external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Code Issues Releases Wiki Activity
1,903 Commits 6 Branches 85 Tags 43 MiB
ba85b6fd7b
Commit Graph

629 Commits

Author SHA1 Message Date
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
 2020-09-10 15:23:27 -04:00
Felix Spöttel
2ea97f0643 Do not log failed login attempts for MissingToken errors 
* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.
 2020-09-06 13:08:44 +02:00
Felix Spöttel
4791c2fc62 Safeguard against empty mru_token column 
* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup
 2020-09-06 13:03:54 +02:00
Felix Spöttel
49c333221a Use hmac.compare_digest() to compare mru_token 2020-09-06 12:54:45 +02:00
Felix Spöttel
481a333dc0 Address review feedback, thanks @hija 2020-09-04 20:28:15 +02:00
Felix Spöttel
b0df35eba0 conn.close() if mru_token update can't .commit() 2020-09-03 20:39:03 +02:00
Felix Spöttel
08ae3d2b7f Rename internal validate_two_factor_secret => validate_two_factor_secret 2020-09-03 19:48:54 +02:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table 
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
 2020-09-03 19:07:21 +02:00
Felix Spöttel
89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Felix Spöttel
ce70f44c58 Extract TOTPStrategy class to totp.py 
* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`
 2020-09-03 11:19:19 +02:00
Felix Spöttel
6594e19a1f Autofocus otp input when logging in, update layout 2020-09-02 20:30:08 +02:00
Felix Spöttel
8597646a12 Update API route naming, update setup page 
* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types
 2020-09-02 19:41:06 +02:00
Felix Spöttel
f205c48564 Use pyotp for validating TOTP codes 
* also implements resynchronisation support via `pyotp`'s `valid_window option
 2020-09-02 19:12:15 +02:00
Felix Spöttel
3c3683429b implement two factor check during login 2020-09-02 17:23:32 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa 
* update user schema with 2fa columns
 2020-09-02 16:48:23 +02:00
downtownallday
caf90702cc Wording changes 2020-08-29 06:57:33 -04:00
downtownallday
191b575ab2 Add a display name for users, saved as 'cn' in LDAP 2020-08-25 16:33:06 -04:00
downtownallday
1fb9316904 spaces -> tabs 2020-08-25 12:21:11 -04:00
downtownallday
22bfef6f59 Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias". 2020-08-25 12:00:55 -04:00
downtownallday
d0d12fbc1c Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-08-09 12:13:31 -04:00
David Duque
94da7bb088
status_checks.py: Properly terminate the process pools (#1795) 
* Only spawn a thread pool when strictly needed

For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.

* Acquire pools with the 'with' statement
 2020-08-09 11:42:39 -04:00
downtownallday
ac35bdc544 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-29 10:34:47 -04:00
Richard Willis
c50170b816
Update "Remove Alias" modal title (#1800) 2020-07-29 10:01:20 -04:00
downtownallday
ccb0421729 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-16 07:57:09 -04:00
David Duque
967409b157
Drop requirement for passwords to have no spaces (#1789) 2020-07-16 07:23:11 -04:00
David Duque
1b2711fc42
Add 'always' modifier to the HSTS add_header directive (#1790) 
This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header)
 2020-07-16 07:21:14 -04:00
downtownallday
c866b4d0fa Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-07-08 19:36:15 -04:00
David Duque
e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses (#1787) 2020-07-08 18:26:47 -04:00
downtownallday
5f008d91b8 Ignore alias domains that have no forward-to because we don't accept mail locally for the alias 2020-06-15 12:26:12 -04:00
downtownallday
77145e2f38 Fix server error on non-change: 
"ldap3.core.exceptions.LDAPChangeError: no changes in modify request"
 2020-06-15 12:24:03 -04:00
downtownallday
979c36b8c1 Merge branch 'qa-upgrade' 2020-06-14 18:38:42 -04:00
downtownallday
b0090edd52 Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite 2020-06-14 13:51:00 -04:00
downtownallday
49920ee332 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-06-13 06:30:55 -04:00
Joshua Tauberer
6fd3195275 Fix MTA-STS policy id so it does not have invalid characters, fixes #1779 2020-06-12 13:09:11 -04:00
downtownallday
27c1b93bcf Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	README.md
#	management/mailconfig.py
#	management/web_update.py
 2020-06-11 15:13:40 -04:00
Joshua Tauberer
9db2fc7f05 In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag 
Merges #1432, more or less.
 2020-06-11 12:20:17 -04:00
Joshua Tauberer
e03a6541ce Don't make autoconfig/autodiscover subdomains and SRV records when the parent domain has no user accounts 
These subdomains/records are for automatic configuration of mail clients, but if there are no user accounts on a domain, there is no need to publish a DNS record, provision a TLS certificate, or create an nginx server config block.
 2020-06-11 12:20:17 -04:00
downtownallday
d2f418a363 Use sha1 hash of maildrop instead of a generated UUID 2020-06-09 20:24:46 -04:00
Vasek Sraier
df9bb263dc
daily_tasks.sh: redirect stderr to stdout (#1768) 
When the management commands fail, they can print something to the standard error output.
The administrator would never notice, because it wouldn't be send to him with the usual emails.
Fixes #1763
 2020-06-07 09:56:45 -04:00
downtownallday
e41370948b Merge branch 'master' into ldap 2020-05-30 09:49:12 -04:00
Joshua Tauberer
3a4b8da8fd More for MTA-STS for incoming mail 
* Create the mta_sts A/AAAA records even if there is no valid TLS certificate because we can't get a TLS certificate if we don't set up the domains.
* Make the policy id in the TXT record stable by using a hash of the policy file so that the DNS record doesn't change every day, which means no nightly notification and also it allows for longer caching by sending MTAs.
 2020-05-30 08:04:09 -04:00
downtownallday
640048db04 Merge branch 'master' into ldap 2020-05-29 17:11:39 -04:00
Joshua Tauberer
37dad9d4bb Provision certificates from Let's Encrypt grouped by DNS zone 
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).

Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.

Fixes #690.
 2020-05-29 15:38:18 -04:00
Joshua Tauberer
b805f8695e Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain 
Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly.
 2020-05-29 15:38:13 -04:00
Joshua Tauberer
10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers
afc9f9686a
Publish MTA-STS policy for incoming mail (#1731) 
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
 2020-05-29 15:30:07 -04:00
downtownallday
e7c27d9035 Merge branch 'master' into ldap 2020-04-21 07:04:23 -04:00
Michael Becker
40b21c466d
Fypo fix in users.html (#1748) 2020-04-13 22:10:52 -04:00
downtownallday
53ba80daaf Merge branch 'master' into ldap 2020-04-11 18:12:32 -04:00