3849 Commits (f994c8687ed35402d6a1a7750f2a61ce8cfb8451)
 

Autor SHA1 Mensaje Fecha
DjVinnii 49d68fa6d1 Fix horizontal scrollbar in sidebar hace 5 años
DjVinnii 7d3c9d412d Change tables to datatables hace 5 años
DjVinnii cdfa94c243 Make main action float right hace 5 años
DjVinnii 0c5fda3fca Change macros.box to macros.card hace 5 años
DjVinnii deca6e0c4a update user/settings hace 5 años
DjVinnii 6b3170cb4c Update side menu hace 5 años
DjVinnii c97728289b Update node version for building the image (AdminLTE requires node 10 or higher) hace 5 años
DjVinnii e46d9e1fc9 Update admin-lte version in package.json hace 5 años
Vincent Kling d9a9cb409e
Merge pull request #1 from Mailu/master
Update branche from remote/master
hace 5 años
Vincent Kling c6d0ef229f
Update messages.po hace 5 años
bors[bot] ff4d3f4d37
Merge #1792
1792: Update fail2ban documentation r=mergify[bot] a=ronivay

## What type of PR?

documentation

## What does this PR do?

Update fail2ban documentation. Use DOCKER-USER chain instead of FORWARD chain for fail2ban rules so that they are always processed before any other rules added by docker itself. Also add instructions how to make fail2ban start after docker to prevent fail2ban from failing because of missing DOCKER-USER chain in iptables.

### Related issue(s)
closes #1727 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.




Co-authored-by: ronivay <roni@vayrynen.info>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
hace 5 años
Dimitri Huisman 0bdf84dd25
Update faq.rst
Some spelling improvements.
hace 5 años
ronivay 75baa1da99 Update fail2ban documentation hace 5 años
Alexander Graf f0f79b23a3 Allow cleanup of sessions by key&value in data
This can be used to delete all sessions belonging to a user/login.
For no it just iterates over all sessions.
This could be enhanced by using a prefix for and deleting by prefix.
hace 5 años
Alexander Graf 83b1fbb9d6 Lazy loading of KVSessionExtension
- call cleanup_sessions on first kvstore access
  this allows to run cmdline actions without redis (and makes it faster)
- Allow development using DictStore by setting REDIS_ADDRESS to the empty string in env
- don't sign 64bit random session id as suggested by nextgens
hace 5 años
Alexander Graf 8bc4445572 Sync update of localpart, domain_name and email hace 5 años
Alexander Graf 0c38128c4e Add pygments to requirements hace 5 años
Alexander Graf 9cb6962335 Moved MyYamlLexer into logger
now cmdline runs without pygments
hace 5 años
bors[bot] 1fd7a9c578
Merge #1761
1761: check for `ipv6_enabled` in the compose template r=nextgens a=lub

Checking only `ipv6` isn't sufficient, because it has a default value.

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
-

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [it's a minor change] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
hace 5 años
Alexander Graf ce9a9ec572 always init Logger first hace 5 años
Alexander Graf c17bfae240 correct rfc3339 datetime serialization
now using correct timezone
hace 5 años
Alexander Graf dc5464f254 Merge remote-tracking branch 'upstream/master' into import-export hace 5 años
Alexander Graf e90d5548a6 use RFC3339 for last_check
fixed to UTC for now
hace 5 años
Florent Daigniere dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso hace 5 años
bors[bot] 9c57f2ac39
Merge #1785
1785: Fix bug #1660 (don't replace nested headers) r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Don't replace nested headers (typically in forwarded/attached emails). This will ensure we don't break cryptographic signatures.

### Related issue(s)
- close #1660

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
hace 5 años
bors[bot] 25e8910b89
Merge #1783
1783: Switch to server-side sessions r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

It simplifies session management.
- it ensures that sessions will eventually expire (*)
- it implements some mitigation against session-fixation attacks
- it switches from client-side to server-side sessions (in Redis)

It doesn't prevent us from (re)-implementing a "remember_me" type of feature if that's considered useful by some.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
hace 5 años
bors[bot] 327884e07c
Merge #1610
1610: add option to enforce inbound starttls r=mergify[bot] a=lub

## What type of PR?

Feature

## What does this PR do?
It implements a check in the auth_http handler to check for Auth-SSL == on and otherwise returns a 530 starttls error.
If INBOUND_TLS_ENFORCE is not set the behaviour is still the same as before, so existing installations should be unaffected.

Although there is a small difference to e.g. smtpd_tls_security_level of Postfix.

Postfix already throws a 530 after mail from, but this solution only throws it after rcpt to. auth_http is only the request after rcpt to, so it's not possible to do it earlier.

### Related issue(s)
#1328 is kinda related, although this PR doesn't solve the issue that the headers will still display ESMTP instead of ESMTPS

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: lub <git@lubiland.de>
hace 5 años
bors[bot] 7469bb7087
Merge #1638
1638: Remove the username from the milter_headers r=mergify[bot] a=githtz

Rspamd adds the name of the authenticated user by default. Setting add_smtp_user to false prevents the login to be leaked.

## What type of PR?
Enhancement

## What does this PR do?
This PR prevents the user login to be leaked in sent emails (for example using an alias)

### Related issue(s)
Closes https://github.com/Mailu/Mailu/issues/1465

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: anrc <15327800+githtz@users.noreply.github.com>
hace 5 años
lub f3f0a4d86d
Merge branch 'master' into enforce-tls-admin hace 5 años
Florent Daigniere b872b46097 towncrier hace 5 años
Florent Daigniere 97be7359fe towncrier hace 5 años
Florent Daigniere 513d2a4c5e Fix bug #1660: nested headers shouldn't be touched hace 5 años
Florent Daigniere 64d757582d Disable anti-csrf on the login form
The rationale is that the attacker doesn't have the password...
and that doing it this way we avoid creating useless sessions
hace 5 años
Florent Daigniere 481cb67392 cleanup old sessions on startup hace 5 años
Florent Daigniere b9becd8649 make sessions expire hace 5 años
Florent Daigniere a1d32568d6 Regenerate session-ids to prevent session fixation hace 5 años
Florent Daigniere d459c37432 make session IDs 128bits hace 5 años
Florent Daigniere 22af5b8432 Switch to server-side sessions in redis hace 5 años
Alexander Graf dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export hace 5 años
bors[bot] 7e2db9c9c3
Merge #1753
1753: Better password storage r=nextgens a=nextgens

## What type of PR?

Enhancement: optimization of the logic to speedup authentication requests, support the import of most hashes passlib supports.

## What does this PR do?

- it changes the default password cold-storage format to sha256+bcrypt
- it enhances the logic to ensure that no CPU cycles are wasted when valid credentials are found
- it fixes token authentication on /webdav/
- it lowers the number of rounds used for token storage (on the basis that they are high-entropy: not bruteforceable and speed matters)
- it introduces a new setting to set the number of rounds used by the password hashing function (CREDENTIAL_ROUNDS). The setting can be adjusted as required and existing hashes will be migrated to the new cost-factor.
- it updates the version of passlib in use and enables all supported hash types (that will be converted to the current settings on first use)
- it removes the PASSWORD_SCHEME setting

### Related issue(s)
- close #1194
- close #1662
- close #1706

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
hace 5 años
Florent Daigniere 96ae54d04d CryptContext should be a singleton hace 5 años
Florent Daigniere 5f05fee8b3 Don't need regexps anymore hace 5 años
Florent Daigniere 1c5b58cba4 Remove scheme_dict hace 5 años
Florent Daigniere 45e5cb9bb3 Improve the towncrier messages hace 5 años
Florent Daigniere 20d2b621aa Improve the description of CREDENTIAL_ROUNDS hace 5 años
Florent Daigniere df230cb482 Refactor auth under nginx.check_credentials() hace 5 años
Florent Daigniere f9ed517b39 Be specific token length hace 5 años
Florent Daigniere d0b34f8e24 Move CREDENTIAL_ROUNDS to advanced settings hace 5 años
Florent Daigniere 29306d5abb Fix the tests (again) hace 5 años
Florent Daigniere 89d88e0c19 Fix the test hace 5 años