1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-05 00:27:25 +00:00
Commit Graph

810 Commits

Author SHA1 Message Date
downtownallday
e7c5a841aa Merge branch 'jvolk-spf-opendd' 2020-12-26 07:55:30 -05:00
downtownallday
3a98a993bd Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-12-21 09:22:58 -05:00
downtownallday
4cc672e852 Modify the handling of SPF checks and spam rules for policyd-spf 2020-12-21 08:44:10 -05:00
Hilko
3422cc61ce
Include en_US.UTF-8 locale in daemon startup (#1883)
Fixes #1881.
2020-12-19 19:11:58 -05:00
downtownallday
24c156c594 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	setup/management.sh
2020-11-27 16:50:12 -05:00
Hilko
8664afa997
Implement Backblaze for Backup (#1812)
* Installing b2sdk for b2 support
* Added Duplicity PPA so the most recent version is used
* Implemented list_target_files for b2
* Implemented b2 in frontend
* removed python2 boto package
2020-11-26 07:13:31 -05:00
downtownallday
a0dd58d29e Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox 2020-11-17 07:46:22 -05:00
Joshua Tauberer
7fd35bbd11 Disable default Nextcloud apps that we don't support
Contacts and calendar are the only supported apps in Mail-in-a-Box.

Files can't be disabled.

Fixes #1864
2020-11-15 17:17:58 -05:00
downtownallday
74a2f89cff Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
2020-11-14 12:44:09 -05:00
Joshua Tauberer
92221f9efb v0.51 2020-11-14 10:05:20 -05:00
downtownallday
4661a29248 Merge remote-tracking branch 'jvolkenant/1755_spf_opendmarc_opendkim_sa' into jvolk-spf-opendd 2020-11-06 09:27:41 -05:00
downtownallday
68ac593d7f load vars ahead of functions 2020-11-05 16:32:23 -05:00
downtownallday
e43c01e6fe Enable caching of Nextcloud downloads as well as downloading Nextcloud from github instead of Nextcloud servers 2020-11-05 16:19:42 -05:00
downtownallday
5a023f7868 Ensure system php is used 2020-11-04 14:26:20 -05:00
downtownallday
4fdbad5ef8 Be ciab-aware and use php version used by nextcloud 2020-11-04 14:13:59 -05:00
downtownallday
34d968a2cd Prep for ubuntu 20.
This file is shared with cloud-in-a-box, which will support ubuntu 20 before MiaB-LDAP.
2020-11-02 12:57:57 -05:00
downtownallday
b634188ac0 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	management/daemon.py
#	management/mfa.py
2020-10-31 11:43:35 -04:00
downtownallday
ad3174f08e Merge branch 'totp' 2020-10-31 11:39:35 -04:00
Joshua Tauberer
6a979f4f52
Add TOTP two-factor authentication to admin panel login (#1814)
* add user interface for managing 2fa

* update user schema with 2fa columns

* implement two factor check during login

* Use pyotp for validating TOTP codes

* also implements resynchronisation support via `pyotp`'s `valid_window option

* Update API route naming, update setup page

* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types

* Autofocus otp input when logging in, update layout

* Extract TOTPStrategy class to totp.py

* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1`

* Update OpenApi docs, rename /2fa/ => /mfa/

* Decouple totp from users table by moving to totp_credentials table

* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level

* Add sqlite migration

* Rename internal validate_two_factor_secret => validate_two_factor_secret

* conn.close() if mru_token update can't .commit()

* Address review feedback, thanks @hija

* Use hmac.compare_digest() to compare mru_token

* Safeguard against empty mru_token column

* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup

* Do not log failed login attempts for MissingToken errors

* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point.

* Add TOTP secret to user_key hash

thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code`

* Typo

* Reorganize the MFA backend methods

* Reorganize MFA front-end and add label column

* Fix handling of bad input when enabling mfa

* Update openAPI docs

* Remove unique key constraint on foreign key user_id in mfa table

* Don't expose mru_token and secret for enabled mfas over HTTP

* Only update mru_token for matched mfa row

* Exclude mru_token in user key hash

* Rename tools/mail.py to management/cli.py

* Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost

Co-authored-by: Joshua Tauberer <jt@occams.info>
2020-10-31 10:27:38 -04:00
David Duque
48c233ebe5
Update Roundcube to version 1.4.9 (#1830) 2020-10-31 10:01:14 -04:00
Michael Kroes
9a588de754
Upgrade Nextcloud to version 20.0.1 (#1848) 2020-10-31 09:58:26 -04:00
downtownallday
a7370beae0 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/daemon.py
#	management/mfa.py
2020-10-29 16:56:36 -04:00
Joshua Tauberer
ac9ecc3bd3 Rename tools/mail.py to management/cli.py 2020-10-29 15:41:54 -04:00
downtownallday
521b72653c Fix #4 2020-10-26 15:46:19 -04:00
Jeff Volkenant
840f84da1a Custom spamassassin rules for bad SPF/DMARC headers 2020-10-07 11:29:19 -07:00
Jeff Volkenant
3a59fe834f OpenDKIM/OpenDMARC header checks 2020-10-07 11:05:52 -07:00
downtownallday
f6b04b314f Add totpMruTokenTime to upgrade 2020-09-30 11:50:49 -04:00
downtownallday
100acb119b Add a totpMruTokenTime value to record the time when the mru token was used
Use the totpMruTokenTime as the id to uniquely identify a totp entry
2020-09-30 11:00:58 -04:00
downtownallday
5deb88ab60 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh
2020-09-29 22:20:15 -04:00
Felix Spöttel
00b3a3b0a9 Remove unique key constraint on foreign key user_id in mfa table 2020-09-29 19:39:40 +02:00
downtownallday
e2dea39e5b Advance the x-ordered counter 2020-09-29 08:55:32 -04:00
downtownallday
00fc94d3c1 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh
2020-09-28 23:25:16 -04:00
Joshua Tauberer
b80f225691 Reorganize MFA front-end and add label column 2020-09-27 08:31:23 -04:00
Joshua Tauberer
a8ea456b49 Reorganize the MFA backend methods 2020-09-26 09:58:25 -04:00
downtownallday
a79c7fce91 Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
2020-09-26 08:03:12 -04:00
Joshua Tauberer
03bff5292b v0.50
v0.50 (September 25, 2020)
--------------------------

Setup:

* When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.

Mail:

* An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
* The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.

DNS:

* autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
* IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.

TLS:

* TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.

Control Panel:

* The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
* User passwords can now have spaces.
* Status checks for automatic subdomains have been moved into the section for the parent domain.
* Typo fixed.

Web:

* The default web page served on fresh installations now adds the `noindex` meta tag.
* The HSTS header is revised to also be sent on non-success responses.
2020-09-25 07:43:30 -04:00
b-k
853008ddcc
Be more forgiving of people who missed the train on upgrading NextCloud (#1813)
Co-authored-by: B <ben@klemens.org>
2020-09-21 15:45:58 -04:00
downtownallday
cf888d3f30 Set miab-ldap migration version during first-time setup 2020-09-16 09:39:49 -04:00
downtownallday
7c29628530 Separate miab and miab-ldap migrations
Add tests for migrating from miab w/totp (migration 13) to miab-ldap
2020-09-16 09:00:27 -04:00
downtownallday
b3e789a4e2 Migrate TOTP secrets 2020-09-15 07:51:27 -04:00
downtownallday
24ae913d68 Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp
# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py
2020-09-10 15:23:27 -04:00
Felix Spöttel
7c4eb0fb70 Add sqlite migration 2020-09-03 19:39:29 +02:00
Felix Spöttel
ee01eae55e Decouple totp from users table by moving to totp_credentials table
* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level
2020-09-03 19:07:21 +02:00
Felix Spöttel
f205c48564 Use pyotp for validating TOTP codes
* also implements resynchronisation support via `pyotp`'s `valid_window option
2020-09-02 19:12:15 +02:00
Felix Spöttel
a7a66929aa add user interface for managing 2fa
* update user schema with 2fa columns
2020-09-02 16:48:23 +02:00
downtownallday
da7468a6b3 Fix unbound variable 2020-08-28 18:14:14 -04:00
downtownallday
f49590d52a Merge branch 'master' of https://github.com/mail-in-a-box/mailinabox
# Conflicts:
#	README.md
2020-08-26 16:17:28 -04:00
Joshua Tauberer
0d72566c99 Merge v0.48 point release branch 2020-08-26 14:11:56 -04:00
Joshua Tauberer
62db58eaaf v0.48 2020-08-26 14:11:01 -04:00
Joshua Tauberer
891de8d6c3 Upgrade Roundcube to 1.4.8
Merges #1809
2020-08-26 14:10:04 -04:00