lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity
2,431 Commits
3 Branches
0 Tags
7.4 MiB
main
dynamic-resolution
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd459c37432'
${ noResults }
Commit Graph

484 Commits (d459c374322f219ab12801d17817c12c628f1fdc)

Author SHA1 Message Date
Florent Daigniere d459c37432 make session IDs 128bits 5 years ago
Florent Daigniere 22af5b8432 Switch to server-side sessions in redis 5 years ago
Florent Daigniere 96ae54d04d CryptContext should be a singleton 5 years ago
Florent Daigniere 5f05fee8b3 Don't need regexps anymore 5 years ago
Florent Daigniere 1c5b58cba4 Remove scheme_dict 5 years ago
Florent Daigniere df230cb482 Refactor auth under nginx.check_credentials() 5 years ago
Florent Daigniere f9ed517b39 Be specific token length 5 years ago
Florent Daigniere d0b34f8e24 Move CREDENTIAL_ROUNDS to advanced settings 5 years ago
Florent Daigniere fda758e2b4 remove merge artifact 5 years ago
Florent Daigniere 57a6abaf50 Remove {scheme} from the DB if mailu has set it 5 years ago
Florent Daigniere 7137ba6ff1 Misc improvements to PASSWORD_SCHEME 
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
 5 years ago
Florent Daigniere 00b001f76b Improve the token storage format 
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
 5 years ago
Florent Daigniere eb7895bd1c Don't do more work than necessary (/webdav) 
This is also fixing tokens on /webdav/
 5 years ago
Florent Daigniere 58b2cdc428 Don't do more work than necessary 5 years ago
bors[bot] 464e46b02b
Merge #1765 
1765: Set sensible cookie flags on the admin app r=mergify[bot] a=nextgens

## What type of PR?

Bugfix

## What does this PR do?

It sets the right flags on the session cookie issued by the admin app.
This should probably be backported as the lack of secure flag on TLS-enabled setup is a high risk vulnerability.

SameSite is hardening / helps against CSRF on modern browsers
HTTPOnly is hardening / helps reduce the impact of XSS

Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
 5 years ago
bors[bot] 47d6c697d0
Merge #1763 
1763: show flash messages again r=mergify[bot] a=lub

## What type of PR?

bug-fix

## What does this PR do?
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.

### Related issue(s)
- noticed it while reviewing #1756

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [-] In case of feature or enhancement: documentation updated accordingly
- [-] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
 5 years ago
bors[bot] cca4b50915
Merge #1607 
1607: _FILE variables for Docker swarm secrets r=mergify[bot] a=lub

## What type of PR?

enhancement

## What does this PR do?

This PR enables usage of DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY to load these values from files instead of supplying them directly. That way it's possible to use Docker secrets.

### Related issue(s)


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
 5 years ago
Florent Daigniere 0dcc059cd6 Add a new knob as discussed on matrix with lub 5 years ago
Jaume Barber 5bb67dfcbb Translated using Weblate (Basque) 
Currently translated at 100.0% (151 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/eu/
 5 years ago
Jaume Barber a49b9d7974 Translated using Weblate (Catalan) 
Currently translated at 99.3% (150 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
 5 years ago
Jaume Barber cd9992f79c Translated using Weblate (Swedish) 
Currently translated at 74.2% (121 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/sv/
 5 years ago
Jaume Barber afae5d1c24 Translated using Weblate (Russian) 
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ru/
 5 years ago
Jaume Barber 7a01a63389 Translated using Weblate (Portuguese) 
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/pt/
 5 years ago
Jaume Barber 480ec29d3d Translated using Weblate (Italian) 
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
 5 years ago
Jaume Barber 5e96a4bfcf Translated using Weblate (Spanish) 
Currently translated at 91.4% (149 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
 5 years ago
Jaume Barber 6143d66eb8 Translated using Weblate (English) 
Currently translated at 39.2% (64 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Anonymous 6da5978870 Translated using Weblate (German) 
Currently translated at 88.3% (144 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/de/
 5 years ago
Anonymous 58c22fd2c6 Translated using Weblate (English) 
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Jaume Barber 0dc8817f32 Translated using Weblate (English) 
Currently translated at 38.6% (63 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Anonymous 3d17000ceb Translated using Weblate (English) 
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Jaume Barber a2933d00f3 Translated using Weblate (English) 
Currently translated at 29.4% (48 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Jaume Barber 7c0158c5f8 Translated using Weblate (English) 
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Anonymous 7de94275a0 Translated using Weblate (English) 
Currently translated at 17.7% (29 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Jaume Barber 43133d8515 Added translation using Weblate (Basque) 5 years ago
Jaume Barber 5e0aa65c8d Translated using Weblate (Italian) 
Currently translated at 96.3% (157 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/it/
 5 years ago
Jaume Barber 725cdc270c Translated using Weblate (Spanish) 
Currently translated at 100.0% (163 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/es/
 5 years ago
Weblate a571704a9d Merge branch 'origin/master' into Weblate. 5 years ago
Jaume Barber b9c2dc1a79 Translated using Weblate (Catalan) 
Currently translated at 98.6% (149 of 151 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/ca/
 5 years ago
Anonymous 3a9a133226 Translated using Weblate (English) 
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Jaume Barber af251216b0 Translated using Weblate (English) 
Currently translated at 11.0% (18 of 163 strings)

Translation: Mailu/admin
Translate-URL: https://translate.tedomum.net/projects/mailu/admin/en/
 5 years ago
Florent Daigniere aa8cb98906 Set sensible cookie options 5 years ago
lub 88f992de16 show flash messages again 
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
 5 years ago
Mordi Sacks f56af3053a
Removed email address 5 years ago
dependabot[bot] 54ccfdf975
Bump cryptography from 2.6.1 to 3.2 in /core/admin 
Bumps [cryptography](https://github.com/pyca/cryptography) from 2.6.1 to 3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/2.6.1...3.2)

Signed-off-by: dependabot[bot] <support@github.com>
 5 years ago
cbachert 72a9ec5b7c Fix extract_host_port port separation 
Regex quantifier should be lazy to make port separation work.
 5 years ago
Dimitri Huisman 78890a97ff Preparations for 1.8 release. 5 years ago
lub 02cfe326d3 support using files for SECRET_KEY and DB_PW 
this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
 5 years ago
ofthesun9 539114a3d6
Merge branch 'master' into test-alpine-3.12 5 years ago
Brian Maloney 6bd14506c0
Explicitly define ProxyFix options 
Even though these seem to be the defaults, since 1.7 x_proto was not being honored (see #1309), this fixes this issue for me.
 5 years ago
ofthesun9 1d35b1283d Adjust python required packages for alpine:3.12 5 years ago