1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-16 10:59:53 +02:00
Commit Graph

288 Commits

Author SHA1 Message Date
Tim Möhlmann
3c7bf58211
Upgrade PyYAML
CVE-2017-18342
Vulnerable versions: < 4.2b1
Patched version: 4.2b1
In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.
2019-01-04 21:52:43 +02:00
hoellen
d5d4d6c337 harden email address validation and fix routes with user_email 2019-01-04 18:05:56 +01:00
Ionut Filip
01ec6e7bf3 Removed undefined function 2019-01-04 16:48:51 +02:00
mergify[bot]
d483ef3c2a
Merge pull request #792 from hoellen/admin-broken-links-1
fix broken webmail and logo url in admin
2019-01-02 17:18:46 +00:00
Tim Möhlmann
74fe177297
Merge pull request #785 from TheLegend875/feat-displayed-name
Feature: send auto reply with displayed name
2019-01-02 19:14:17 +02:00
hoellen
f617e82c06 fix broken webmail and logo url in admin 2019-01-02 14:08:03 +01:00
Tim Möhlmann
4068c5b751
Versioning for mysqlclient and psycopg2 2018-12-31 18:22:24 +02:00
Tim Möhlmann
b2823c23b8
Merge remote-tracking branch 'upstream/master' into feat-psql-support 2018-12-31 18:20:39 +02:00
Tim Möhlmann
9eaeb80a27
Finalize merge with kaiyou/feat-multiple-db 2018-12-31 18:02:07 +02:00
TheLegend875
999d2a9557 changed default.sieve to send displayed name 2018-12-30 22:06:36 +01:00
TheLegend875
2954d84790 added necessary ui elements 2018-12-30 22:06:36 +01:00
TheLegend875
56f4d4c894 fixed auto-forward 2018-12-30 22:05:33 +01:00
TheLegend875
5bdbbf60d7 fixed display of username when not logged in 2018-12-28 19:30:23 +01:00
Dario Ernst
c2d45a47fe Attempt stripping recipient delimiter from localpart
Since postfix now asks us for the complete email over podop, which
includes the recipient-delimiter-and-what-follows not stripped, we need
to attempt to find both the verbatim localpart, as well as the localpart
stripped of the delimited part ….

Fixes #755
2018-12-27 16:31:59 +01:00
Tim Möhlmann
19df86f13f
Merge pull request #764 from usrpro/fix-alias-bug
Added regex validation for alias username
2018-12-27 11:54:43 +02:00
Tim Möhlmann
af086bbdbe
Include DKIM in VOLUME 2018-12-20 17:47:15 +02:00
Ionut Filip
8fc2846924 Added regex validation for alias username 2018-12-18 17:06:39 +02:00
Tim Möhlmann
3c4ee1b31e
Merge pull request #743 from kaiyou/master
Fixes #738 regarding application context
2018-12-14 11:09:27 +02:00
ofthesun9
97b3a85090
Merge pull request #737 from hoellen/fix-alias-match-behaviour
fix alias match behaviour
2018-12-13 20:34:09 +01:00
mergify-bot
09a50b6cfc Merge branch 'master' into 'master' 2018-12-13 19:14:20 +01:00
kaiyou
4060ac2223 Remove some forgotten debugging 2018-12-13 15:19:34 +01:00
kaiyou
087841d5b7 Fix the way we handle the application context
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.

This explains/fixes #738: flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
2018-12-13 14:23:17 +01:00
kaiyou
b5f51b0e2e Update python dependencies 2018-12-13 14:10:43 +01:00
kaiyou
8707b0fcd7 Use a dictionary of db connection string templates 2018-12-10 15:30:53 +01:00
kaiyou
19f18e2240 Lowercase relays as well as other tables 2018-12-10 15:16:30 +01:00
kaiyou
7e388e472a Handle relay name as an Idna domain 2018-12-10 15:16:30 +01:00
kaiyou
871aa14c9a Lowercase every domain name and email 2018-12-10 15:16:30 +01:00
kaiyou
3df9b3962d Add default columns to the configuration table 2018-12-10 15:16:30 +01:00
kaiyou
b88f61f183 Name all constraints when creating them
Prefious commit set the constraint names for existing databases.
New databases can now have named constraints from the ground up.
2018-12-10 15:16:30 +01:00
kaiyou
b8282b1d46 Support named constraints for multiple backends
Supporting multiple backends requires that specific sqlite
collations are not used, thus lowercase is applied to all non
case-sensitive columns. However, lowercasing the database requires
temporary disabling foreign key constraints, which is not possible
on SQLite and requires we specify the constraint names.

This migration specific to sqlite and postgresql drops every
constraint, whether it is named or not, and recreates all of them
with known names so we can later disable them.
2018-12-10 15:16:30 +01:00
kaiyou
e022513a94 Fix support for postgres and mysql 2018-12-10 15:16:30 +01:00
kaiyou
a881a1a839 Revert "Make current migrations work with postgresql"
This reverts commit 9b9f3731f6.
2018-12-10 15:03:12 +01:00
kaiyou
76925e82f3 Revert "Implement CIText as NOCASE alternative in postgresql"
This reverts commit 0f3c1b9d15.
2018-12-10 15:01:27 +01:00
kaiyou
f52ae5535c Revert "Created function for returning email type"
This reverts commit 436055f02c.
2018-12-10 14:58:18 +01:00
kaiyou
f6520eace6 Merge branch 'feat-psql-support' of https://github.com/usrpro/Mailu into usrpro-feat-psql-support 2018-12-10 14:50:38 +01:00
hoellen
8fe9e695f3 prefer non-wildcard aliases over wildcard aliases 2018-12-10 08:40:10 +01:00
hoellen
79768c09f6 fix alias matching behaviour 2018-12-09 19:49:23 +01:00
Tim Möhlmann
8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
2018-12-06 12:08:22 +02:00
kaiyou
b6aaf57be1 Merge branch 'refactor-config' of github.com:kaiyou/mailu into refactor-config 2018-12-06 10:33:21 +01:00
kaiyou
d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config 2018-12-06 10:23:43 +01:00
mergify[bot]
2d4bac03ad
Merge pull request #723 from usrpro/clean-healthcheck-logs
Admin: Prevent redirects during health checking
2018-12-05 18:09:14 +00:00
mergify[bot]
a382f74680
Merge pull request #705 from usrpro/fix-recaptcha
Fix recaptcha
2018-12-05 18:05:22 +00:00
mergify[bot]
37027cfce7
Merge pull request #633 from kaiyou/fix-sender-checks
Improve sender checks
2018-12-05 16:03:24 +00:00
Tim Möhlmann
d18cf7cb25
Prevent redirects during health checking 2018-12-05 17:43:42 +02:00
Tim Möhlmann
c9df311a0d
Set forward_destination to an empty list
The value of `None` resulted in an error, since a list was expected.
2018-12-04 16:22:18 +02:00
Tim Möhlmann
eff6c34632
Catch asterisk before resolve_domain
Asterisk results in IDNA error and a 500 return code.
2018-12-04 15:40:07 +02:00
Ionut Filip
7b8835070d Added tenacity retry fir migrations connection 2018-12-03 15:25:10 +02:00
David Rothera
88c174fb7a Query alternative table for domain matches
At present postfix checks this view for matches in the domain table and is used to accept/deny messages sent into it however it never checks for matches in the alternative table.

Fixes #718
2018-12-02 11:21:42 +00:00
Ionut Filip
436055f02c Created function for returning email type 2018-11-21 13:43:06 +01:00
Tim Möhlmann
47a3fd47b5
Fix DB_FLAVOR condition testing for models.py 2018-11-20 18:18:33 +02:00
Tim Möhlmann
0f3c1b9d15
Implement CIText as NOCASE alternative in postgresql 2018-11-20 14:41:17 +02:00
Tim Möhlmann
9b9f3731f6
Make current migrations work with postgresql 2018-11-19 19:10:38 +02:00
Tim Möhlmann
8bdc0c71af
Allow for setting a different DB flavor 2018-11-14 14:58:54 +02:00
Ionut Filip
fed7146873 Captcha check on signup form 2018-11-09 12:30:49 +02:00
Tim Möhlmann
4783e61693
Fix password context
Fixes the following error:
```
admin_1      | [2018-11-09 09:44:10,533] ERROR in app: Exception on /internal/auth/email [GET]
admin_1      | Traceback (most recent call last):
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
admin_1      |     response = self.full_dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
admin_1      |     rv = self.handle_user_exception(e)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
admin_1      |     reraise(exc_type, exc_value, tb)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
admin_1      |     raise value
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
admin_1      |     rv = self.dispatch_request()
admin_1      |   File "/usr/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
admin_1      |     return self.view_functions[rule.endpoint](**req.view_args)
admin_1      |   File "/usr/lib/python3.6/site-packages/flask_limiter/extension.py", line 544, in __inner
admin_1      |     return obj(*a, **k)
admin_1      |   File "/app/mailu/internal/views/auth.py", line 18, in nginx_authentication
admin_1      |     headers = nginx.handle_authentication(flask.request.headers)
admin_1      |   File "/app/mailu/internal/nginx.py", line 48, in handle_authentication
admin_1      |     if user.check_password(password):
admin_1      |   File "/app/mailu/models.py", line 333, in check_password
admin_1      |     context = User.pw_context
admin_1      | AttributeError: type object 'User' has no attribute 'pw_context'
```
2018-11-09 11:45:08 +02:00
kaiyou
72e1b444ca Merge alembic migrations 2018-11-08 21:55:39 +01:00
kaiyou
5b769e23da Merge branch 'master' into refactor-config 2018-11-08 21:43:05 +01:00
kaiyou
02995f0a15 Add a mailu command line to flask 2018-11-08 21:29:30 +01:00
kaiyou
f9e30bd87c Update the dockerfile and upgrade dependencies 2018-11-08 21:29:11 +01:00
kaiyou
4a7eb1eb6c Explicitely declare flask migrate 2018-11-08 20:32:23 +01:00
kaiyou
2a8808bdec Add the configuration table migration 2018-11-08 20:32:06 +01:00
kaiyou
f57d4859f3 Provide an in-context wrapper for getting users 2018-11-08 20:30:41 +01:00
kaiyou
f6013aa29f Fix an old migration that was reading configuration before migrating 2018-11-08 20:30:20 +01:00
kaiyou
206cce0b47 Finish the configuration bits 2018-11-08 20:29:52 +01:00
Ionut Filip
1bbf3f235d Using a new class when captcha is enabled 2018-11-07 09:58:49 +02:00
mergify[bot]
12689965bd
Merge pull request #699 from usrpro/fix-admin-bug
Fixed admin_1 errors in the logs
2018-11-06 18:10:52 +00:00
hoellen
680ad4b67a
Catching only ValueError
Co-Authored-By: ionutfilip <ionut.philip@gmail.com>
2018-11-05 19:36:28 +02:00
mergify[bot]
e08f3e81d0
Merge pull request #680 from usrpro/feat-startup
Standarize images
2018-11-02 17:36:28 +00:00
Ionut Filip
6dcc33e390 Fixed admin_1 errors in the logs
Fixed errors when trying to log in with an account without domain.
This closes #585
2018-11-02 12:14:23 +02:00
Tim Möhlmann
42e2dbe35d
Standarize image by using shared / similair layers 2018-10-31 19:17:23 +02:00
Tim Möhlmann
5fa2aac569
Fix imap login when no webmail selected 2018-10-31 17:47:05 +02:00
Tim Möhlmann
903bb70c5b
Merge remote-tracking branch 'upstream/master' into standarize-images 2018-10-31 16:22:21 +02:00
Scott
56fb74c502 Fix typo (duplicate self). Fixes #683 2018-10-23 10:47:31 -05:00
Ionut Filip
8a44a44688
Merge branch 'master' into feat-startup 2018-10-23 12:51:32 +03:00
Ionut Filip
1187cac5e1 Finished up switching from .sh to .py 2018-10-23 11:58:36 +03:00
Tim Möhlmann
ed81c076f2
Take out "models" path, as we are already in it 2018-10-23 11:53:52 +03:00
Tim Möhlmann
aed80a74fa
Rectify decleration of domain_name 2018-10-23 11:52:15 +03:00
Tim Möhlmann
2d382f2d67
Merge branch 'master' into fix-sender-checks 2018-10-23 10:58:29 +03:00
Ionut Filip
0e5606d493 Changed start.sh to start.py 2018-10-22 18:01:59 +03:00
Tim Möhlmann
81b24f61e8
Merge branch 'master' into feat-healthchecks 2018-10-21 20:58:59 +03:00
kaiyou
1fcaef7c7e
Merge branch 'master' into fix-sender-checks 2018-10-20 10:18:36 +02:00
hoellen
72d4fa2bc9
remove empty line from merge conflict 2018-10-19 22:13:38 +02:00
hoellen
857ad50509
Merge branch 'master' into feat-reply-startdate 2018-10-19 22:06:56 +02:00
kaiyou
82069ea3f0 Clean most of the refactored code 2018-10-18 17:55:07 +02:00
kaiyou
f40fcd7ac0 Use click for the manager command 2018-10-18 16:20:56 +02:00
kaiyou
fc24426291 First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00
kaiyou
01fa179767 Update the user password in database when needed 2018-10-17 21:22:22 +02:00
kaiyou
988e09e65e Add a profiler in debug mode for improving performance 2018-10-17 21:22:15 +02:00
kaiyou
dba8f1810d Do not check the password another time in Dovecot 2018-10-17 21:22:09 +02:00
kaiyou
ed3388ed6e Merge branch 'master' into feat-reply-startdate 2018-10-16 23:53:43 +02:00
Thomas Sänger
39272ab05c
add healthcheck for http services 2018-10-16 21:38:12 +02:00
kaiyou
e784556330 Fix an edge case with old values containing None for coma separated lists 2018-10-16 20:47:38 +02:00
kaiyou
f647d1a0bc Merge branch 'master' into fix-sender-checks 2018-10-16 20:41:18 +02:00
kaiyou
5ada669f43 Rebase reply startdate on master 2018-10-16 20:38:18 +02:00
mergify[bot]
bee81d1a54
Merge pull request #647 from HorayNarea/bcrypt
support bcrypt and use it as default
2018-10-16 17:50:44 +00:00
kaiyou
c6846fd8db Merge branch 'master' into feat-reply-startdate 2018-10-15 21:52:06 +02:00
Thomas Sänger
6aafef88bd
remove apk-warning about cache 2018-10-11 02:57:13 +02:00
Thomas Sänger
c8b39c5d4a
support bcrypt and use it as default 2018-10-10 19:29:23 +02:00
kaiyou
00b5ae11db
Merge branch 'master' into feat-abstract-db 2018-10-10 08:41:56 +02:00
kaiyou
508e519a34 Refactor the postfix views and implement sender checks 2018-10-07 16:24:48 +02:00