1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

966 Commits

Author SHA1 Message Date
Florent Daigniere
50f8a5cb65 Ensure we log which account is invalid 2023-06-02 11:39:42 +02:00
Florent Daigniere
22edc15de2
Update core/admin/mailu/internal/views/auth.py 2023-05-31 11:36:28 +02:00
Dimitri Huisman
8c206e8a9b
Retrieve raw password on the correct location 2023-05-31 09:08:03 +00:00
Dimitri Huisman
10a3d1eabb
Get the password from the source.
Remove password from response (not needed)
2023-05-30 15:06:32 +00:00
Dimitri Huisman
008cbdb6b1
Also url encode the password when authentication fails 2023-05-30 14:31:29 +00:00
Dimitri Huisman
5f94be871c
Authentication failed for email clients when the password contained a non latin-1 character. 2023-05-30 14:09:16 +00:00
bors[bot]
589c426601
Merge #2818
2818: Improve auth-related logging r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Improve auth-related logging

### Related issue(s)
- closes #2803 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-05-30 09:01:42 +00:00
bors[bot]
b6c093dfd6
Merge #2790
2790: Implement managesieve support r=mergify[bot] a=nextgens

## What type of PR?

Feature

## What does this PR do?

This is a better a alternative to #2773

Expose managesieve to the outside world.

### Related issue(s)
- close #2773
- #428
- #113
- #81
- #1222

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-05-26 14:11:33 +00:00
Florent Daigniere
cab27f77c1 Don't send ooo messages to noreply@ 2023-05-16 10:29:39 +02:00
Florent Daigniere
c68f4d93cf Merge remote-tracking branch 'origin/improve-logs' into improve-logs 2023-05-13 11:59:22 +02:00
Florent Daigniere
1ffb78103f quote the comments 2023-05-13 11:55:54 +02:00
Florent Daigniere
1042911732
Update nginx.py
Fix typo
2023-05-12 21:14:39 +02:00
Florent Daigniere
e88199e274
Update nginx.py
Doh
2023-05-12 20:27:29 +02:00
Florent Daigniere
c60e2fa52c add token.comment too 2023-05-12 19:41:32 +02:00
Florent Daigniere
bd3986131d review 2023-05-12 19:35:06 +02:00
Florent Daigniere
c44537d318 Need this too 2023-05-09 12:17:16 +02:00
Florent Daigniere
6ee913502e Improve auth-related logging 2023-05-06 17:37:16 +02:00
Florent Daigniere
86ff5f7b71 Merge remote-tracking branch 'upstream/master' into managesieve-proxy 2023-04-20 18:53:17 +02:00
Florent Daigniere
107b0ab5ff Implement managesieve support 2023-04-20 15:36:17 +02:00
Florent Daigniere
5a55d1824e Make it happen post-deduplication 2023-04-16 12:57:20 +02:00
Florent Daigniere
21ed7b69a8 ratelimit: ensure we hit the ip-ratelimit on unsuccesful attempts
against a valid account
2023-04-16 11:30:14 +02:00
Florent Daigniere
775033391a doh 2023-04-14 13:56:39 +02:00
Florent Daigniere
c363378005 Always exempt app-tokens from rate limits 2023-04-14 12:51:43 +02:00
Dimitri Huisman
c54271db32
Fix config-import. Config with dkim key could not be imported. 2023-04-07 14:19:17 +00:00
bors[bot]
0cc7c2fd05
Merge #2735
2735: Mailu 2.0 release r=mergify[bot] a=Diman0

## What type of PR?

feature

## What does this PR do?
Changes for releasing Mailu 2.0.  I must still proofread the release notes I wrote.

### Related issue(s)
- closes #2215

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-05 07:03:37 +00:00
Florent Daigniere
94ef62a884 Don't rate-limit port 25, ever. 2023-04-04 12:47:11 +02:00
Florent Daigniere
ab7b82d05b Clarify 2023-04-04 11:33:34 +02:00
Florent Daigniere
040dd82d3e fix bug 2023-04-04 11:30:59 +02:00
Dimitri Huisman
e88fa6a1f5
Merge branch 'master' into new-release-mailu 2023-04-04 08:00:25 +00:00
bors[bot]
b68e132369
Merge #2733
2733: Ensure we always ask for the existing password before allowing a change r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Ensure we always ask for the existing password before allowing a change.

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2023-04-04 07:11:56 +00:00
bors[bot]
cae01a36b4
Merge #2732
2732: Only account for distinct attempts in rate limits r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Only account for distinct attempts in rate limits. This is solving the problem related to users changing their passwords and having their client hammer the old credentials.

Reduce the default to 50 distinct passwords per day

### Related issue(s)

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Florent Daigniere <nextgens@users.noreply.github.com>
2023-04-03 20:40:10 +00:00
Dimitri Huisman
453acad21f
Initial changes for Mailu 2.0 release 2023-04-02 16:45:42 +00:00
Florent Daigniere
c0f1f58f55 No need for that 2023-04-02 18:03:44 +02:00
Florent Daigniere
7dc2912770
Update core/admin/mailu/limiter.py
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-04-02 17:11:16 +02:00
Florent Daigniere
52de10a5e5 resets don't need the current password 2023-04-02 16:41:12 +02:00
Florent Daigniere
616e4a7734 Ensure we always ask for the existing password before allowing a change 2023-04-02 16:35:15 +02:00
Florent Daigniere
795a7bafa2 should never happen but heh 2023-04-01 12:22:44 +02:00
Florent Daigniere
04a2cdab2f Only account for distinct attempts in rate limits 2023-04-01 11:33:02 +02:00
Didier 'OdyX' Raboud
e31dc0eb90
l10n fr: uppercase accented 'status' 2023-03-28 13:22:56 +02:00
Didier 'OdyX' Raboud
45f1a4b5f7
l10n fr: add DNS TLS and autoconfig translations 2023-03-28 13:22:41 +02:00
Didier 'OdyX' Raboud
4d6457af1a
l10n fr: fix Relayed domains' plural 2023-03-28 13:22:23 +02:00
Dimitri Huisman
709edb522b
Introduce connection string (database url) for roundcube.
Remove database choice from setup.
Remove the old *DB_* database env variables from the documentation.
The env vars are deprecated now. They will be removed after the upcoming
Mailu release.
2023-03-26 12:21:00 +00:00
Dimitri Huisman
f20208fb4b
Fix error in check for proxy scenario 2023-03-18 09:05:18 +00:00
Dimitri Huisman
20bf0e8a65
Add fix for wrong redirect in proxy scenario and accessing WEBROOT_REDIRECT 2023-03-18 08:40:45 +00:00
Dimitri Huisman
29bfc9dd9d
Add fallback just in case X-Forwarded-By is empty. 2023-03-18 08:16:30 +00:00
Dimitri Huisman
25b9db4b00
Proxy endpoint was checking real client ip instead of proxy ip
for validating PROXY_AUTH_WHITELIST
2023-03-18 08:14:46 +00:00
bors[bot]
5fbfb3cb1c
Merge #2566
2566: Make it clear that we don't delete users r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Make it clear that we don't delete users. Users can and should be disabled when not in use anymore.

### Related issue(s)
- closes #1820

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
Co-authored-by: Alexander Graf <ghostwheel42@users.noreply.github.com>
Co-authored-by: Dimitri Huisman <diman@huisman.xyz>
Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com>
2023-03-17 11:55:11 +00:00
Dimitri Huisman
c482c71f6c
Add missing () 2023-03-16 22:49:07 +01:00
Dimitri Huisman
31faee4218
Merge branch 'master' into delete-disable 2023-03-15 18:16:46 +01:00
Florent Daigniere
1831ca3b1e Handle WEBROOT_REDIRECT better 2023-03-14 09:40:43 +01:00