1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-20 20:22:38 +02:00
Commit Graph

130 Commits

Author SHA1 Message Date
bors[bot]
6ea4e3217a
Merge #1901
1901: treat localpart case insensitive again r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

fixes error introduced by #1604 where the localpart of an email address was handled case sensitive.
this screwed things up at various other places.
 
### Related issue(s)

closes #1895
closes #1900

Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-31 08:31:13 +00:00
Alexander Graf
6856c2c80f treat localpart case insensitive again
by lowercasing it where necessary
2021-07-30 22:26:20 +02:00
bors[bot]
9289fa6420
Merge #1896
1896: save dkim key after creation r=mergify[bot] a=ghostwheel42

## What type of PR?

bug-fix

## What does this PR do?

saves generated dkim key after creation vi web ui.
after the model change the domain object needs to be added and flushed via sqlalchemy.

### Related issue(s)

closes #1892


Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
2021-07-27 10:45:29 +00:00
Alexander Graf
54b46a13c6 save dkim key after creation 2021-07-25 15:51:13 +02:00
Alexander Graf
ad1b036f20 fix Email class 2021-07-24 20:21:38 +02:00
Alexander Graf
92896ae646 fix bugs in model and schema introduced by #1604 2021-07-03 11:40:32 +02:00
Alexander Graf
fbd945390d cleaned imports and fixed datetime and passlib use 2021-06-29 16:13:04 +02:00
Dimitri Huisman
6dc1a19390
Merge branch 'master' into import-export 2021-06-29 15:26:51 +02:00
bors[bot]
fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 12:32:21 +00:00
Florent Daigniere
875308d405 Revert "In fact it could be global"
This reverts commit f52984e4c3.
2021-06-04 09:51:58 +02:00
Florent Daigniere
f52984e4c3 In fact it could be global 2021-06-04 09:41:12 +02:00
Florent Daigniere
ae9206e968 Implement a simple credential cache 2021-06-04 09:41:12 +02:00
Alexander Graf
8bc4445572 Sync update of localpart, domain_name and email 2021-03-12 17:56:17 +01:00
Florent Daigniere
dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 2021-03-10 14:41:12 +01:00
Alexander Graf
dd2e218375 Merge remote-tracking branch 'upstream/master' into import-export 2021-03-09 13:31:21 +01:00
Florent Daigniere
96ae54d04d CryptContext should be a singleton 2021-03-09 12:05:46 +01:00
Florent Daigniere
5f05fee8b3 Don't need regexps anymore 2021-03-09 12:05:46 +01:00
Florent Daigniere
1c5b58cba4 Remove scheme_dict 2021-03-09 12:05:46 +01:00
Florent Daigniere
fda758e2b4 remove merge artifact 2021-03-09 12:04:42 +01:00
Florent Daigniere
57a6abaf50 Remove {scheme} from the DB if mailu has set it 2021-03-09 12:04:42 +01:00
Florent Daigniere
7137ba6ff1 Misc improvements to PASSWORD_SCHEME
- remove PASSWORD_SCHEME altogether
- introduce CREDENTIAL_ROUNDS
- migrate all old hashes to the current format
- auto-detect/enable all hash types that passlib supports
- upgrade passlib to 1.7.4 (see #1706: ldap_salted_sha512 support)
2021-03-09 12:04:42 +01:00
Florent Daigniere
00b001f76b Improve the token storage format
shortcomings of the previous format included:
- 1000x slower than it should be (no point in adding rounds since there
 is enough entropy: they are not bruteforceable)
- vulnerable to DoS as explained in
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html#security-issues
2021-03-09 12:04:42 +01:00
Alexander Graf
0a9f732faa added docstring to Logger. use generators. 2021-02-22 20:35:23 +01:00
Alexander Graf
bde7a2b6c4 moved import logging to schema
- yaml-import is now logged via schema.Logger
- iremoved relative imports - not used in other mailu modules
- removed develepment comments
- added Mailconfig.check method to check for duplicate domain names
- converted .format() to .format_map() where possible
- switched to yaml multiline dump for dkim_key
- converted dkim_key import from regex to string functions
- automatically unhide/unexclude explicitly specified attributes on dump
- use field order when loading to stabilize import
- fail when using 'hash_password' without 'password'
- fixed logging of dkim_key
- fixed pruning and deleting of lists
- modified error messages
- added debug flag and two verbosity levels
2021-02-19 18:01:02 +01:00
Alexander Graf
10435114ec updated remarks and docs 2021-02-16 15:36:01 +01:00
Alexander Graf
68caf50154 new import/export using marshmallow 2021-02-15 00:46:59 +01:00
Florent Daigniere
ef637f51b7 derive the SSO keys from a KDF 2021-02-07 17:58:19 +01:00
Florent Daigniere
906a051925 Make rainloop use internal auth 2021-02-07 17:50:17 +01:00
Alexander Graf
902b398127 next step for import/export yaml & json 2021-01-24 19:07:48 +01:00
Alexander Graf
8213d044b2 added docstrings, use f-strings, cleanup
- idna.encode does not encode upper-case letters,
  so .lower() has to be called on value not on result
- split email-address on '@' only once
- converted '*'.format(*) to f-strings
- added docstrings
- removed from_dict method
- code cleanup/style (list concat, exceptions, return&else, line-length)
- added TODO comments on possible future changes
2021-01-15 13:53:47 +01:00
Alexander Graf
c24bff1c1b added config_import using marshmallow 2021-01-14 01:11:04 +01:00
Alexander Graf
7413f9b7b4 config_dump now using marshmallow 2021-01-13 00:05:43 +01:00
Alexander Graf
82cf0d843f fix sqlalchemy column definitions 2021-01-08 14:22:11 +01:00
Alexander Graf
4c258f5a6b cosmetic changes & make linter happy
renamed single letter variables (m => match)
renamed classmethod arguments to cls (model)
removed shadowing of variables (hash, context)
shortened unneeded lambda functions (id)
converted type ... is to isinstance(...)
removed unneded imports (flask)
2021-01-06 16:45:55 +01:00
Alexander Graf
3b35180b41 cosmetic changes 2020-12-20 23:50:26 +01:00
Alexander Graf
815f47667b update dkim-key on commit only 2020-12-20 23:49:42 +01:00
Alexander Graf
0a594aaa2c cosmetic changes 2020-12-20 23:45:27 +01:00
Alexander Graf
0051b93077 removed unused variable 2020-12-16 22:39:50 +01:00
Alexander Graf
adc9c70c3e added dump option to dump dns data of domains 2020-10-24 22:31:32 +02:00
Alexander Graf
500967b2f5 ignore dkim_publickey when updating config 2020-10-24 22:31:29 +02:00
Alexander Graf
c46f9328f7 also dump dkim_publickey. allow key generation. 2020-10-24 22:31:26 +02:00
Alexander Graf
acc728109b validate dkim keys and allow removal 2020-10-24 22:31:13 +02:00
Alexander Graf
69ccf791d2 fixed data import via from_dict
- stabilized CommaSeparatedList by sorting values
- CommaSeparatedList can now handle list and set input

- from_dict now handles mapped keys
- from_dict now handles null values

- class Domain: handle dkim-key None correctly
- class User: delete obsolete keys after converting
- class Alias: now uses Email._dict_input
2020-08-26 23:16:37 +02:00
Alexander Graf
5c0efe82cf implemented config_update and config_dump
enhanced data model with to_dict and from_dict methods
added config_dump function to manage command
config_update now uses new data model methods
2020-08-26 11:27:38 +02:00
Alexander Graf
c26ddd3c68 fixed user's destination property
self.forward_destination is a list (and not string)
2020-08-26 11:19:01 +02:00
Alexander Graf
5dfccdafe9 fixed some minor typos, removed unused variable 2020-08-26 11:11:23 +02:00
Dario Ernst
da2dda49d4 Prefer specific alias over wildcard, regardless of case
Since direct addresses (not aliases) are case-insensitive since a while,
it makes sense for aliases to behave the same. Up until now, a wildcard
alias could trump a alias not-matching-the-case of the incoming address.
This clarifies this behavior.

closes #1387
2020-03-06 13:56:48 +01:00
Robert Meijers
989e4d5db5 Don't remove the address extension in postfix
Currently when the mail address is looked up by Postfix (using the admin
part) the address extension is removed. This is due to the address
extension being removed to look up the user, and afterwards returning
the users mail address. But by not returning the mail address including
the address extension it also isn't part anymore in the LMTP
communication to Dovecot. So Dovecot doesn't know about the extension,
and in turn the address extension can't be used in Sieve mail filtering.

This change fixes that by returning the original address by just
concatinating the "localpart" and domain again when the user is found.

Fixes #982
2019-12-27 21:11:50 +01:00
Dario Ernst
e22324adcd Make aliases case-insensitive (too)
Even though RFC5321 2.4 explains that local-parts are to be case-sensitive,
this does not seem to be how EMail is used today. Thus, instead of reverting
user-emails back to being case sensitive, let’s make aliases case-insensitive
too. Not only more consistent, this also allows users to enjoy receiving EMails
from large airlines or car-rental agencies onto their already existing aliases.

For the rare case of case sensitive aliases existing, let’s query for the
forced-lowercase alias only in the event that the preserved-case one isn’t
found …

closes #867
2019-04-14 12:02:12 +00:00
hoellen
6dea8b422a
Merge pull request #839 from hoellen/fix-create-onupdate-default
fix default value for created_at and updated_at
2019-01-16 12:11:13 +01:00