1
0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Commit Graph

91 Commits

Author SHA1 Message Date
bors[bot]
fc1a663da2
Merge #1754
1754: centralize Webmail authentication behind the admin panel (SSO) r=mergify[bot] a=nextgens

## What type of PR?

Enhancement: it centralizes the authentication of webmails to the admin interface.

## What does this PR do?

It implements the glue required for webmails to do SSO using the admin interface.
One of the main advantages of centralizing things this way is that it reduces significantly the attack surface available to an unauthenticated attacker (no webmail access until there is a valid Flask session).

Others include the ability to implement 2FA down the line and rate-limit things as required.

### Related issue(s)
- #783

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 12:32:21 +00:00
bors[bot]
d9da8e4bb2
Merge #1746
1746: DNS records for client autoconfiguration (RFC6186) r=Diman0 a=nextgens

## What type of PR?

Feature

## What does this PR do?

Add instructions on how to configure rfc6186 DNS records for client autoconfiguration

### Related issue(s)
- #224
- #498

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x ] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/guide.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
2021-06-29 06:50:27 +00:00
Florent Daigniere
dd3d03f06d Merge remote-tracking branch 'upstream/master' into webmail-sso 2021-03-10 14:41:12 +01:00
Florent Daigniere
64d757582d Disable anti-csrf on the login form
The rationale is that the attacker doesn't have the password...
and that doing it this way we avoid creating useless sessions
2021-03-09 14:21:02 +01:00
Florent Daigniere
a1d32568d6 Regenerate session-ids to prevent session fixation 2021-03-09 14:20:22 +01:00
Florent Daigniere
f9ed517b39 Be specific token length 2021-03-09 12:05:46 +01:00
lub
88f992de16 show flash messages again
This basically restores the behaviour, that got removed in
ecdf0c25b3 during refactoring.
2021-02-13 13:36:05 +01:00
Florent Daigniere
2e749abe61 DNS records for client autoconfiguration (RFC6186) 2021-02-07 18:50:26 +01:00
Florent Daigniere
b49554bec1 merge artifact 2021-02-07 18:12:00 +01:00
Florent Daigniere
906a051925 Make rainloop use internal auth 2021-02-07 17:50:17 +01:00
bladeswords
8010595dd2
Remove SPF type SPF record #1394
As mentioned in #1394 - In accordance with RFC 7208, offer only TXT RRs for SPF.
Agree with @Nebukadneza - but not sure how to go about telling people to remove the old record...
2020-03-09 23:22:13 +11:00
Niduroki
b58f06c03e Add a title to Mailu-Admin pages 2019-09-25 19:29:26 +02:00
Bambie07
e70d1e1455
fix dns dkim entry 2019-07-17 11:41:03 +02:00
hoellen
90f678de52 add app.css and fix align of menu button 2019-07-08 16:53:25 +02:00
kaiyou
4b620ba5d1 Merge branch 'hoellen-fix-sidebar-toggle' into refactor-admin-webpack 2019-06-23 14:28:02 +02:00
kaiyou
c147a371d7 Merge branch 'fix-sidebar-toggle' of https://github.com/hoellen/Mailu into hoellen-fix-sidebar-toggle 2019-06-23 14:24:56 +02:00
kaiyou
2d3560b396 Fix select2 using webpack-built assets 2019-06-23 14:19:06 +02:00
kaiyou
ecdf0c25b3 Use webpack for building static assets 2019-06-23 14:19:06 +02:00
bors[bot]
2c90ac3334 Merge #962
962: Open some admin sidebar links in a new browser tab r=kaiyou a=mariooos

## What type of PR?

Enhancement

## What does this PR do?

Add target=_blank attribute to html <a href ...> tag in following admin sidebar links:
- Antispam
- Webmail
- Website
- Help


Co-authored-by: mariooos <48351788+mariooos@users.noreply.github.com>
2019-05-08 18:02:02 +00:00
Zhuang Yuyao
67d5c8fcb3 distinguish disabled user in user list view by row color 2019-05-06 11:00:22 +08:00
hoellen
167e5a87e1 add sidebar toggle button 2019-04-14 11:52:01 +02:00
hoellen
92ef73fa74 update AdminLTE to version 2.4 2019-04-14 11:30:55 +02:00
mariooos
253ae9fad8 Open some admin sidebar links (Antispam, Webmail, Website, Help) in a new browser tab 2019-03-08 14:11:58 +01:00
Dario Ernst
34b31727c4 Fix password validator for creating fetched accounts 2019-01-25 15:08:41 +01:00
Tim Möhlmann
e341e0141f
Merge remote-tracking branch 'upstream/master' into token-ipv6 2019-01-22 13:55:56 +02:00
Ionut Filip
2d34f0ee52 Fixed auto-forward email validation 2019-01-15 14:03:09 +02:00
hoellen
c8758a6526 allow ipv6 addresses for tokens 2019-01-13 16:45:41 +01:00
Tim Möhlmann
2567646f47
Merge branch 'master' into fix-domain-negative-values-1 2019-01-11 11:32:30 +02:00
mergify[bot]
161394a774
Merge pull request #817 from hoellen/fix-fetch-passwordfield-1
fix edit of fetched acc without changing password
2019-01-10 11:10:46 +00:00
hoellen
7247b4b10c
Merge branch 'master' into fix-password-on-user-edit 2019-01-09 21:14:18 +01:00
hoellen
a59d5dad23 fix edit of fetched acc without changing password 2019-01-09 12:52:05 +01:00
hoellen
f08491dc46 fix forced password on user edit 2019-01-09 12:09:14 +01:00
hoellen
732b5fe161 change password field type in fetch creation/edit and add validators. 2019-01-08 19:44:27 +01:00
Tim Möhlmann
4f93e09028
Implement favicon package
Credit to:
- https://stackoverflow.com/a/19590415/1816774
- https://realfavicongenerator.net/
2019-01-06 15:49:40 +02:00
hoellen
dda64fe91e allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 2019-01-05 13:52:13 +01:00
hoellen
8fe1e788b3 add missing route fixes 2019-01-04 21:18:51 +01:00
hoellen
d5d4d6c337 harden email address validation and fix routes with user_email 2019-01-04 18:05:56 +01:00
mergify[bot]
d483ef3c2a
Merge pull request #792 from hoellen/admin-broken-links-1
fix broken webmail and logo url in admin
2019-01-02 17:18:46 +00:00
Tim Möhlmann
74fe177297
Merge pull request #785 from TheLegend875/feat-displayed-name
Feature: send auto reply with displayed name
2019-01-02 19:14:17 +02:00
hoellen
f617e82c06 fix broken webmail and logo url in admin 2019-01-02 14:08:03 +01:00
TheLegend875
2954d84790 added necessary ui elements 2018-12-30 22:06:36 +01:00
TheLegend875
56f4d4c894 fixed auto-forward 2018-12-30 22:05:33 +01:00
TheLegend875
5bdbbf60d7 fixed display of username when not logged in 2018-12-28 19:30:23 +01:00
Ionut Filip
8fc2846924 Added regex validation for alias username 2018-12-18 17:06:39 +02:00
kaiyou
d0f07984b0 Merge remote-tracking branch 'upstream/master' into refactor-config 2018-12-06 10:23:43 +01:00
Ionut Filip
fed7146873 Captcha check on signup form 2018-11-09 12:30:49 +02:00
kaiyou
5b769e23da Merge branch 'master' into refactor-config 2018-11-08 21:43:05 +01:00
Ionut Filip
1bbf3f235d Using a new class when captcha is enabled 2018-11-07 09:58:49 +02:00
kaiyou
82069ea3f0 Clean most of the refactored code 2018-10-18 17:55:07 +02:00
kaiyou
fc24426291 First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00