Joshua Tauberer
30f067bc72
Reorganize TOTP in the control panel templates to allow adding multiple devices and disabling individual devices
2021-10-18 20:14:25 -04:00
Joshua Tauberer
e884c4774f
Replace HMAC-based session API keys with tokens stored in memory in the daemon process
...
Since the session cache clears keys after a period of time, this fixes #1821 .
Based on https://github.com/mail-in-a-box/mailinabox/pull/2012 , and so:
Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>
Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
2021-09-06 09:23:58 -04:00
Richard Willis
f66e609d3f
Api spec cleanup ( #1869 )
...
* Fix indentation
* Add parameter definition and remove unused model
* Update version
* Quote example string
2020-11-26 06:56:04 -05:00
Victor
b85b86e6de
Add download zonefile button to external DNS page ( #1853 )
...
Co-authored-by: Joshua Tauberer <jt@occams.info>
2020-11-16 06:03:41 -05:00
Joshua Tauberer
545e7a52e4
Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost
2020-10-31 10:23:43 -04:00
Felix Spöttel
be5032ffbe
Don't expose mru_token and secret for enabled mfas over HTTP
2020-09-29 19:46:02 +02:00
Felix Spöttel
6d82c0035a
Update openAPI docs
2020-09-28 21:27:24 +02:00
Felix Spöttel
89b301afc7
Update OpenApi docs, rename /2fa/ => /mfa/
2020-09-03 13:54:28 +02:00
Richard Willis
62b9b1f15f
Add OpenAPI HTTP spec ( #1804 )
2020-08-22 15:44:19 -04:00