rob loranger rob
Loading Heatmap…

rob synced new reference webauthn to rob/mailinabox from mirror

1 week ago

rob synced commits to master at rob/mailinabox from mirror

  • 8664afa997 Implement Backblaze for Backup (#1812) * Installing b2sdk for b2 support * Added Duplicity PPA so the most recent version is used * Implemented list_target_files for b2 * Implemented b2 in frontend * removed python2 boto package
  • 82229ce04b Document how to start the control panel from the command line and in debugging use a stable API key
  • f66e609d3f Api spec cleanup (#1869) * Fix indentation * Add parameter definition and remove unused model * Update version * Quote example string
  • Compare 3 commits »

1 week ago

rob synced commits to master at rob/mailinabox from mirror

  • b85b86e6de Add download zonefile button to external DNS page (#1853) Co-authored-by: Joshua Tauberer <jt@occams.info>

2 weeks ago

rob synced commits to master at rob/mailinabox from mirror

  • 7fd35bbd11 Disable default Nextcloud apps that we don't support Contacts and calendar are the only supported apps in Mail-in-a-Box. Files can't be disabled. Fixes #1864

2 weeks ago

rob synced commits to master at rob/mailinabox from mirror

  • 7ce41e3865 Changed mta-sts.txt end of line from LF to CRLF per RFC 8461 (#1863)

2 weeks ago

rob synced new reference v0.51 to rob/mailinabox from mirror

2 weeks ago

rob synced commits to master at rob/mailinabox from mirror

2 weeks ago

rob synced commits to master at rob/mailinabox from mirror

  • 0bd3977cde CHANGELOG updates
  • 6a979f4f52 Add TOTP two-factor authentication to admin panel login (#1814) * add user interface for managing 2fa * update user schema with 2fa columns * implement two factor check during login * Use pyotp for validating TOTP codes * also implements resynchronisation support via `pyotp`'s `valid_window option * Update API route naming, update setup page * Rename /two-factor-auth/ => /2fa/ * Nest totp routes under /2fa/totp/ * Update ids and methods in panel to allow for different setup types * Autofocus otp input when logging in, update layout * Extract TOTPStrategy class to totp.py * this decouples `TOTP` validation and storage logic from `auth` and moves it to `totp` * reduce `pyotp.validate#valid_window` from `2` to `1` * Update OpenApi docs, rename /2fa/ => /mfa/ * Decouple totp from users table by moving to totp_credentials table * this allows implementation of other mfa schemes in the future (webauthn) * also makes key management easier and enforces one totp credentials per user on db-level * Add sqlite migration * Rename internal validate_two_factor_secret => validate_two_factor_secret * conn.close() if mru_token update can't .commit() * Address review feedback, thanks @hija * Use hmac.compare_digest() to compare mru_token * Safeguard against empty mru_token column * hmac.compare_digest() expects arguments of type string, make sure we don't pass None * Currently, this cannot happen but we might not want to store `mru_token` during setup * Do not log failed login attempts for MissingToken errors * Due to the way that the /login UI works, this persists at least one failed login each time a user logs into the admin panel. This in turn triggers fail2ban at some point. * Add TOTP secret to user_key hash thanks @downtownallday * this invalidates all user_keys after TOTP status is changed for user * after changing TOTP state, a login is required * due to the forced login, we can't and don't need to store the code used for setup in `mru_code` * Typo * Reorganize the MFA backend methods * Reorganize MFA front-end and add label column * Fix handling of bad input when enabling mfa * Update openAPI docs * Remove unique key constraint on foreign key user_id in mfa table * Don't expose mru_token and secret for enabled mfas over HTTP * Only update mru_token for matched mfa row * Exclude mru_token in user key hash * Rename tools/mail.py to management/cli.py * Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost Co-authored-by: Joshua Tauberer <jt@occams.info>
  • 545e7a52e4 Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost
  • 48c233ebe5 Update Roundcube to version 1.4.9 (#1830)
  • 9a588de754 Upgrade Nextcloud to version 20.0.1 (#1848)
  • Compare 31 commits »

1 month ago

rob synced commits to master at rob/mailinabox from mirror

  • 8b166f3041 Display certificate expiry dates in ISO format (#1841)

1 month ago

rob synced commits to master at rob/mailinabox from mirror

  • 5509420637 s/Days/Retention Days/ on the backup settings page

1 month ago

rob synced commits to master at rob/mailinabox from mirror

  • 7d6c7b6610 Increase mta-sts max_age to one week (#1829) This aligns the policy with the example policy found in the spec see https://tools.ietf.org/html/rfc8461#section-3.2

2 months ago

rob pushed to main at rob/homepage

2 months ago

rob pushed to main at rob/homepage

2 months ago

rob opened issue rob/inked#1

Create template for pages

2 months ago

rob closed issue rob/homepage#1

add page template

2 months ago

rob commented on issue rob/homepage#1

add page template

Wrong

2 months ago

rob pushed to main at rob/homepage

2 months ago

rob pushed to main at rob/homepage

2 months ago

rob pushed to main at rob/homepage

2 months ago

rob pushed to main at rob/homepage

2 months ago