Florent Daigniere
22edc15de2
Update core/admin/mailu/internal/views/auth.py
2023-05-31 11:36:28 +02:00
Dimitri Huisman
8c206e8a9b
Retrieve raw password on the correct location
2023-05-31 09:08:03 +00:00
Dimitri Huisman
10a3d1eabb
Get the password from the source.
...
Remove password from response (not needed)
2023-05-30 15:06:32 +00:00
Florent Daigniere
6ee913502e
Improve auth-related logging
2023-05-06 17:37:16 +02:00
Florent Daigniere
c363378005
Always exempt app-tokens from rate limits
2023-04-14 12:51:43 +02:00
Florent Daigniere
94ef62a884
Don't rate-limit port 25, ever.
2023-04-04 12:47:11 +02:00
Florent Daigniere
ab7b82d05b
Clarify
2023-04-04 11:33:34 +02:00
Florent Daigniere
040dd82d3e
fix bug
2023-04-04 11:30:59 +02:00
Florent Daigniere
04a2cdab2f
Only account for distinct attempts in rate limits
2023-04-01 11:33:02 +02:00
Florent Daigniere
66b7c76836
Doh. Without this email delivery from RELAYNET is broken
2023-02-09 16:04:13 +01:00
Florent Daigniere
e2a25c79fc
only account attempts for distinct usernames in ratelimits
2023-02-04 16:36:16 +01:00
hitech95
fc8926493c
admin: graceful fail on user fetch in basic auth
...
Signed-off-by: hitech95 <nicveronese@gmail.com>
2022-03-27 13:17:57 +02:00
Alexander Graf
630a4e9b5e
Update auth.py
...
Add spaces
2022-03-18 20:05:16 +01:00
Maximilian Fischer
8775dc5b15
Fixing AUTH_RATELIMIT_IP not working on imap/pop3/smtp
...
#2283
2022-03-17 20:36:23 +01:00
Florent Daigniere
a4ed464170
doh
2022-03-09 19:29:39 +01:00
Florent Daigniere
7bd1fd3489
fix 2145
2022-01-07 09:07:32 +01:00
Florent Daigniere
7f89a29790
Fix 2125
...
Make the caller responsible to know whether the rate-limit code should
be called or not
2022-01-03 13:38:21 +01:00
Florent Daigniere
fe18cf9743
Fix 2080
...
Ensure that webmail tokens are in sync with sessions
2021-12-19 23:24:44 +01:00
Florent Daigniere
f3c93212c6
The Rate-limiter should run after the deny
2021-10-31 19:41:12 +01:00
Dimitri Huisman
44d2448412
Updated SSO logic for webmails. Fixed small bug rate limiting.
2021-10-25 19:21:38 +00:00
Florent Daigniere
98742268e6
Make it more readable
2021-10-16 15:12:20 +02:00
Florent Daigniere
94bbed9746
Ensure we have the right IP
2021-10-16 10:39:43 +02:00
Florent Daigniere
3bda8368e4
simplify the Auth-Status check
2021-10-16 09:39:34 +02:00
Florent Daigniere
2dd9ea1506
simplify
2021-10-16 09:36:49 +02:00
Florent Daigniere
89ea51d570
Implement rate-limits
2021-09-23 18:40:49 +02:00
Dimitri Huisman
169a540692
Use punycode for HTTP header for radicale and create changelog
2021-08-27 08:20:52 +00:00
Dimitri Huisman
4f5cb0974e
Make sure HTTP header only contains ASCII
2021-08-26 15:11:35 +00:00
Florent Daigniere
a0dcd46483
fix #1861 : Handle colons in passwords
2021-07-14 09:27:00 +02:00
Florent Daigniere
dd3d03f06d
Merge remote-tracking branch 'upstream/master' into webmail-sso
2021-03-10 14:41:12 +01:00
Florent Daigniere
df230cb482
Refactor auth under nginx.check_credentials()
2021-03-09 12:05:46 +01:00
Florent Daigniere
eb7895bd1c
Don't do more work than necessary (/webdav)
...
This is also fixing tokens on /webdav/
2021-03-09 12:04:42 +01:00
Florent Daigniere
906a051925
Make rainloop use internal auth
2021-02-07 17:50:17 +01:00
kaiyou
8e88f1b8c3
Refactor the rate limiting code
...
Rate limiting was already redesigned to use Python limits. This
introduced some unexpected behavior, including the fact that only
one criteria is supported per limiter. Docs and setup utility are
updated with this in mind.
Also, the code was made more generic, so limiters can be delivered
for something else than authentication. Authentication-specific
code was moved directly to the authentication routine.
2020-02-09 17:38:18 +01:00
Michael Wyraz
bee80b5c64
Remove rate limit reset
2019-12-06 11:02:21 +01:00
Michael Wyraz
889386b4a6
Limiter implementation
2019-12-06 09:35:21 +01:00
kaiyou
087841d5b7
Fix the way we handle the application context
...
The init script was pushing an application context, which maked
flask.g global and persisted across requests. This was evaluated
to have a minimal security impact.
This explains/fixes #738 : flask_wtf caches the csrf token in the
application context to have a single token per request, and only
sets the session attribute after the first generation.
2018-12-13 14:23:17 +01:00
kaiyou
fc24426291
First batch of refactoring, using the app factory pattern
2018-10-18 15:57:43 +02:00
kaiyou
42c6bdb4df
Split the internal blueprint into multiple view files
2018-09-27 16:09:38 +02:00