can't .commit()

* Address review feedback, thanks @hija

* Use hmac.compare_digest() to compare mru_token

* Safeguard against empty mru_token column

* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup

* Do not log failed login attempts for MissingToken errors

* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.

* Add TOTP secret to user_key hash

thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`

* Typo

* Reorganize the MFA backend methods

* Reorganize MFA front-end and add label column

* Fix handling of bad input when enabling mfa

* Update openAPI docs

* Remove unique key constraint on foreign key user_id in mfa table

* Don't expose mru_token and secret for enabled mfas over HTTP

* Only update mru_token for matched mfa row

* Exclude mru_token in user key hash

* Rename tools/mail.py to management/cli.py

* Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost

Co-authored-by: Joshua Tauberer <jt@occams.info>
2020-10-31 10:27:38 -04:00