710 Commits (8cab079af6b563e939831c3d6247f4ebae7e02a0)
 

Author SHA1 Message Date
Pierre Jaury f07615c4a4 Do not expose the Web admin interface by default, fixes #40 8 years ago
Pierre Jaury ec5a75f603 Proxify to webmail only if enabled, related to #40 8 years ago
kaiyou 18253b1dd3 Merge pull request #61 from vhf/admin-creation
Allow admin creation after initial setup
8 years ago
kaiyou c1770a1dc1 Merge pull request #62 from vhf/typofix
Fix a typo in the admin UI
8 years ago
Victor Felder 3976a5b38e Allow admin creation after initial setup 8 years ago
Victor Felder 97d952d7f1 Fix a typo 8 years ago
Pierre Jaury 3f6175c34a Remove deprecated awl settings 8 years ago
Pierre Jaury 382030a7aa Revert to using 'latest' for testing 8 years ago
Pierre Jaury d60ef1991c Add a rainloop Webmail image, fixes #58 8 years ago
Pierre Jaury f5b9f569ca Add a link to the demo server documentation 8 years ago
kaiyou cbc6bb5dd6 Merge pull request #55 from kaiyou/feat-refactor-permissions
Refactor the access control code
8 years ago
Pierre Jaury 40b9883c8c Filter outgoing email headers, fixes #52 8 years ago
Pierre Jaury 92bbfde195 Add a PNG logo for rendering 8 years ago
Pierre Jaury 56e6c7565e Add a draft logo 8 years ago
Pierre Jaury e24da96e58 Add some documentation to access decorators 8 years ago
Pierre Jaury 09bec055fd Fix domain deletion permissions 8 years ago
Pierre Jaury c1f9b61dac Add a simple permission audit script 8 years ago
Pierre Jaury f8dcef22ef Fix the manager deletion behaviour 8 years ago
Pierre Jaury f541a951de Remove obsolete utils module 8 years ago
Pierre Jaury 713318f097 Clean imports and remove calls to the utils module 8 years ago
Pierre Jaury ee9a416696 Implement the decorator-based access control for all views 8 years ago
Pierre Jaury 4e4f2b8037 First shot at improving access control, related to #42
A couple of things are important to note for this commit:
- it only implements the new access control for alias and admin management
- the access control code is located in access.py

The idea behind simpler access control is auditability. There have been a
couple of bugs related to functions not checking permissions properly. If
checking permissions is as simple as decorating a function, exporting the
permission scheme for an audit should be simple.

Also, this still does not address the information leakage related to 404 errors
when an object does not exist, independently of permissions the user has over
the domain.
8 years ago
Pierre Jaury 3ea3bc1d8e Enforce permission checks for admin management 8 years ago
kaiyou ee6e9b2690 Add a reference to the Freenode IRC channel. 8 years ago
Pierre Jaury 6dc9131b97 Fix the wildcard migration script, fixes #53 8 years ago
Pierre Jaury 26f7f5a73b Change the env file name in the README file 8 years ago
Pierre Jaury bac20081ee Split the environment file into sections 8 years ago
Pierre Jaury d2d84acd5f Comment all 'build' directives 8 years ago
Pierre Jaury e3197f9156 Have the admin interface listen on localhost 8 years ago
Pierre Jaury 1b6c514dc5 Disable the frontend Web server by default 8 years ago
Pierre Jaury a8eafc508a Default listen on localhost only 8 years ago
Pierre Jaury 7ac44eabeb Add a VERSION variable to avoid modifying the docker-compose file 8 years ago
Pierre Jaury 14ec783ef7 Add a dynamic Webmail option with a 'none' container 8 years ago
Pierre Jaury cf84b82c57 Move the configuration file to .env to support global variables 8 years ago
Pierre Jaury 581a0882af Pull images from Docker Hub by default 8 years ago
Pierre Jaury 8fc95a96d2 Disable debug and set an explicit default secret key 8 years ago
Pierre Jaury ef5d3a77c6 Pull images from Docker Hub by default 8 years ago
Pierre Jaury 8601d5b8db Fix #49 when deleting a global admin 8 years ago
Pierre Jaury 1273571299 Add a changelog 8 years ago
Pierre Jaury 0d3c75aa89 Fix a migration issue with wildcard aliases 8 years ago
Pierre Jaury bfe9ededbc Fix spam filtering when the score is negative 8 years ago
Pierre Jaury 2602ef2883 Add a feature item about freedom 8 years ago
Pierre Jaury e916998bb2 Apply the BetterCrypto nginx configuration, related to #45 8 years ago
Pierre Jaury 3d1e5523d4 Use a non-starttls configuration for SMTPS port, related to #45 8 years ago
Pierre Jaury a6ab917aea Do not enforce TLS on the default SMTP port, related to #45 8 years ago
Pierre Jaury e3e9012183 Add a link to the BetterCrypto reference 8 years ago
Pierre Jaury c0f6a3e387 Apply the BetterCrypto Dovecot configuration, related to #45 8 years ago
Pierre Jaury 8909033c26 Apply the BetterCrypto Postfix configuration, related to #45 8 years ago
Pierre Jaury 5a3242d9d3 Apply the BetterCrypto Postfix configuration, related to #45 8 years ago
Pierre Jaury 5bc0948248 Add some documentation to the Postfix configuration 8 years ago