Commit graph

3202 commits

Author SHA1 Message Date
Son NK
62683a221a black 2021-06-02 18:48:35 +02:00
Son Nguyen Kim
b14d79c8f7
Merge pull request #496 from nbraud/pw_hash/refactor
Fix minor issues with password-handling, refactor
2021-06-02 18:33:56 +02:00
Son NK
eb2adc870a make sure only premium user can create new mailbox via API 2021-06-02 17:17:28 +02:00
Son NK
dd591c7437 fix 2021-06-02 16:27:48 +02:00
Son NK
54f806fc4d handle icloud bounce 2021-06-02 11:46:00 +02:00
Son NK
3897f6b633 refactor handle_bounce() 2021-06-02 11:38:52 +02:00
Son NK
22096cae66 remove ProductHunt banner 2021-05-31 18:09:21 +02:00
Son NK
09abdffda3 remove msg logging for auto reply case 2021-05-30 20:02:41 +02:00
Son NK
ed938dd86a Add query2str 2021-05-30 19:58:46 +02:00
Son NK
809a50f7d1 Handle out-of-office email during forward phase 2021-05-30 19:58:08 +02:00
nicoo
586654e08e app.pw_models: Refactor, use constant-time equality 2021-05-29 17:42:46 +02:00
Son NK
28285f28ac Add index for AliasHibp 2021-05-28 19:59:26 +02:00
Son NK
c890bfb073 increase HIBP sleep time to have some marges 2021-05-28 17:47:54 +02:00
Son NK
1750ad45d5 fix message logging 2021-05-28 17:46:52 +02:00
Son NK
aa667851e9 log user-agent in deprecated endpoint 2021-05-28 17:46:34 +02:00
nicoo
ecd74b801b app.pw_models: Use unicode normalization
Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers :
> the verifier SHOULD apply the Normalization Process for
> Stabilized Strings using either the NFKC or NFKD normalization

This is necessary for Unicode passwords to work reliably.
ASCII-only passwords aren't affected.

[SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers
2021-05-27 22:16:07 +02:00
nicoo
d216812f14 tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:16:07 +02:00
devStorm
e6192ece01
style 2021-05-26 22:34:50 -07:00
Raymond Nook
258d505cbf
Merge branch 'master' into master 2021-05-26 22:33:20 -07:00
devStorm
f7bef3941a
replace random_word with get_suffix(user) 2021-05-26 22:30:12 -07:00
nicoo
f5f4d46aa4 tests/api/test_auth_login: Refactor
Have a single “login success” test, for both MFA and no-MFA cases.
No functional change to the test.
2021-05-26 19:05:26 +02:00
nicoo
52d4d2abdb app.models: minor refactor (extract pw auth) 2021-05-26 18:18:47 +02:00
Son NK
8cfd5e01dc add alerts on /alias/custom/new and /v3/alias/options and below 2021-05-25 19:36:45 +02:00
Son NK
99d26a01cb UI tweak 2021-05-25 18:30:14 +02:00
Son NK
12f3901330 use same footer as landing page 2021-05-25 18:29:55 +02:00
Son NK
388a425cac Only show pagination control if there are previous/next page 2021-05-25 18:27:06 +02:00
Son NK
b23e3d94fd make sure AliasHibp has cascade ondelete 2021-05-25 18:14:44 +02:00
Son NK
fb97f384e4 small UI tweak 2021-05-25 17:59:40 +02:00
Son NK
60a1f48e6e take into account BOUNCE_PREFIX_FOR_REPLY_PHASE when handling bounces 2021-05-25 17:59:40 +02:00
Son NK
73555ad524 generate mail_from during reply phase using BOUNCE_PREFIX_FOR_REPLY_PHASE 2021-05-25 17:59:40 +02:00
Son NK
2f96322977 make sure BOUNCE_PREFIX_FOR_REPLY_PHASE can't be used as directory name or for creating aliases on-the-fly 2021-05-25 17:59:40 +02:00
Son NK
a918cc3670 Add BOUNCE_PREFIX_FOR_REPLY_PHASE 2021-05-25 17:59:40 +02:00
Son Nguyen Kim
8262d3559d
Merge pull request #483 from simple-login/chore/remove-sudo-docker
chore: remove sudo in running docker
2021-05-25 16:33:34 +02:00
Son NK
3c6c3f7dbd add log when creating a new EmailLog 2021-05-24 12:08:30 +02:00
Son NK
159843a923 Add log for sl_sendmail 2021-05-24 12:04:22 +02:00
Son NK
bdec7ff5e4 use info level for case user is deleted in the meantime 2021-05-24 11:10:17 +02:00
doanguyen
4db8a4169e chore: remove sudo in running docker
Running docker in `sudo` mode is considered harmful.
It's recommended to run docker as non-root user to
minimize the security risks.

[0]: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
2021-05-22 22:06:47 +02:00
Son NK
ce22e16285 add logging for case reverse alias receiving email from <> 2021-05-22 17:11:32 +02:00
Son NK
ade07f9449 return empty name when name can't be decoded 2021-05-22 16:47:44 +02:00
Son NK
78e3a4bf77 handle the case an alias is deleted in the meantime 2021-05-22 16:36:19 +02:00
Son Nguyen Kim
e911bdf203
Merge pull request #480 from TheLastProject/feature/hibp_direct_link
Add direct link to HIBP pwned info
2021-05-21 15:29:46 +02:00
Sylvia van Os
1ee941647f Add direct link to HIBP pwned info 2021-05-21 12:08:00 +02:00
Son Nguyen Kim
7a1a1d3a01
Merge pull request #479 from TheLastProject/patch-1
Update hibp_last_check on succesful HIBP check
2021-05-20 19:07:50 +02:00
Sylvia van Os
6bcaa6453e
Update hibp_last_check on succesful HIBP check
Accidentally got rid of this during some refactor
2021-05-20 19:00:11 +02:00
Son NK
14bc4f8872 make sure to only run HIBP check on enabled alias 2021-05-19 16:12:58 +02:00
Son NK
3422bd9aee fix crontab 2021-05-19 15:38:46 +02:00
Son NK
d4e930c930 Remove nullsfirst as not compatible with sqlite. Add more logging 2021-05-19 12:46:55 +02:00
Son Nguyen Kim
b3f8fd6789
Merge pull request #472 from TheLastProject/feature/hibp
Add HIBP checks
2021-05-19 12:37:04 +02:00
Sylvia van Os
40d0dee88f asyncio-ify 2021-05-18 21:18:07 +02:00
Sylvia van Os
a08b0c05cc Don't override id 2021-05-17 21:29:29 +02:00