downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							f6b04b314f 
							
						 
					 
					
						
						
							
							Add totpMruTokenTime to upgrade  
						
						
						
					 
					
						2020-09-30 11:50:49 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							100acb119b 
							
						 
					 
					
						
						
							
							Add a totpMruTokenTime value to record the time when the mru token was used  
						
						... 
						
						
						
						Use the totpMruTokenTime as the id to uniquely identify a totp entry 
						
					 
					
						2020-09-30 11:00:58 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							a5ebd07549 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/mfa.py 
						
					 
					
						2020-09-30 09:05:03 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							1f0e493b8c 
							
						 
					 
					
						
						
							
							Exclude mru_token in user key hash  
						
						
						
					 
					
						2020-09-30 12:34:26 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							5deb88ab60 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/daemon.py
#	management/mfa.py
#	setup/mail-users.sh 
						
					 
					
						2020-09-29 22:20:15 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ada2167d08 
							
						 
					 
					
						
						
							
							Only update mru_token for matched mfa row  
						
						
						
					 
					
						2020-09-29 20:05:58 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							be5032ffbe 
							
						 
					 
					
						
						
							
							Don't expose mru_token and secret for enabled mfas over HTTP  
						
						
						
					 
					
						2020-09-29 19:46:02 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							75fb6d2a5d 
							
						 
					 
					
						
						
							
							Rename a function  
						
						
						
					 
					
						2020-09-29 08:55:04 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							042e8b4a56 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						
						
					 
					
						2020-09-28 23:25:29 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							00fc94d3c1 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/daemon.py
#	management/mailconfig.py
#	setup/mail-users.sh 
						
					 
					
						2020-09-28 23:25:16 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							4dced10a3f 
							
						 
					 
					
						
						
							
							Fix handling of bad input when enabling mfa  
						
						
						
					 
					
						2020-09-28 21:06:59 +02:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							b80f225691 
							
						 
					 
					
						
						
							
							Reorganize MFA front-end and add label column  
						
						
						
					 
					
						2020-09-27 08:31:23 -04:00 
						 
				 
			
				
					
						
							
							
								Joshua Tauberer 
							
						 
					 
					
						
						
						
						
							
						
						
							a8ea456b49 
							
						 
					 
					
						
						
							
							Reorganize the MFA backend methods  
						
						
						
					 
					
						2020-09-26 09:58:25 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							d68a89af61 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/mailconfig.py 
						
					 
					
						2020-09-12 19:44:22 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							7d6427904f 
							
						 
					 
					
						
						
							
							Typo  
						
						
						
					 
					
						2020-09-12 16:38:44 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb93d071c 
							
						 
					 
					
						
						
							
							Add TOTP secret to user_key hash  
						
						... 
						
						
						
						thanks @downtownallday
* this invalidates all user_keys after TOTP status is changed for user
* after changing TOTP state, a login is required
* due to the forced login, we can't and don't need to store the code used for setup in `mru_code` 
						
					 
					
						2020-09-12 16:34:06 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							24ae913d68 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'fspoettel/admin-panel-2fa' into totp  
						
						... 
						
						
						
						# Conflicts:
#	management/auth.py
#	management/daemon.py
#	setup/mail-users.sh
#	setup/management.sh
#	setup/migrate.py 
						
					 
					
						2020-09-10 15:23:27 -04:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea97f0643 
							
						 
					 
					
						
						
							
							Do not log failed login attempts for MissingToken errors  
						
						... 
						
						
						
						* Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point. 
						
					 
					
						2020-09-06 13:08:44 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							4791c2fc62 
							
						 
					 
					
						
						
							
							Safeguard against empty mru_token column  
						
						... 
						
						
						
						* hmac.compare_digest() expects arguments of type string, make sure we don't pass None
 * Currently, this cannot happen but we might not want to store `mru_token` during setup 
						
					 
					
						2020-09-06 13:03:54 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							49c333221a 
							
						 
					 
					
						
						
							
							Use hmac.compare_digest() to compare mru_token  
						
						
						
					 
					
						2020-09-06 12:54:45 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							481a333dc0 
							
						 
					 
					
						
						
							
							Address review feedback, thanks @hija  
						
						
						
					 
					
						2020-09-04 20:28:15 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							b0df35eba0 
							
						 
					 
					
						
						
							
							conn.close() if mru_token update can't .commit()  
						
						
						
					 
					
						2020-09-03 20:39:03 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							08ae3d2b7f 
							
						 
					 
					
						
						
							
							Rename internal validate_two_factor_secret => validate_two_factor_secret  
						
						
						
					 
					
						2020-09-03 19:48:54 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4eb0fb70 
							
						 
					 
					
						
						
							
							Add sqlite migration  
						
						
						
					 
					
						2020-09-03 19:39:29 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ee01eae55e 
							
						 
					 
					
						
						
							
							Decouple totp from users table by moving to totp_credentials table  
						
						... 
						
						
						
						* this allows implementation of other mfa schemes in the future (webauthn)
* also makes key management easier and enforces one totp credentials per user on db-level 
						
					 
					
						2020-09-03 19:07:21 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							89b301afc7 
							
						 
					 
					
						
						
							
							Update OpenApi docs, rename /2fa/ => /mfa/  
						
						
						
					 
					
						2020-09-03 13:54:28 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							ce70f44c58 
							
						 
					 
					
						
						
							
							Extract TOTPStrategy class to totp.py  
						
						... 
						
						
						
						* this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp`
* reduce `pyotp.validate#valid_window` from `2` to `1` 
						
					 
					
						2020-09-03 11:19:19 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							6594e19a1f 
							
						 
					 
					
						
						
							
							Autofocus otp input when logging in, update layout  
						
						
						
					 
					
						2020-09-02 20:30:08 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							8597646a12 
							
						 
					 
					
						
						
							
							Update API route naming, update setup page  
						
						... 
						
						
						
						* Rename /two-factor-auth/ => /2fa/
* Nest totp routes under /2fa/totp/
* Update ids and methods in panel to allow for different setup types 
						
					 
					
						2020-09-02 19:41:06 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							f205c48564 
							
						 
					 
					
						
						
							
							Use pyotp for validating TOTP codes  
						
						... 
						
						
						
						* also implements resynchronisation support via `pyotp`'s `valid_window option 
						
					 
					
						2020-09-02 19:12:15 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							3c3683429b 
							
						 
					 
					
						
						
							
							implement two factor check during login  
						
						
						
					 
					
						2020-09-02 17:23:32 +02:00 
						 
				 
			
				
					
						
							
							
								Felix Spöttel 
							
						 
					 
					
						
						
						
						
							
						
						
							a7a66929aa 
							
						 
					 
					
						
						
							
							add user interface for managing 2fa  
						
						... 
						
						
						
						* update user schema with 2fa columns 
						
					 
					
						2020-09-02 16:48:23 +02:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							caf90702cc 
							
						 
					 
					
						
						
							
							Wording changes  
						
						
						
					 
					
						2020-08-29 06:57:33 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							191b575ab2 
							
						 
					 
					
						
						
							
							Add a display name for users, saved as 'cn' in LDAP  
						
						
						
					 
					
						2020-08-25 16:33:06 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							1fb9316904 
							
						 
					 
					
						
						
							
							spaces -> tabs  
						
						
						
					 
					
						2020-08-25 12:21:11 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							22bfef6f59 
							
						 
					 
					
						
						
							
							Display and allow chaninging a comment/description for aliases. Change the default comment for required aliases to "Required alias".  
						
						
						
					 
					
						2020-08-25 12:00:55 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							d0d12fbc1c 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						
						
					 
					
						2020-08-09 12:13:31 -04:00 
						 
				 
			
				
					
						
							
							
								David Duque 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							94da7bb088 
							
						 
					 
					
						
						
							
							status_checks.py: Properly terminate the process pools ( #1795 )  
						
						... 
						
						
						
						* Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
* Acquire pools with the 'with' statement 
						
					 
					
						2020-08-09 11:42:39 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							ac35bdc544 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						
						
					 
					
						2020-07-29 10:34:47 -04:00 
						 
				 
			
				
					
						
							
							
								Richard Willis 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							c50170b816 
							
						 
					 
					
						
						
							
							Update "Remove Alias" modal title ( #1800 )  
						
						
						
					 
					
						2020-07-29 10:01:20 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							ccb0421729 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						
						
					 
					
						2020-07-16 07:57:09 -04:00 
						 
				 
			
				
					
						
							
							
								David Duque 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							967409b157 
							
						 
					 
					
						
						
							
							Drop requirement for passwords to have no spaces ( #1789 )  
						
						
						
					 
					
						2020-07-16 07:23:11 -04:00 
						 
				 
			
				
					
						
							
							
								David Duque 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1b2711fc42 
							
						 
					 
					
						
						
							
							Add 'always' modifier to the HSTS add_header directive ( #1790 )  
						
						... 
						
						
						
						This will make it so that the HSTS header is sent regardless of the request status code (until this point it would only be sent if "the response code equals 200, 201, 206, 301, 302, 303, 307, or 308." - according to thttp://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header ) 
						
					 
					
						2020-07-16 07:21:14 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							c866b4d0fa 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						
						
					 
					
						2020-07-08 19:36:15 -04:00 
						 
				 
			
				
					
						
							
							
								David Duque 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e6102eacfb 
							
						 
					 
					
						
						
							
							AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses ( #1787 )  
						
						
						
					 
					
						2020-07-08 18:26:47 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							5f008d91b8 
							
						 
					 
					
						
						
							
							Ignore alias domains that have no forward-to because we don't accept mail locally for the alias  
						
						
						
					 
					
						2020-06-15 12:26:12 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							77145e2f38 
							
						 
					 
					
						
						
							
							Fix server error on non-change:  
						
						... 
						
						
						
						"ldap3.core.exceptions.LDAPChangeError: no changes in modify request" 
						
					 
					
						2020-06-15 12:24:03 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							979c36b8c1 
							
						 
					 
					
						
						
							
							Merge branch 'qa-upgrade'  
						
						
						
					 
					
						2020-06-14 18:38:42 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							b0090edd52 
							
						 
					 
					
						
						
							
							Test upgrade to LDAP from upstream Mail-in-a-Box/sqlite  
						
						
						
					 
					
						2020-06-14 13:51:00 -04:00 
						 
				 
			
				
					
						
							
							
								downtownallday 
							
						 
					 
					
						
						
						
						
							
						
						
							49920ee332 
							
						 
					 
					
						
						
							
							Merge branch 'master' of  https://github.com/mail-in-a-box/mailinabox  
						
						
						
					 
					
						2020-06-13 06:30:55 -04:00