external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Code Issues Releases Wiki Activity
2,239 Commits 6 Branches 85 Tags 43 MiB
c135bf1f77
Commit Graph

2239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joshua Tauberer
79966e36e3 Set a cookie for /admin/munin pages to grant access to Munin reports 
The /admin/munin routes used the same Authorization: header logic as the other API routes, but they are browsed directly in the browser because they are handled as static pages or as a proxy to a CGI script.

This required users to enter their email username/password for HTTP basic authentication in the standard browser auth prompt, which wasn't ideal (and may leak the password in browser storage). It also stopped working when MFA was enabled for user accounts.

A token is now set in a cookie when visiting /admin/munin which is then checked in the routes that proxy the Munin pages. The cookie's lifetime is kept limited to limit the opportunity for any unknown CSRF attacks via the Munin CGI script.
 2021-09-24 08:11:36 -04:00
Joshua Tauberer
66b15d42a5 CHANGELOG entries 2021-09-24 08:11:36 -04:00
drpixie
df46e1311b
Include NSD config files from /etc/nsd/nsd.conf.d/*.conf (#2035) 
And write MIAB dns zone config into /etc/nsd/nsd.conf.d/zones.conf. Delete lingering old zones.conf file.

Co-authored-by: Joshua Tauberer <jt@occams.info>
 2021-09-24 08:07:40 -04:00
downtownallday
4403e65053 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 2021-09-23 17:11:53 -04:00
Elsie Hupp
353084ce67
Use "smart invert" for dark mode (#2038) 
* Use "smart invert" for dark mode

Signed-off-by: Elsie Hupp <9206310+elsiehupp@users.noreply.github.com>

* Add more contrast to form controls

Co-authored-by: Joshua Tauberer <jt@occams.info>
 2021-09-19 09:53:03 -04:00
downtownallday
763cdfcd7e remove /admin/me call, which is no longer available, and use the new api_credentials Object, which used to be a String. 
add X-Requested-With header to requests so 401's are not returned by daemon.py.
 2021-09-14 10:00:17 -04:00
downtownallday
9ea03e18c9 automatically install avahi for systems with a .local tld 2021-09-14 09:56:19 -04:00
downtownallday
026115b845 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 2021-09-14 08:37:22 -04:00
downtownallday
4b285c3201 Prepare for multiple base system support and automatically update and remove stale vagrant boxes 2021-09-14 08:20:37 -04:00
downtownallday
3d32dbab22 Explicitly create a /etc/ldap/ldap.conf in the docker image so ldap tools recognize the system's trusted root certificate list 2021-09-14 08:18:53 -04:00
downtownallday
3f2b2ef146 Stop the capture daemon during ehdd shutdown to avoid "busy" mount 2021-09-14 08:17:21 -04:00
downtownallday
402207714b Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/templates/index.html
#	setup/management.sh
 2021-09-14 08:16:08 -04:00
mailinabox-contributor
91079ab934
add numeric flag value to DNSSEC DS status message (#2033) 
Some registrars (e.g. Porkbun) accept Key Data when creating a DS RR,
but accept only a numeric flags value to indicate the key type (256 for KSK, 257 for ZSK).

https://datatracker.ietf.org/doc/html/rfc5910#section-4.3
 2021-09-10 16:12:41 -04:00
Joshua Tauberer
e5909a6287 Allow non-admin login to the control panel and show/hide menu items depending on the login state 
* When logged out, no menu items are shown.
* When logged in, Log Out is shown.
* When logged in as an admin, the remaining menu items are also shown.
* When logged in as a non-admin, the mail and contacts/calendar instruction pages are shown.

Fixes #1987
 2021-09-06 09:23:58 -04:00
Joshua Tauberer
26932ecb10 Add a 'welcome' panel to the control panel and make it the default page instead of the status checks which take too long to load 
Fixes #2014
 2021-09-06 09:23:58 -04:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process 
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
 2021-09-06 09:23:58 -04:00
Joshua Tauberer
53ec0f39cb Use 'secrets' to generate the system API key and remove some debugging-related code 
* Rename the 'master' API key to be called the 'system' API key
* Generate the key using the Python secrets module which is meant for this
* Remove some debugging helper code which will be obsoleted by the upcoming changes for session keys
 2021-09-06 09:23:58 -04:00
Joshua Tauberer
700188c443 Roundcube 1.5 RC 2021-09-06 09:23:58 -04:00
downtownallday
4bf71e68be Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 2021-08-23 17:48:17 -04:00
Downtown Allday
72039a1409
Merge pull request #15 from downtownallday/github-actions 
GitHub actions
 2021-08-23 17:19:54 -04:00
downtownallday
4f8697c07d change badge link 2021-08-23 16:57:40 -04:00
downtownallday
71526bc294 Add badge 2021-08-23 16:39:36 -04:00
downtownallday
be932af813 git remote url does not contain .git extension in github actions 2021-08-23 16:17:07 -04:00
downtownallday
0876a9a7de non-standard git remotes in github actions 2021-08-23 16:01:16 -04:00
downtownallday
0c2c76a6dc Patch upstream to install php-xml instead of php-xsl 2021-08-23 15:17:33 -04:00
downtownallday
2a9fcd7101 add upgrade-from-upstream job 2021-08-23 15:00:31 -04:00
downtownallday
c29eb2fb23 add 127.0.1.1 if it does not exist 2021-08-23 14:31:31 -04:00
downtownallday
f8a679b9c2 ensure system hostname is resolvable locally 2021-08-23 14:15:18 -04:00
downtownallday
71d3b79965 avoid installing php-xsl, which is a virtual package provided by php-xml on github images 2021-08-23 13:45:25 -04:00
downtownallday
bad57e8688 Try running update-alternatives for php 7.2 as before system-setup 2021-08-23 13:25:32 -04:00
downtownallday
d8c52fedc5 Try using nanasess/setup-php action to resolve issue where setup/webmail.sh, which runs the roundcubemail/bin/updatedb.sh script, fails with "Unsupported PHP version. Required PHP >= 5.4 and < 8.0" indicating that PHP >= 8.0 is actually installed! 2021-08-23 12:58:42 -04:00
downtownallday
5911f05f89 use sudo 2021-08-23 12:11:27 -04:00
downtownallday
c855133c41 fix formatting 2021-08-23 12:03:22 -04:00
downtownallday
7fd1f0ae31 Initial commit 2021-08-23 11:40:22 -04:00
David Duque
ba80d9e72d
Show backup retention period form when configuring B2 backups (#2024) 2021-08-23 06:25:41 -04:00
downtownallday
b6fd371615 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 2021-08-22 16:28:54 -04:00
Joshua Tauberer
a71a58e816
Re-order DS record algorithms by digest type and revise warning message (#2002) 2021-08-22 14:45:56 -04:00
Joshua Tauberer
67b5711c68 Recommend that DS records be updated to not use SHA1 and exclude MUST NOT methods (SHA1) and the unlikely option RSASHA1-NSEC3-SHA1 (7) + SHA-384 (4) from the DS record suggestions 2021-08-22 14:43:46 -04:00
myfirstnameispaul
20ccda8710 Re-order DS record algorithms by digest type and revise warning message. 
Note that 7, 4 is printed last in the status checks page but does not appear in the file, and I couldn't figure out why.
 2021-08-22 14:29:36 -04:00
NewbieOrange
0ba841c7b6
fail2ban now supports ipv6 (#2015) 
Since fail2ban 0.10.0, ipv6 support has been added. The current Ubuntu 18.04 repository has fail2ban 0.10.2, which does have ipv6 protection.
 2021-08-22 14:13:58 -04:00
lamkin
daad122236
Ignore bad encoding in email addresses when parsing maillog files (#2017) 
local/domain parts of email address should be standard ASCII or
UTF-8. Some email addresses contain extended ASCII, leading to
decode failure by the UTF-8 codec (and thus failure of the
Usage-Report script)

This change allows maillog parsing to continue over lines
containing such addresses
 2021-08-16 11:46:32 -04:00
downtownallday
e87290dd42 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 2021-08-03 05:40:16 -04:00
NewbieOrange
21ad26e452
Disable auto-complete for 2FA code in the control panel login form (#2013) 2021-07-28 16:39:40 -04:00
downtownallday
508ac8b0f8 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	CHANGELOG.md
#	README.md
 2021-07-18 20:41:37 -04:00
Joshua Tauberer
4cb46ea465 v0.54 2021-06-20 15:50:04 -04:00
downtownallday
0f09880aa6 add -H option to /bin/chown call in case 'encrypted' is a symbolic link 2021-06-07 06:40:05 -04:00
downtownallday
0b2e504d7f Remove extraneous hr's 2021-05-16 08:02:19 -04:00
downtownallday
e15d198eb6 Fix typo 2021-05-16 07:43:13 -04:00
downtownallday
b0b9f0e902 Update wording 2021-05-16 07:41:01 -04:00
downtownallday
fc4ad70535 Merge branch 'main' of https://github.com/mail-in-a-box/mailinabox 
# Conflicts:
#	management/dns_update.py
#	management/web_update.py
#	tests/test_mail.py
 2021-05-15 22:35:48 -04:00