Florent Daigniere
b9becd8649
make sessions expire
4 years ago
Florent Daigniere
a1d32568d6
Regenerate session-ids to prevent session fixation
4 years ago
Florent Daigniere
d459c37432
make session IDs 128bits
4 years ago
Florent Daigniere
22af5b8432
Switch to server-side sessions in redis
4 years ago
Florent Daigniere
96ae54d04d
CryptContext should be a singleton
4 years ago
Florent Daigniere
5f05fee8b3
Don't need regexps anymore
4 years ago
Florent Daigniere
1c5b58cba4
Remove scheme_dict
4 years ago
Florent Daigniere
df230cb482
Refactor auth under nginx.check_credentials()
4 years ago
Florent Daigniere
f9ed517b39
Be specific token length
4 years ago
Florent Daigniere
d0b34f8e24
Move CREDENTIAL_ROUNDS to advanced settings
4 years ago
Florent Daigniere
fda758e2b4
remove merge artifact
4 years ago
Florent Daigniere
57a6abaf50
Remove {scheme} from the DB if mailu has set it
4 years ago
Florent Daigniere
7137ba6ff1
Misc improvements to PASSWORD_SCHEME
...
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706 : ldap_salted_sha512 support)
4 years ago
Florent Daigniere
00b001f76b
Improve the token storage format
...
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
4 years ago
Florent Daigniere
eb7895bd1c
Don't do more work than necessary (/webdav)
...
This is also fixing tokens on /webdav/
4 years ago
Florent Daigniere
58b2cdc428
Don't do more work than necessary
4 years ago
bors[bot]
464e46b02b
Merge #1765
...
1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens
## What type of PR?
Bugfix
## What does this PR do?
It sets the right flags on the session cookie issued by the admin app.
This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability.
SameSite is hardening / helps against CSRF on modern browsers
HTTPOnly is hardening / helps reduce the impact of XSS
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
4 years ago
bors[bot]
47d6c697d0
Merge #1763
...
1763: show flash messages again r=mergify[bot] a=lub
## What type of PR?
bug-fix
## What does this PR do?
This basically restores the behaviour, that got removed in
ecdf0c25b3
during refactoring.
### Related issue(s)
- noticed it while reviewing #1756
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [-] In case of feature or enhancement: documentation updated accordingly
- [-] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog ) entry file.
Co-authored-by: lub <git@lubiland.de>
4 years ago
bors[bot]
cca4b50915
Merge #1607
...
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub
## What type of PR?
enhancement
## What does this PR do?
This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.
### Related issue(s)
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog ) entry file.
Co-authored-by: lub <git@lubiland.de>
4 years ago
Florent Daigniere
0dcc059cd6
Add a new knob as discussed on matrix with lub
4 years ago
Jaume Barber
5bb67dfcbb
Translated using Weblate (Basque)
...
Currently translated at 100.0% (151 of 151 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
4 years ago
Jaume Barber
a49b9d7974
Translated using Weblate (Catalan)
...
Currently translated at 99.3% (150 of 151 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
4 years ago
Jaume Barber
cd9992f79c
Translated using Weblate (Swedish)
...
Currently translated at 74.2% (121 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
4 years ago
Jaume Barber
afae5d1c24
Translated using Weblate (Russian)
...
Currently translated at 88.3% (144 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
4 years ago
Jaume Barber
7a01a63389
Translated using Weblate (Portuguese)
...
Currently translated at 88.3% (144 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
4 years ago
Jaume Barber
480ec29d3d
Translated using Weblate (Italian)
...
Currently translated at 91.4% (149 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
4 years ago
Jaume Barber
5e96a4bfcf
Translated using Weblate (Spanish)
...
Currently translated at 91.4% (149 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
4 years ago
Jaume Barber
6143d66eb8
Translated using Weblate (English)
...
Currently translated at 39.2% (64 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Anonymous
6da5978870
Translated using Weblate (German)
...
Currently translated at 88.3% (144 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
4 years ago
Anonymous
58c22fd2c6
Translated using Weblate (English)
...
Currently translated at 38.6% (63 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Jaume Barber
0dc8817f32
Translated using Weblate (English)
...
Currently translated at 38.6% (63 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Anonymous
3d17000ceb
Translated using Weblate (English)
...
Currently translated at 29.4% (48 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Jaume Barber
a2933d00f3
Translated using Weblate (English)
...
Currently translated at 29.4% (48 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Jaume Barber
7c0158c5f8
Translated using Weblate (English)
...
Currently translated at 17.7% (29 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Anonymous
7de94275a0
Translated using Weblate (English)
...
Currently translated at 17.7% (29 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Jaume Barber
43133d8515
Added translation using Weblate (Basque)
4 years ago
Jaume Barber
5e0aa65c8d
Translated using Weblate (Italian)
...
Currently translated at 96.3% (157 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
4 years ago
Jaume Barber
725cdc270c
Translated using Weblate (Spanish)
...
Currently translated at 100.0% (163 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
4 years ago
Weblate
a571704a9d
Merge branch 'origin/master' into Weblate.
4 years ago
Jaume Barber
b9c2dc1a79
Translated using Weblate (Catalan)
...
Currently translated at 98.6% (149 of 151 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
4 years ago
Anonymous
3a9a133226
Translated using Weblate (English)
...
Currently translated at 11.0% (18 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Jaume Barber
af251216b0
Translated using Weblate (English)
...
Currently translated at 11.0% (18 of 163 strings)
Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
4 years ago
Florent Daigniere
aa8cb98906
Set sensible cookie options
4 years ago
lub
88f992de16
show flash messages again
...
This basically restores the behaviour, that got removed in
ecdf0c25b3
during refactoring.
4 years ago
Mordi Sacks
f56af3053a
Removed email address
4 years ago
dependabot[bot]
54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2 )
Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
cbachert
72a9ec5b7c
Fix extract_host_port port separation
...
Regex quantifier should be lazy to make port separation work.
4 years ago
Dimitri Huisman
78890a97ff
Preparations for 1.8 release.
4 years ago
lub
02cfe326d3
support using files for SECRET_KEY and DB_PW
...
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables
just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
4 years ago
ofthesun9
539114a3d6
Merge branch 'master' into test-alpine-3.12
4 years ago