george
|
50122da0fe
|
Implement API notifications and use a function in email_utils
|
2022-01-20 17:42:11 +00:00 |
|
george
|
42407a0543
|
Send the email after the local error.
|
2022-01-20 16:44:15 +00:00 |
|
george
|
f7f91afc1e
|
Send a notification email for invalid recovery codes.
|
2022-01-20 16:41:42 +00:00 |
|
george
|
6d736aa915
|
Implement rate limiting with send_email_with_rate_control.
|
2022-01-20 15:05:18 +00:00 |
|
george
|
0eb2984b9c
|
Add invalid TOTP login email notifications.
|
2022-01-20 14:18:47 +00:00 |
Son
|
733a9c42b0
|
delete activation code before sending email to avoid any delay
|
2021-12-29 10:26:42 +01:00 |
|
Son
|
abc074ea9b
|
make sure password can't be longer than 100 chars
|
2021-11-16 19:41:05 +01:00 |
|
Son
|
516898af59
|
move all template files to templates/
|
2021-11-04 15:05:22 +01:00 |
Son
|
0fbd351bed
|
handle the referral url that has ?slref=code part
|
2021-10-25 15:02:02 +02:00 |
|
Son
|
9fb6e45077
|
fix the help text too close to the input
|
2021-10-19 17:38:29 +02:00 |
|
Son
|
372466ab06
|
do not use flask-sqlalchemy
- add __tablename__ for all models
- use sa and orm instead of db
- rollback all changes in tests
- remove session in @app.teardown_appcontext
|
2021-10-12 14:36:47 +02:00 |
|
Son
|
5d7e10f776
|
make sure when user changes password, log user out on other browsers
|
2021-10-11 11:30:41 +02:00 |
|
Son Nguyen Kim
|
d7d301b9c3
|
add missing h1
|
2021-09-22 16:03:58 +02:00 |
|
Son Nguyen Kim
|
5ac78f2694
|
reformat
|
2021-09-08 11:29:55 +02:00 |
|
Son Nguyen Kim
|
cc650f9fae
|
remove unused import
|
2021-07-12 18:56:43 +02:00 |
|
Son Nguyen Kim
|
99599bb09f
|
make sure user needs to go through MFA when resetting password
|
2021-07-12 18:56:09 +02:00 |
Son NK
|
09d00df363
|
reformat imports
|
2021-06-27 17:50:36 +02:00 |
|
Son NK
|
f3b04b9d81
|
add more logging
|
2021-04-16 18:37:16 +02:00 |
|
Son NK
|
9e4ff01b17
|
improve login, register UI
|
2021-04-06 12:06:11 +02:00 |
|
Son NK
|
1b41911598
|
remove social login from the login page
|
2021-03-29 16:06:58 +02:00 |
|
Son NK
|
1187b6dc99
|
update mailbox wording
|
2021-03-18 10:59:45 +01:00 |
|
Son NK
|
0848405d0c
|
add mention not allowing forward email address
|
2021-03-17 10:27:46 +01:00 |
|
Son NK
|
b476e207fa
|
take into account ?next param in login
|
2021-01-27 10:11:48 +01:00 |
|
Son NK
|
e9adb3270d
|
use sanitize_email instead of .lower().strip().replace(" ", "")
|
2021-01-11 12:29:40 +01:00 |
|
Son NK
|
ef7fae32b1
|
remove the "Hi {name}" from email template
|
2021-01-11 10:23:34 +01:00 |
Renaud Boyer
|
c09b6ef675
|
linting
|
2020-12-06 22:08:35 +01:00 |
|
Renaud Boyer
|
1c73f07d18
|
linting
|
2020-12-06 22:08:05 +01:00 |
|
Son NK
|
0a4fc76b61
|
optimize import
|
2020-10-15 16:45:28 +02:00 |
|
Son NK
|
90163220cf
|
rename email_domain_can_be_used_as_mailbox -> email_can_be_used_as_mailbox
|
2020-10-15 16:05:47 +02:00 |
|
Son NK
|
7e425c0338
|
disable login if user is disabled
|
2020-10-04 12:49:43 +02:00 |
|
Son NK
|
fdedc24358
|
black new version
|
2020-08-27 10:20:48 +02:00 |
|
Son Nguyen Kim
|
637bc569eb
|
Merge pull request #260 from FabioWidmer/improvements-1
Improvements for Self Hosting & More
|
2020-08-24 20:16:59 +02:00 |
Fabio Widmer
|
6a45010740
|
Remove secret variables from Jinja
|
2020-08-22 18:38:44 +02:00 |
|
Fabio Widmer
|
28dbafe1f7
|
Hide deprecated social login if not used
|
2020-08-16 12:57:12 +02:00 |
|
Son NK
|
b7cbaa6e84
|
delete the expired ChangeEmail object
|
2020-08-13 10:59:39 +02:00 |
|
Son NK
|
b395c2ebd0
|
use warning log for FIDO error
|
2020-08-12 12:48:51 +02:00 |
|
Son NK
|
efe1ab641f
|
add hCaptcha check
|
2020-07-23 12:43:55 +02:00 |
|
Son NK
|
6437ee46e0
|
use LOG.exception instead of LOG.error to provide stacktrace
|
2020-07-17 12:59:07 +02:00 |
|
Son NK
|
c41bffbbae
|
refactor: use SESSION_COOKIE_NAME instead of hardcoding "slapp"
|
2020-06-28 21:17:18 +02:00 |
|
Son NK
|
4ee38823b8
|
make sure to strip and lower email
|
2020-06-11 23:35:24 +02:00 |
|
Son NK
|
fa06c5cd4b
|
make sure user cannot reuse the old password
|
2020-05-30 19:50:33 +02:00 |
|
George
|
a87f7e4be9
|
Change words
|
2020-05-27 21:53:48 +01:00 |
|
George
|
d9e29cc989
|
Reword 2FA page.
|
2020-05-27 19:49:13 +01:00 |
Sibren Vasse
|
31a1f94a5f
|
Implement rate limiting
|
2020-05-25 11:39:33 +02:00 |
|
Sibren Vasse
|
3c7e03f83d
|
Add remember option to FIDO mfa path
|
2020-05-24 19:23:16 +02:00 |
|
Sibren Vasse
|
097ac771b0
|
Prevent OTP replay attacks by invalidating last token
|
2020-05-24 19:23:16 +02:00 |
|
Sibren Vasse
|
35bb1645a3
|
Allow user to disable mfa for browser for 30 days
|
2020-05-24 19:23:16 +02:00 |
|
Sibren Vasse
|
e15ab7f932
|
Add autofocus to login screen
|
2020-05-24 19:23:16 +02:00 |
|
Sibren Vasse
|
8c946d7026
|
Remove token when submitted value is incorrect
|
2020-05-24 19:23:16 +02:00 |
|
Son Nguyen Kim
|
eb60028b1f
|
Merge pull request #199 from developStorm/webauthn-multiple-keys
Support Multiple Keys for WebAuthn
|
2020-05-24 18:56:42 +02:00 |
|
Son NK
|
93d972df09
|
make sure to use lowercase for alias email
|
2020-05-20 18:12:14 +02:00 |
devStorm
|
7bd97e13b0
|
fido_model -> fidos
|
2020-05-18 13:55:38 -07:00 |
|
devStorm
|
ea914e0378
|
Rename FIDO->Fido
|
2020-05-18 13:54:05 -07:00 |
|
devStorm
|
c0a751ff13
|
Put button inside the form
|
2020-05-18 13:45:02 -07:00 |
|
devStorm
|
35f0c094fe
|
black
|
2020-05-18 01:04:45 -07:00 |
|
devStorm
|
419aa95f1f
|
more verify
|
2020-05-18 01:02:58 -07:00 |
|
devStorm
|
ec91d280bb
|
Verify
|
2020-05-18 00:08:06 -07:00 |
|
Son NK
|
87d52216cb
|
reformat
|
2020-05-17 10:35:11 +02:00 |
|
Son NK
|
20e66edbaa
|
fix redirection to next page
|
2020-05-17 10:28:00 +02:00 |
|
Son NK
|
2e208ed505
|
display recovery code options on mfa and fido page
|
2020-05-17 10:27:20 +02:00 |
|
Son NK
|
da4e0bf384
|
create /auth/recovery page
|
2020-05-17 10:17:52 +02:00 |
|
Son NK
|
7ed77a66b2
|
format
|
2020-05-15 23:18:42 +02:00 |
|
Son NK
|
2978bfb281
|
Fix user cannot change personal email back and better naming.
Happens when user
- changes their personal email
- wants to change back: they can't as this email is already used as mailbox
|
2020-05-15 23:18:30 +02:00 |
|
devStorm
|
a9967c9a4d
|
Auto activate WebAuthn authentication
|
2020-05-11 19:17:51 -07:00 |
|
Son NK
|
70e842789e
|
make pages compatible with dark-theme
|
2020-05-11 23:22:15 +02:00 |
|
Son NK
|
cde8452e5b
|
Fix Google oauth_state KeyError
|
2020-05-10 11:34:32 +02:00 |
|
Son NK
|
b95b758692
|
Optimize imports
|
2020-05-09 20:49:38 +02:00 |
|
devStorm
|
d236f906ad
|
🐛 WebAuthn bug fixes
- User may not have name
- user_verification should be discouraged to work on iOS
|
2020-05-08 14:21:38 -07:00 |
|
Son NK
|
ccb30a2def
|
disable sign-up via social login
|
2020-05-07 22:01:14 +02:00 |
|
Son NK
|
18d62a81d1
|
add User.can_use_fido
|
2020-05-07 17:56:25 +02:00 |
|
Son NK
|
84c529c867
|
optimize import
|
2020-05-07 17:49:29 +02:00 |
|
Son NK
|
fe1262686e
|
black format
|
2020-05-07 17:48:44 +02:00 |
|
devStorm
|
2290a90b09
|
Use try-else 9b8340f3e0 (r421465450)
|
2020-05-07 05:41:34 -07:00 |
|
devStorm
|
b0c39635a5
|
Remove credential_id variable
|
2020-05-07 05:37:03 -07:00 |
|
devStorm
|
e4895b52a0
|
fix SITE_URL
|
2020-05-07 05:34:17 -07:00 |
|
devStorm
|
f7e3320242
|
model - fido_enabled
|
2020-05-07 05:32:52 -07:00 |
|
devStorm
|
9b8340f3e0
|
Black formatted
|
2020-05-07 02:53:28 -07:00 |
|
devStorm
|
0052dad13e
|
Do not show full error msg to user
|
2020-05-07 02:48:56 -07:00 |
|
devStorm
|
282cbe25a3
|
Calculate RP_ID in config
|
2020-05-07 02:39:30 -07:00 |
|
devStorm
|
3ab3f819b7
|
Make RP_ID a constant
|
2020-05-07 02:33:24 -07:00 |
|
devStorm
|
b8b1313db9
|
typo 'infomation'
|
2020-05-07 02:31:42 -07:00 |
|
devStorm
|
ced02a8f20
|
remove debug code
|
2020-05-05 14:26:26 -07:00 |
|
devStorm
|
fc001cfc24
|
fix exception handling
|
2020-05-05 14:13:01 -07:00 |
|
devStorm
|
9da6054ec0
|
Allow to use either OTP or FIDO for 2FA
|
2020-05-05 05:16:33 -07:00 |
|
devStorm
|
650d6e35f0
|
FIDO login middleware
|
2020-05-05 05:03:29 -07:00 |
|
devStorm
|
286b1143ca
|
Store sign count
|
2020-05-05 03:16:52 -07:00 |
|
Son NK
|
e1d8c55a66
|
add mention of MyDigiPassword to the 2FA app list
|
2020-04-28 19:52:18 +02:00 |
|
Son NK
|
96366ddcfa
|
Deprecate social login, prettify some pages
|
2020-04-27 23:08:21 +02:00 |
|
Son NK
|
a069fe7b6a
|
do not return error when user doesn't exist on forgot_password
|
2020-04-27 22:57:55 +02:00 |
|
Son NK
|
26a094469b
|
remove logout.html
|
2020-04-27 22:56:44 +02:00 |
Son NK
|
ca6350cc27
|
optimize import in all files
|
2020-04-25 13:49:39 +02:00 |
|
Son NK
|
fc4572e9ba
|
make logo a bit smaller
|
2020-04-24 09:43:26 +02:00 |
|
Son NK
|
6a67f7946f
|
fix facebook might not return email
|
2020-04-24 09:17:21 +02:00 |
|
Son NK
|
734b104c27
|
remove text on registration waiting page
|
2020-04-23 22:10:14 +02:00 |
|
Son NK
|
a434413304
|
Add terms and condition mention in register page
|
2020-04-15 22:32:12 +02:00 |
|
Son NK
|
3c9e6fc991
|
make sure to strip and lower email in input
|
2020-04-15 21:12:45 +02:00 |
|
Son NK
|
8fc88b8253
|
Set referral when creating User
|
2020-04-09 22:22:26 +02:00 |
|
Son NK
|
af9178e216
|
Use non-beta logo
|
2020-04-05 18:58:22 +02:00 |
Son NK
|
b8093aefa3
|
Handle invalid email when user signs up
|
2020-03-21 11:11:52 +01:00 |
|
Son NK
|
abd2278c24
|
make sure to set File.user_id
|
2020-03-20 09:52:00 +01:00 |