1136 Commits (cb5e0934cb990de61a955755f5663a41b43aa101)

Author SHA1 Message Date
Dimitri Huisman f20208fb4b
Fix error in check for proxy scenario 2 years ago
Dimitri Huisman 20bf0e8a65
Add fix for wrong redirect in proxy scenario and accessing WEBROOT_REDIRECT 2 years ago
Dimitri Huisman 29bfc9dd9d
Add fallback just in case X-Forwarded-By is empty. 2 years ago
Dimitri Huisman 25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2 years ago
bors[bot] 5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2 years ago
Dimitri Huisman c482c71f6c
Add missing () 2 years ago
Dimitri Huisman 31faee4218
Merge branch 'master' into delete-disable 2 years ago
Florent Daigniere 1831ca3b1e Handle WEBROOT_REDIRECT better 2 years ago
Florent Daigniere f44cd24bf8 doh 2 years ago
Florent Daigniere 925c753f40 Merge branch 'master' of https://github.com/Mailu/Mailu into guess-target 2 years ago
Florent Daigniere b607375603 Fix 2692: make the external auth proxy usable 2 years ago
Florent Daigniere dd912169fb Make the login page guess where to redirect 2 years ago
Florent Daigniere 1b045b4a94 Introduce AUTH_PROXY_LOGOUT_URL 2 years ago
S474N 92be819053
Update messages.po 2 years ago
S474N d6757514af
Czech translation
Czech translation
2 years ago
Florent Daigniere 6a4d8603fc Create the user before logging it in 2 years ago
Florent Daigniere f125420400 Fix the bug reported by fastlorenzo 2 years ago
Florent Daigniere 66b7c76836 Doh. Without this email delivery from RELAYNET is broken 2 years ago
bors[bot] aea7407044
Merge #2646
2646: Smarter ratelimit r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for **distinct** usernames in the IP rate-limiter.

This enables to have a much tighter default as a user with a misconfigured device will now only account for a single attempt.

The goal here is to make the rate-limiter more acceptable and to avoid people disabling it altogether.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Florent Daigniere 085bac6e08 Change AUTH_RATELIMIT_IP_V6_MASK from /56 to /48 2 years ago
Alexander Graf fa084d7b1c
Styling only 2 years ago
Florent Daigniere caa8412d82 close #1236: Allow + in localpart of addresses 2 years ago
Florent Daigniere 294ac4adb2 Revert "Clarify"
This reverts commit 35e9bfb8ab.
2 years ago
Florent Daigniere 35e9bfb8ab Clarify 2 years ago
Florent Daigniere d30f71234d Apply the mask on the IP too 2 years ago
Florent Daigniere a60159a0db update defaults, rephrase doc 2 years ago
Florent Daigniere e2a25c79fc only account attempts for distinct usernames in ratelimits 2 years ago
Alexander Graf ab5caac6f7
Remove webmail cookies on logout. 2 years ago
Alexander Graf 50fc1cb8b3
Move version style to app.css 2 years ago
Alexander Graf 8f425ce081
Move unit to data-attr and fix defaulting to 1 2 years ago
Alexander Graf f00059d10c
Show mailu version in web interface after logging in 2 years ago
Alexander Graf 8b0b87984d
Duh. Fix macros call 2 years ago
Alexander Graf 2fa0461803
Fix sliders 2 years ago
Alexander Graf 31e974f829
Add edit button to admin and manager lists 2 years ago
Alexander Graf 3af3aa9395
Show quota in domain list 2 years ago
Alexander Graf 65595d139a
Set default sort order for all lists 2 years ago
Alexander Graf 1ad1d8d95d
Rewrite generation of gunicorn cmdline 2 years ago
Chris Schäpers 35331a4295
Make gunicorn IPv6 conditional
Only listen on [::]:80 in case SUBNET6 is defined, otherwise do the normal :80
2 years ago
Chris 9f6848110a
Make gunicorn listen on ipv6 2 years ago
Florent Daigniere 46f05cb651 Merge branch 'master' of https://github.com/Mailu/Mailu into reduce-logging 2 years ago
bors[bot] 179c624116
Merge #2631
2631: Restful api finishing touches r=mergify[bot] a=Diman0

## What type of PR?

enhancement

## What does this PR do?
Some finishing touches for the restful api.

- Make the API configurable via the setup utility.  
  - Configured exactly the same as the ADMIN and WEBMAIL. 
- We have a single config (API) that configures whether it is exposed (via front). Just like ADMIN. The API is always reachable by directly connecting to the admin container.
- API_TOKEN does not enable/disable the API anymore. When it is not configured, an error is returned (via the internet browser) that the API_TOKEN must be configured in mailu.env.
- Fix some small bugs in the setup utility ( selecting none in the dropdown boxes, now correctly changes the config)
- Update Flask-RestX to 1.0.5. This resolves the deprecation warnings introduced by Flask-RestX.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
2 years ago
Alexander Graf 30efdf557f
Re-enable cli action user_delete with "disable" as default 2 years ago
bors[bot] 43e500faf5
Merge #2628
2628: Set default for FETCHMAIL_ENABLED r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Set the default for FETCHMAIL_ENABLED to true in the admin container.
This keeps existing functionality for people upgrading without re-creating the `mailu.env`.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Dimitri Huisman d6e7314f05
Make API configurable via the setup utility
Fix some small bugs in the setup utility
Improve documentation on the API.
2 years ago
Alexander Graf c4ca1cffaf
Set default for FETCHMAIL_ENABLED 2 years ago
Alexander Graf 5c968256e6
Really fix creation of deep structures using import in update mode 2 years ago
bors[bot] 151601744f
Merge #2627
2627: Add SUBNET6 to places where SUBNET is used r=nextgens a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Also add SUBNET6 where SUBNET is used.

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
bors[bot] 6d994525c4
Merge #2625
2625: Disable fetchmail r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

Only show "fetched accounts" button in user list when fetchmail feature is enabled.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2 years ago
Alexander Graf 10562233ca
Add SUBNET6 to places where SUBNET is used 2 years ago
bors[bot] 7e60ba4e98
Merge #2613
2613: Enhance network segregation r=nextgens a=nextgens

## What type of PR?

enhancement

## What does this PR do?

- put radicale and webmail on their own network: this is done for security: that way they have no privileged access anywhere (no access to redis, no access to XCLIENT, ...)
- remove the EXPOSE statements from the dockerfiles. These ports are for internal comms and are not meant to be exposed in any way to the outside world.

### Related issue(s)
- #2611

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2 years ago