lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
3,464 Commits
3 Branches
0 Tags
7.4 MiB
main
dynamic-resolution
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd19208d3d1'
${ noResults }
Commit Graph

27 Commits (d19208d3d108cb0c52bc614f1b844b15d86ab1dc)

Author SHA1 Message Date
hitech95 fc8926493c admin: graceful fail on user fetch in basic auth 
Signed-off-by: hitech95 <nicveronese@gmail.com>
 2 years ago
Alexander Graf 630a4e9b5e
Update auth.py 
Add spaces
 2 years ago
Maximilian Fischer 8775dc5b15 Fixing AUTH_RATELIMIT_IP not working on imap/pop3/smtp 
#2283
 2 years ago
Florent Daigniere a4ed464170 doh 2 years ago
Florent Daigniere 7bd1fd3489 fix 2145 2 years ago
Florent Daigniere 7f89a29790 Fix 2125 
Make the caller responsible to know whether the rate-limit code should
be called or not
 2 years ago
Florent Daigniere fe18cf9743 Fix 2080 
Ensure that webmail tokens are in sync with sessions
 2 years ago
Florent Daigniere f3c93212c6 The Rate-limiter should run after the deny 3 years ago
Dimitri Huisman 44d2448412 Updated SSO logic for webmails. Fixed small bug rate limiting. 3 years ago
Florent Daigniere 98742268e6 Make it more readable 3 years ago
Florent Daigniere 94bbed9746 Ensure we have the right IP 3 years ago
Florent Daigniere 3bda8368e4 simplify the Auth-Status check 3 years ago
Florent Daigniere 2dd9ea1506 simplify 3 years ago
Florent Daigniere 89ea51d570 Implement rate-limits 3 years ago
Dimitri Huisman 169a540692 Use punycode for HTTP header for radicale and create changelog 3 years ago
Dimitri Huisman 4f5cb0974e Make sure HTTP header only contains ASCII 3 years ago
Florent Daigniere a0dcd46483 fix #1861: Handle colons in passwords 3 years ago
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 3 years ago
Florent Daigniere df230cb482 Refactor auth under nginx.check_credentials() 3 years ago
Florent Daigniere eb7895bd1c Don't do more work than necessary (/webdav) 
This is also fixing tokens on /webdav/
 3 years ago
Florent Daigniere 906a051925 Make rainloop use internal auth 3 years ago
kaiyou 8e88f1b8c3 Refactor the rate limiting code 
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.

Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
 4 years ago
Michael Wyraz bee80b5c64 Remove rate limit reset 5 years ago
Michael Wyraz 889386b4a6 Limiter implementation 5 years ago
kaiyou 087841d5b7 Fix the way we handle the application context 
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
 6 years ago
kaiyou fc24426291 First batch of refactoring, using the app factory pattern 6 years ago
kaiyou 42c6bdb4df Split the internal blueprint into multiple view files 6 years ago