3124 Commits (d5896fb2c642f051df11edf13191060ac7d28358)
 

Author SHA1 Message Date
bors[bot] 0031f262cc
Merge #1871
1871: Replace PUBLIC_HOSTNAME/IP with real data in Received headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

This will ensure that we don't get spam points for not respecting the RFC (gmail is notorious for not liking it)

### Related issue(s)
- close #1448
- #466
- #191

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
bors[bot] d010f1d30d
Merge #1874
1874: Remove dot in blueprint name to prevent critical flask error r=mergify[bot] a=Diman0

## What type of PR?

Bug-fix 

## What does this PR do?
Currently setup uses the version (1.7, 1.8, master) as the blueprint name for the setup flask instance. Flask introduced a breaking change that does not allow a dot in the blueprint name anymore. As a result the setup container does not start. This PR contains the bug fix for this issue.


```
stable_1       |   File "/app/server.py", line 58, in build_app
stable_1       |     prefix_bp = flask.Blueprint(version, __name__)
stable_1       |   File "/usr/local/lib/python3.9/site-packages/flask/blueprints.py", line 195, in __init__
stable_1       |     raise ValueError("'name' may not contain a dot '.' character.")
stable_1       | ValueError: 'name' may not contain a dot '.' character.
stable_1       | Traceback (most recent call last):
```

 See https://flask.palletsprojects.com/en/2.0.x/changes/
```
Show an error when a blueprint name contains a dot. The . has special meaning, it is used to separate (nested) blueprint names and the endpoint name. #4041
```

### Related issue(s)
- #1814
- Closes #1818
- Closes #1869

I will close the linked issues personally once I have made the necessary changes on the infra machine after the backported PR has been merged. 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
Dimitri Huisman 2e883c7ae2 Add changelog 3 years ago
Dimitri Huisman 06019452e3 Remove dot in blueprint name to prevent critical flask initialisation error. 3 years ago
Yaron Shahrabani e0bf75ae17
Completed Hebrew translation 3 years ago
Florent Daigniere 1d65529c94 The lookup could fail; ensure we set something 3 years ago
Florent Daigniere 8bc1d6c08b Replace PUBLIC_HOSTNAME/IP in Received headers
This will ensure that we don't get spam points for not respecting the
RFC
3 years ago
bors[bot] c5ff72d657
Merge #1857
1857: disable startdate when autoreply is disabled r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

disable the reply startdate field when autoreply is disabled


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
bors[bot] de0536c694
Merge #1858
1858: Docs: Replace hardcoded journald logpath with systemd backend r=mergify[bot] a=networkException

The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.

## What type of PR?

documentation

## What does this PR do?

The path /var/log/messages does not apply for Ubuntu 20.04 for example, because of that I have looked
at alternative ways to access journald in fail2ban. The proper way seems to be to use the systemd
backend, this patch updates the documentation accordingly.

### Related issue(s)
*none*

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: networkException <git@nwex.de>
3 years ago
bors[bot] 0147b19064
Merge #1862
1862: fix #1861: allow colons in passwords: fix the parsing of http-basic auth headers r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a bug preventing colons from being used in passwords when using radicale/webdav.
Thank you to @parisni for reporting it and @ghostwheel42 for spotting it.

### Related issue(s)
- close #1861

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
Florent Daigniere a0dcd46483 fix #1861: Handle colons in passwords 3 years ago
networkException a2cf13c548
Template: Update link to changelog entry documentation for pull requests 3 years ago
networkException f80e04a8c5
Docs: Replace hardcoded journald logpath with systemd backend
The file at /var/log/messages is not universal for every
distribution. Fail2ban can access journald logs directly
by using the systemd backend.
3 years ago
Alexander Graf 180026bd77 also disable startdate 3 years ago
Alexander Graf 56cfcf8b64 converted tabs to spaces 3 years ago
Alexander Graf 6377ccb2cb re-add jquery and select2 used in app.js 3 years ago
Alexander Graf 3c8a8aa8f0 use less v3 to make less-loader happy 3 years ago
Alexander Graf 1bb059f4c1 switched to newest possible versions for nodejs v8 3 years ago
Alexander Graf 858312a5cb remove explicit jQuery dependency 3 years ago
Alexander Graf 3f91dcb7af compile scheme list using a generator 3 years ago
bors[bot] 66ea28b50a
Merge #1845
1845: Update rainloop to 1.16.0 r=mergify[bot] a=nextgens

## What type of PR?

Security-update for rainloop.

## What does this PR do?

Upgrade to rainloop v1.16

### Related issue(s)
- #1829

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago
bors[bot] cd4ef3285f
Merge #1852
1852: Improve ci r=mergify[bot] a=Diman0

## What type of PR?

Enhancement for CI. 

## What does this PR do?

Moved logic for configuring the tag for images for testing branch (bors try) and building the images, from deploy.sh (deploy job) to the Build job. Now the images are only built once during the build job. This saves about ~10 minutes for the CI workflow for bors try. Now for all situations (bors try, bors r+ and merge with master) should take around 20 minutes.

I did not create yet another newsfragment since it is an internal enhancement.
### Related issue(s)

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
3 years ago
bors[bot] 0cd52ae3ca
Merge #1853
1853: Update dependencies r=mergify[bot] a=ghostwheel42

## What type of PR?

security update python dependencies

## What does this PR do?

updates cryptography, Jinja2, pyOpenSSL and  PyYAML to current versions

### Related issue(s)

security updates as discussed in #1829


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Alexander Graf 3bb0d68ead add cargo to build cryptography 3 years ago
Alexander Graf 9790dcdabe updated dependencies 3 years ago
Dimitri Huisman c3f47f1ca0 Forgot that env var set in job 1 is not shared with job 2. Added logic for deriving MAILU_VERSION to deploy job. 3 years ago
Dimitri Huisman 58e751415c Yet another small typo. One day computers will understand I meant env.MAILU_BRANCH instead of MAILU_BRANCH. 3 years ago
Dimitri Huisman 7aa9b496fa Moved logic for building testing images from deploy job to build job. This should save time. Test number for ci workflow #1234 3 years ago
Florent Daigniere 474e5aa527 document 3 years ago
Florent Daigniere 72735ab320 remove cyrus-sasl-plain 3 years ago
Florent Daigniere 0211c06c37 don't need sudo here 3 years ago
Dimitri Huisman 0772e172ff
Merge pull request #1666 from cipianpascu/patch-1
Update front.yaml
3 years ago
Florent Daigniere 420afa53f8 Upgrade to alpine 3.14 3 years ago
bors[bot] 4a5f6b1f92
Merge #1791
1791: Enhanced session handling r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

- replaces flask_kvsession and simplekv with a mailu-specific session store
- call cleanup_sessions before first request and not on startup.
  this allows to run cmdline actions without redis (and makes it faster)
- allow running without redis for debugging purposes by setting MEMORY_SESSIONS to True
- don't sign session id, as it has plenty of entropy (as suggested by nextgens)
- adds method to prune a user's sessions

### Related issue(s)
- enhances and close #1787


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Florent Daigniere 11917a5011 mend 3 years ago
bors[bot] a61e17c777
Merge #1846
1846: fix newsfragment of #1841 r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

moves newsfragment to correct location.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Alexander Graf 8b71a92219 use fixed msg for key derivation 3 years ago
Alexander Graf 87fe34e0a3 fix newsfragment of #1841 3 years ago
Florent Daigniere d75c8469d3 Update rainloop to 1.16.0 3 years ago
bors[bot] 062205ee80
Merge #1841
1841: Update version of roundcube webmail and carddav plugin. r=mergify[bot] a=ghostwheel42

## What type of PR?

Security-update for roundcube-webmailer.

## What does this PR do?

This PR updates the Roundcube webmail to the latest version, also updates the roundcube carddav-plugin to a new version.

- roundcube 1.4.11
- carddav 4.1.2

### Related issue(s)

This PR superseeds PR #1739

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
bors[bot] 20db642795
Merge #1843
1843: fix bugs in model and schema introduced by #1604 r=mergify[bot] a=ghostwheel42

## What type of PR?

bug fix. linter complained about "== True" but with sqlalchemy this is correct

## What does this PR do?

### Related issue(s)
closes #1842

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Alexander Graf 92896ae646 fix bugs in model and schema introduced by #1604 3 years ago
Alexander Graf 2045ae2e10 updated changelog file 3 years ago
Alexander Graf 6740c77e43 small bugfix for exception 3 years ago
Alexander Graf 14bdeb5e1e Update version of roundcube webmail and carddav plugin.
This is a security update.

- roundcube 1.4.11
- carddav 4.1.2
3 years ago
Alexander Graf fab3168c23 Merge remote-tracking branch 'upstream/master' into kvsession 3 years ago
bors[bot] 7481a6d272
Merge #1604
1604: Added CLI command to export and import the configuration r=mergify[bot] a=ghostwheel42

## What type of PR?

enhancement

## What does this PR do?

This PR adds a `config-dump` cli command and updates the `config-update` cli command to
handle all possible items and parameters.
This was done by adding generic **to_dict** and **from_dict** methods to the Base model, so it should be quite future-proof.
The changes to `config-update` are backwards-compatible to the old command.
I've only removed the undocumented yaml-section _managers_ - managers can now be defined in the _users_ section.

The YAML now looks like this:

```
  aliases:
    - email: email@example.com
      destination:
        - address@example.com
  
  domains:
    - name: example.com
      alternatives:
        - alternative.tld
  
  relays:
    - name: relay.example.com
      smtp: mx.example.com
  
  users:
    - email: postmaster@example.com
      displayed_name: 'Postmaster'
      enable_imap: true
      enable_pop: false
      enabled: true
      forward_destination:
        - address@remote.example.com
      forward_enabled: true
      forward_keep: true
      global_admin: true
      manager_of:
        - example.com
      password: '{BLF-CRYPT}$2b$12$...'
      spam_enabled: true
      spam_threshold: 80

```

### Related issue(s)
- Closes issue #1377

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [X] In case of feature or enhancement: documentation updated accordingly
- [X] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
3 years ago
Alexander Graf fbd945390d cleaned imports and fixed datetime and passlib use 3 years ago
Dimitri Huisman 6dc1a19390
Merge branch 'master' into import-export 3 years ago
bors[bot] fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
3 years ago