Felix Spöttel
7c4eb0fb70
Add sqlite migration
2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e
Decouple totp from users table by moving to totp_credentials table
...
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7
Update OpenApi docs, rename /2fa/ => /mfa/
2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58
Extract TOTPStrategy class to totp.py
...
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
2020-09-03 11:19:19 +02:00
Felix Spöttel
6594e19a1f
Autofocus otp input when logging in, update layout
2020-09-02 20:30:08 +02:00
Felix Spöttel
8597646a12
Update API route naming, update setup page
...
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
2020-09-02 19:41:06 +02:00
Felix Spöttel
f205c48564
Use pyotp for validating TOTP codes
...
* also implements resynchronisation support via `pyotp`'s `valid_window option
2020-09-02 19:12:15 +02:00
Felix Spöttel
3c3683429b
implement two factor check during login
2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa
add user interface for managing 2fa
...
* update user schema with 2fa columns
2020-09-02 16:48:23 +02:00
David Ferreira de Sousa Duque
a336931c95
Version release: v0.48.POWER.0
2020-08-26 23:13:41 +01:00
David Ferreira de Sousa Duque
d7d3561768
v0.48
...
Roundcube XSS vulnerability fixed.
-----BEGIN PGP SIGNATURE-----
iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9GpkcPHGp0QG9jY2Ft
cy5pbmZvAAoJELkgQfTBC92BoYAH/2NjdfN2d6f45uPq/X32bBAc6wfI7Cs9yCKp
LOrAfPlmE0jRSm9ThATfZvaWci2r2IFhsFzQ9bWHpbIP5YD7mDD50I2uTnZa9BV4
MsI40VXoh0BAgkWRqK60rTw0lQ9YGT+1TNLDEs1Y7vBjfTCOh4MMn4jUXkIEHDQg
2pSHY1RUq7T0wRaHS+rTPDccotS/xCGg6uZJ+gSlvhRdxakAe9mo8139KD/4fjT8
HK6igpwHsn3POg7mmJoSYXtScmWRYfnSV9kyfYyVyjhu5/uIowdICwFOzX7G7ruM
yA/azBlyMs898e5jYFR1tQqQ1rVYVy/nqCQOiyJa34ngHGSi41U=
=a9fn
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9G3ZEACgkQLzJ3OKPA
rjpEvQ//cG844Wv3samnABlRv2ZIjg6OXtjsE9OuN/O2exGhJ7wNhlJ5F3VyXP5Z
Tufm2HNc3sg9lQUVmyvFbSx03f/tgRdykH2HDS55Q3Q9YdpmZJBGlqsoMN/GIfjU
PDcLpN30XBt6S8qB/7d/U37ZW69OuFZLDRlwQZ66N/shxXkZSOp9U/9nH1Vf5OEU
/L5RVtsi/baDnauXDJWpyNsLKKEB4jCrlEiVI437cN2Yr3Y/d1u4pf3zQOEQmAGV
/A6fu2a9Kkc7IvcAKeoIvlyt+2gYw1zUDkBHf+LuSXGkxTt07L9Bjc7I6SY3DGo2
QiEVOMDPiKWl+0UQ73w/lwCUS7FbzaG/Mj2+c1pJ85UaZYbU5ovjJLesk+UPIG8Q
LmVCAHTw6QctZZi0BwP5epPk01zbeSBmRosT6b4l95G2sqh91CMNUjNRc7963yzB
Z36hpaWSqpGKyEjma9XFvGi9Tfkg1JxblLjmPVqbyez7bpAMgSw5FBWU1zjxjOmi
XOvGu/Fdu+gCre6IHfl8nTJNRc27UtJWTZjbQVl1OlbRx/h2QS/tKMpgN9VOrSV5
koi4TuX+T4kSE2S+atzlPOQuDIOHfdlxaU2mlwtqVfHBjlwE7FEcdfIGa5Pl6Blj
fFsDI7T6VGw2zup40vk/tRn5GY2KCPdp6rHhuCMA1PY6gerhhLw=
=3X2X
-----END PGP SIGNATURE-----
Merge upstream v0.48
2020-08-26 23:09:14 +01:00
Joshua Tauberer
0d72566c99
Merge v0.48 point release branch
2020-08-26 14:11:56 -04:00
Joshua Tauberer
62db58eaaf
v0.48
2020-08-26 14:11:01 -04:00
Joshua Tauberer
891de8d6c3
Upgrade Roundcube to 1.4.8
...
Merges #1809
2020-08-26 14:10:04 -04:00
Richard Willis
62b9b1f15f
Add OpenAPI HTTP spec ( #1804 )
2020-08-22 15:44:19 -04:00
David Duque
24c5d54f49
start.sh: Generate locales properly
2020-08-10 03:07:45 +01:00
David Duque
3d9f0e2135
Vagrant: Use libvirt/debian
2020-08-10 03:06:59 +01:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools ( #1795 )
...
* Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
* Acquire pools with the 'with' statement
2020-08-09 11:42:39 -04:00
David Duque
0cf4ed9a24
Version bump
2020-07-30 15:43:48 +01:00
David Duque
1ba62c6112
v0.47
...
v0.47 (July 29, 2020)
---------------------
Security fixes:
* Roundcube is updated to version 1.4.7 fixing a cross-site scripting (XSS) vulnerability with HTML messages with malicious svg/na$
* SSH connections are now rate-limited at the firewall level (in addition to fail2ban).
-----BEGIN PGP SIGNATURE-----
iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl8hh4APHGp0QG9jY2Ft
cy5pbmZvAAoJELkgQfTBC92BD8EIAKuNEHxgL0C0kkpAhuTlVXuoNEH/2FF6hYS7
7NqVrqOO1iVPGkGPhAh77CLpnvvJEhu9GeSWFhTrpI//5CvfafUQowmELClmDcYL
yxHqgoHX9O0PAd+uCLgO3MdAzFMVLNbPmt/uPgEHufnrrQGIGieB2iGWnf9xnnpf
wFSyQQnLofFpq7nH6qQvLNvh//zPQd7l/YV3ieEuT0dV4izg/Sr7Q5W6Zwn/q/ed
Btp4CizRFRFTmulIEM8an+jSXMMvdVkut6WDcl6ct8LZLoWwtEkWVeru9IVu4n9L
Lj8Bkt+8aRR6updnI/2tm0d7ZgFXWHc/+dfLCaK+aOlMD3qV9p0=
=xsgn
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl8i0EQACgkQLzJ3OKPA
rjopbg//T75ZyceGJVvDnzylhW65bIL8oUYiFLy/GOA39rmR1gjcwzHSaIP0kOtX
HPpm6rhPhVUKo8pjuWSvLnnNfz9QfJ4b6SqAN2Zg/hiqFdMEShGZNqvSQVvLkfxi
HHwa1C+TlRTD57HlVi9Y6TLX7YH65T9YmJol6KO30dGJRMIPssLg6K5k0Wf2Y2uG
E+6tipkiTPcHEaKIHUPdi5xxTL/QHVn+c+C0nsiflX7i9vC6P30e3yNsOvpk3q7V
XwD/bJfycUq8Qc5WhPsKoo287QY9XrkUco8vsVMDJJ1oCSIO1Ek5H/tgu2qB1QNJ
EGtcAYr09Fi8+5PLhmbTgRRWJ6ez6SaNnxsh8W5FhRpymgujoe4ghMiuYCwfHW13
ESB1KKZHGUiqP4nxHIgYyANrSP97qsZmVWUEQcwqhcP8BZY4NOzEsUKgIjTCTpVJ
CbRUJlgQow7s/R76aH3Crb7xhbE+2eQPDgKQ6AwDySWbPTDd3T6MtL0Oe2MZS8Wg
8mv02U+eqDfQ0TfD30vGIESARXJ1UJWfsLQzyyg7jBCTrIfSQt1IwFzXCASm78hs
kHN0/gmXUULQq0FslKV/zrfOsNEzKX+sCwjOMG7RMlWVcEVkRyXFvcajBj72mvZl
3kFOEqah8nErTStsP89Z+ltwfkVsWehu+vwP67NryRy4/B3y9fQ=
=CTVK
-----END PGP SIGNATURE-----
Merge upstream v0.47
2020-07-30 14:51:00 +01:00
Joshua Tauberer
65983b8ac7
Merge v0.47 point release branch
2020-07-29 10:27:06 -04:00
hija
56d0289ed9
v0.47
2020-07-29 10:24:56 -04:00
Marcus Bointon
f253c40012
[backport] Add rate limiting of SSH in the firewall ( #1770 )
...
See #1767 . Backport of cfc8fb484c
.
2020-07-29 10:24:23 -04:00
Joshua Tauberer
4bbe4af377
Update CHANGELOG
2020-07-29 10:23:02 -04:00
Hilko
2c34a6df2b
Update roundcube to 1.4.7
2020-07-29 10:15:12 -04:00
Hilko
1098e2b48e
Add noindex to www_default meta tags ( #1791 )
2020-07-29 10:03:33 -04:00
Richard Willis
c50170b816
Update "Remove Alias" modal title ( #1800 )
2020-07-29 10:01:20 -04:00
Marcus Bointon
cd518e6820
Raise Dovecot per user connection limit ( #1799 )
2020-07-27 06:37:52 -04:00
David Duque
dd7899acca
Version bump
2020-07-26 01:03:28 +01:00
David Duque
5e597bb536
Update deprecated function from dnspython
2020-07-26 01:00:17 +01:00
David Duque
60911515fd
Support Ubuntu LTS point releases
2020-07-26 00:26:35 +01:00
David Duque
ac8c0ae762
Release v0.46.POWER.4
2020-07-22 12:45:18 +01:00
David Duque
16ae3038b3
Merge branch 'development'
2020-07-22 12:44:04 +01:00
David Duque
fc0bd12631
Acquire pools with the 'with' statement
2020-07-22 12:42:10 +01:00
David Duque
311e6c63e8
Render the 'Backup now' buttons even if there are already backups
2020-07-21 19:25:48 +01:00
David Duque
a0da88834c
Terminate the status checks process pool before exiting
2020-07-21 19:21:46 +01:00
David Duque
967409b157
Drop requirement for passwords to have no spaces ( #1789 )
2020-07-16 07:23:11 -04:00
David Duque
1b2711fc42
Add 'always' modifier to the HSTS add_header directive ( #1790 )
...
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header )
2020-07-16 07:21:14 -04:00
David Duque
20b4f26e42
Use ubuntu/focal64 as main testbed
2020-07-15 15:28:47 +01:00
David Duque
c8fbe2dd5d
Determine the PHP version at runtime (instead of at setup-time)
2020-07-15 15:28:02 +01:00
David Duque
515a74ba11
Render the lsb_release at flask init time
...
Don't change the index.html file at setup time
2020-07-14 11:51:25 +01:00
David Duque
b562e7eefa
Hide the 'Create Backup' buttons when backups are turned off
2020-07-11 15:45:50 +01:00
David Duque
ccf60c7017
Backups: User-initiated and cron-initiated jobs will have the same lockname
...
So that some poor timing (initiating a backup when there's a cron-initiated backup)
doesn't screw everything up.
2020-07-11 09:16:32 +01:00
David Duque
e224b6b3b2
Update project status
2020-07-11 08:43:46 +01:00
David Duque
79e2398d71
Fix comment
2020-07-11 08:30:05 +01:00
David Duque
af9ef186b3
Add manual backup option
2020-07-10 15:48:37 +01:00
David Duque
e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses ( #1787 )
2020-07-08 18:26:47 -04:00
David Duque
199c2c50ba
Backups: Fix backup target selector width
2020-07-08 19:32:24 +01:00
David Duque
4a85250242
Revert vagrantfile to upstream config
2020-07-08 19:31:35 +01:00
David Duque
dd017c44c7
Update ideas section and roadmap
2020-07-08 15:00:04 +01:00