Commit graph

2412 commits

Author SHA1 Message Date
Son
67c2c6afad add warning to email content when dmarc softfail 2022-03-30 19:48:07 +07:00
Son Nguyen Kim
110f2f2f2c
Merge pull request #861 from acasajus/spf-dmarc-backscatter
Reduce backscatter by checking return-path domain SPF status
2022-03-30 19:44:39 +07:00
Son Nguyen Kim
f7a98bc7d2
Merge pull request #862 from simple-login/ac/sanitize-next
Properly validate //host.com urls
2022-03-30 19:40:36 +07:00
Adrià Casajús
83fc8964a8
PR comments 2022-03-30 09:53:35 +02:00
Son Nguyen Kim
d561bae7dd
Merge pull request #864 from simple-login/ac/insecure-random
Replace using random with secrets for security purposes
2022-03-30 11:49:33 +07:00
Adrià Casajús
1555bc6346
fix test 2022-03-29 21:03:55 +02:00
Adrià Casajús
19e87a7156
More random to secrets 2022-03-29 18:42:28 +02:00
Adrià Casajús
b15facb6e4
Use secrets instead of random 2022-03-29 18:40:52 +02:00
Adrià Casajús
97ef5ff765
Fix oauth redirect when clientid is invalid 2022-03-29 18:37:01 +02:00
Adrià Casajús
a9e31cff26
Fix tests 2022-03-29 18:34:13 +02:00
Adrià Casajús
c5b0f5304e
Format 2022-03-29 18:18:11 +02:00
Adrià Casajús
d6df5e0ea0
Add limiters to auth routes 2022-03-29 18:14:13 +02:00
Adrià Casajús
e91fd26964
Sanitized missing places 2022-03-29 18:03:18 +02:00
Adrià Casajús
fe9161b101
Properly validate //host.com urls when redirecting after receiving a next param 2022-03-29 17:53:00 +02:00
Adrià Casajús
085c166cb2
Replace 5XX with 2XX for return path that fail SPF check 2022-03-29 15:09:10 +02:00
Adrià Casajús
7d36256b7c
Check return-path spf record before bouncing a message 2022-03-29 10:52:11 +02:00
Son
0d7d56c0ea send email when an email is put to quarantine 2022-03-25 18:02:17 +01:00
Son
63b1100a8b log event when there's no dmarc result 2022-03-25 16:19:11 +01:00
Son
ce2d2a3b3a fix case where header isn't string 2022-03-25 16:17:58 +01:00
Son
32fd65b69b add more log for alias transfer 2022-03-23 18:33:33 +01:00
Son Nguyen Kim
3d30870395
Merge pull request #849 from acasajus/new/parse-rpamd-headers
Return 200 on fishy dmarc result
2022-03-22 17:36:45 +01:00
Son Nguyen Kim
99b05034b0
Merge pull request #843 from acasajus/new/parse-rpamd-headers
Parse rspamd headers and apply dmarc policy if found.
2022-03-22 17:13:11 +01:00
Adrià Casajús
517bcb632e
MR changes 2022-03-22 17:02:59 +01:00
Son
5b3688b6df set a domain for message-id 2022-03-22 11:02:02 +01:00
Adrià Casajús
5f831d593a
CamelCase to snake_case 2022-03-21 17:59:43 +01:00
Adrià Casajús
45459d65be
PR comments 2022-03-21 17:43:26 +01:00
Son
f554375f23 decode, replace and encode for base64 encoding 2022-03-21 17:29:22 +01:00
Son
1952f368a8 require password to use the api key page 2022-03-21 14:40:47 +01:00
Son
9dc7cff87f add rate limiting for /auth/mfa 2022-03-21 14:23:35 +01:00
Son
a662ef4aee remove g.deduct_limit in api auth endpoint 2022-03-21 14:23:20 +01:00
Adrià Casajús
06a1363e92
Updated MR comments 2022-03-21 12:03:11 +01:00
Adrià Casajús
cdea0f5ee2
Rename header 2022-03-21 10:43:19 +01:00
Adrià Casajús
44dd06fabf
Added spoofed email test 2022-03-21 10:43:18 +01:00
Adrià Casajús
c9cbaeb460
format 2022-03-21 10:43:17 +01:00
Adrià Casajús
e8013f8e0c
Initial parse of rpamd extra headers 2022-03-21 10:43:17 +01:00
Son
0931642d11 use 10.0.0.0 network instead of 240.0.0.0 2022-03-20 10:38:58 +01:00
Son
fa2f83dbf4 fix and refactor 2022-03-16 10:24:59 +01:00
Son
7e0992b767 add mime version header for transactional email 2022-03-14 19:23:38 +01:00
Son Nguyen Kim
79154378f2
Merge pull request #836 from cquintana92/feature/allow-to-edit-manual-subscription
Allow to edit manual subscription
2022-03-14 18:07:07 +01:00
Carlos Quintana
ed58e811d1
Allow to edit manual subscription 2022-03-14 16:47:30 +01:00
Adrià Casajús
479a7420cb
Useful time format 2022-03-14 15:40:50 +01:00
Adrià Casajús
b463ba8f41
Added filter 2022-03-14 15:33:09 +01:00
Adrià Casajús
bf177ac5ba
Remove unused 2022-03-14 15:29:17 +01:00
Adrià Casajús
9b16143e59
Show nicer admin logs 2022-03-14 15:28:53 +01:00
Adrià Casajús
553d8976be
Added extend subscription log 2022-03-14 15:07:51 +01:00
Adrià Casajús
549c6ec7d3
Comment changes 2022-03-11 11:37:14 +01:00
Adrià Casajús
4368fd323f
Less changes 2022-03-10 18:13:33 +01:00
Adrià Casajús
d0860cd54d
Merge remote-tracking branch 'origin/master' into new/admin-audit-trail
* origin/master: (35 commits)
  reduce nb of commit
  show "more" only when a notification has a title. Show either title or message. Use bold font when a notification isn't read
  create a notification when an alias is disabled
  mark a notification as read when user arrives on the notification page
  Use plausible outbound link tracking
  add more log
  fix discover page
  fix
  fix "local variable 'alias_id' referenced before assignment"
  make sure to close session in monitoring
  use Date instead of date for header value
  lessen alias automatic disable check
  refactor
  return the block reason in should_disable()
  add adhoc upgrade on admin
  add extend subscription for 1 month to admin
  disable edition on admin
  comment out some admin pages
  fix migration
  fix duplicated stats
  ...
2022-03-10 18:10:13 +01:00
Adrià Casajús
733efc387c
Updated admin view 2022-03-10 17:49:30 +01:00
Adrià Casajús
98c942d84a
Added admin log view 2022-03-10 17:32:35 +01:00
Adrià Casajús
bc82bab1eb
Added alembic migration 2022-03-10 16:37:21 +01:00
Adrià Casajús
1d15af53b7
Add an audit log for the admin panel 2022-03-10 16:13:31 +01:00
Son
0e3a5c3d3c mark a notification as read when user arrives on the notification page 2022-03-09 17:58:26 +01:00
Son
6f80edfd64 fix discover page 2022-03-08 16:38:03 +01:00
Son
a64a70cbc8 use Date instead of date for header value 2022-03-07 15:57:29 +01:00
Son
350f498b94 lessen alias automatic disable check 2022-03-07 15:50:58 +01:00
Son
71136669e9 return the block reason in should_disable() 2022-03-07 15:44:27 +01:00
Son
f7ba3873d0 add adhoc upgrade on admin 2022-03-02 19:05:17 +01:00
Son
52a911f9d3 add extend subscription for 1 month to admin 2022-03-02 19:04:45 +01:00
Son
b2d8f5a017 disable edition on admin 2022-03-02 19:04:30 +01:00
Son
627b2e56d9 comment out some admin pages 2022-02-28 16:40:07 +01:00
Son Nguyen Kim
6a520e110c
Merge pull request #816 from simple-login/feature/include-sender-in-header
Feature/include sender in header
2022-02-28 09:24:18 +01:00
Son
205d8d7d3f add index for Alias custom_domain_id and directory_id columns 2022-02-26 17:51:50 +01:00
Son
4faf0d7636 optimize dashboard page: load custom domain using joinedload() instead of explicit join 2022-02-26 17:34:53 +01:00
Son Nguyen Kim
7df93c2ee5
Merge pull request #813 from cquintana92/feature/make-nameservers-configurable
Make nameservers configurable
2022-02-25 12:29:50 +01:00
Son
007aa56551 user can turn on/off the including sender in header option 2022-02-25 12:24:54 +01:00
Son
51598ada02 add User.include_header_email_header column 2022-02-25 12:24:54 +01:00
Carlos Quintana
e9dd73e99b
Replace env by os.environ.get 2022-02-25 11:19:49 +01:00
Adrià Casajús
01cc65bdca
Allow to have lower priority MX servers 2022-02-24 17:23:45 +01:00
Carlos Quintana
8f339923f8
Make nameservers configurable 2022-02-24 15:05:05 +01:00
Son
7da06ba424 return 422 if account not activated 2022-02-22 22:12:36 +01:00
Son Nguyen Kim
e9d134fe8f
Merge pull request #784 from FozzieHi/fix-testing-warnings
Fix deprecation warnings.
2022-02-21 17:12:36 +01:00
Son Nguyen Kim
e55c3a155b
Merge pull request #803 from acasajus/fix/sentry-APP-ZP
Only allow authenticated and enabled users to accept a OAuth post request
2022-02-21 17:11:53 +01:00
Adrià Casajús
4b13d5a28c
Fix test 2022-02-21 16:03:39 +01:00
Son Nguyen Kim
7d008228e3
Merge pull request #811 from cquintana92/feature/ignore-or-reject-for-blocked-contacts
Allow to configure ignore or reject response for blocked contacts
2022-02-21 15:55:48 +01:00
Son Nguyen Kim
bfcd75bdea
Merge pull request #801 from acasajus/new/no-reply
Send support questions to the support ticket page
2022-02-21 15:07:27 +01:00
Carlos Quintana
ee9170bb17
Allow to configure ignore or reject response for blocked contacts 2022-02-21 12:52:21 +01:00
Adrià Casajús
33163660f7
PR comments 2022-02-21 12:30:26 +01:00
Adrià Casajús
3e983e3557
Only allow authenticated and enabled users to accept a OAuth post request 2022-02-17 17:25:04 +01:00
Adrià Casajús
b0ac2f871a
Fixes 2022-02-17 13:21:40 +01:00
Adrià Casajús
398c1a55f1
Change SUPPORT_EMAIL to NOREPLY 2022-02-17 13:18:52 +01:00
Adrià Casajús
15ce7b00d8
Reply to noreply@... once per user 2022-02-16 18:38:31 +01:00
Carlos Quintana
2a751624a8
Default ALLOWED_REDIRECT_DOMAINS to URL if it's not set 2022-02-16 16:16:14 +01:00
Carlos Quintana
b4e291d4fd
Make NextUrlSanitizer a static class 2022-02-16 16:05:50 +01:00
Carlos Quintana
6be99bc576
Do not account for urlencoded redirects 2022-02-16 16:02:13 +01:00
Carlos Quintana
a44acf1846
Add support for allowed redirect domains 2022-02-16 09:38:55 +01:00
Carlos Quintana
39222cf868
Simplify conditional 2022-02-15 16:33:30 +01:00
Carlos Quintana
2f9489fe39
Only allow relative redirects 2022-02-15 15:16:31 +01:00
Son
728d935d65 add ZENDESK_ENABLED param 2022-02-14 18:08:32 +01:00
Son
c3cd1419f9 reformat code: put POST handling on top 2022-02-14 18:02:54 +01:00
Son
a0bb4e9ccc more verbose error 2022-02-14 18:02:30 +01:00
Son Nguyen Kim
69c8980c18
Merge pull request #792 from acasajus/new/zendesk-support
Create support tickets via zendesk
2022-02-14 17:53:30 +01:00
Adrià Casajús
416e7b363a
PR fixes 2022-02-14 15:58:36 +01:00
Adrià Casajús
305ce38379
PR changes 2022-02-14 11:19:03 +01:00
Adrià Casajús
700856053a
PR comment fixes 2022-02-11 13:32:31 +01:00
Adrià Casajús
8120128a51
Added Zendesk token 2022-02-10 12:59:48 +01:00
Adrià Casajús
639d4412e1
Updated comments from PR 2022-02-10 12:47:31 +01:00
Adrià Casajús
c9974d5321
Removed successful ticket created page and replaced with notification 2022-02-10 12:38:56 +01:00
Adrià Casajús
3fedc84c95
Add rate limit to ticket createion 2022-02-10 12:34:46 +01:00
Son Nguyen Kim
c18f9658b0
Merge pull request #787 from FozzieHi/test-config
Update testing suite and refactor.
2022-02-10 11:37:36 +01:00
Adrià Casajús
e844c9a392
Removed disabled page and redirected to the normal dashboard 2022-02-10 11:04:36 +01:00
Adrià Casajús
f59c5499fb
Formatting 2022-02-10 10:30:28 +01:00
Adrià Casajús
8aee883aae
Updated with more PR comments 2022-02-09 16:41:04 +01:00
Adrià Casajús
95fa95649d
Added comments from PR 2022-02-09 16:20:55 +01:00
Adrià Casajús
e57dcac2d2
Added zendesk submission flow 2022-02-09 12:00:48 +01:00
Adrià Casajús
219d5b998f
Add a suport form to create tickets in zendesk 2022-02-08 22:04:25 +01:00
Son
5b62f5a745 add rate limit to /auth/register 2022-02-07 18:45:41 +01:00
george
c415324932
Add flake8-bugbear 2022-02-06 20:37:43 +00:00
george
f7be992437
Update black, flake8 and pre-commit and use specific pre-commit versions. 2022-02-06 14:25:53 +00:00
Son
5da31f53b4 add MONITORING_EMAIL param 2022-02-04 15:43:40 +01:00
george
936d90a5f5
Fix deprecation warnings. 2022-02-04 13:49:38 +00:00
Son
4d1c4cfdff support pinned parameter in /api/v2/aliases 2022-02-03 11:16:49 +01:00
Son Nguyen Kim
543923b325
Merge pull request #760 from FozzieHi/delete-all-api-keys-button
Add a button to delete all API Keys
2022-02-02 18:31:05 +01:00
Son
049bd746ad refactor shell 2022-01-26 15:22:37 +01:00
Son
5a712f3877 make sure subdomain can only contain lowercase letters, numbers and dashes. 2022-01-26 14:53:27 +01:00
george
74713c2142
Rename method. 2022-01-25 18:32:34 +00:00
Son Nguyen Kim
89a800eed9
Merge pull request #753 from FozzieHi/totp-invalid-login-email
Invalid TOTP and recovery code email notifications
2022-01-24 18:35:52 +01:00
Son
fc3f06f4d8 create notification listing page 2022-01-24 16:45:36 +01:00
Son
90fa4abf69 create a notification for a bounce email 2022-01-24 16:10:36 +01:00
Son
1de6fefc59 add notification detail page 2022-01-24 15:22:01 +01:00
Son
5b7949f346 return title in /api/notifications 2022-01-24 15:20:59 +01:00
Son
3422f038eb add Notification title 2022-01-24 15:18:56 +01:00
george
65531b5c63
Add a button to delete all API Keys. 2022-01-23 18:38:54 +00:00
Son
e73288354d remove IGNORED_EMAILS variable 2022-01-21 19:30:27 +01:00
george
ab72927a16
Update text. 2022-01-20 18:24:28 +00:00
george
50122da0fe
Implement API notifications and use a function in email_utils 2022-01-20 17:42:11 +00:00
george
42407a0543
Send the email after the local error. 2022-01-20 16:44:15 +00:00
george
f7f91afc1e
Send a notification email for invalid recovery codes. 2022-01-20 16:41:42 +00:00
george
6d736aa915
Implement rate limiting with send_email_with_rate_control. 2022-01-20 15:05:18 +00:00
george
0eb2984b9c
Add invalid TOTP login email notifications. 2022-01-20 14:18:47 +00:00
Son
b929dc5462 check if alias is not none 2022-01-18 09:40:50 +01:00
Son
0806f9243e return custom domain json in patch 2022-01-16 17:26:11 +01:00
Son
841621dbe2 handle the case mailboxes is empty in try_auto_create_via_domain 2022-01-13 09:33:32 +01:00
Son
4cea47cc27 add setting for include_website_in_one_click_alias 2022-01-12 11:50:49 +01:00
Son
6cd8e45d21 return the default sender format (AT) in case user uses a non-supported sender format 2022-01-12 10:19:25 +01:00
Son
c0067b7657 add more log 2022-01-10 15:58:22 +01:00
Son
73d781cf6b handle non number alias_id 2022-01-10 10:44:41 +01:00
Son
9c696bd038 ignore VERPReply 2022-01-09 20:35:57 +01:00
Son
6cdf5637aa validate the alias address before creating 2022-01-09 20:22:41 +01:00
Son
a0727435eb use warning level 2022-01-09 20:13:41 +01:00
Son
c5e4dd6d16 save email for debug with error name as prefix 2022-01-08 16:58:23 +01:00
Son
862d0e7a11 warn users if SL is used with another forwarding service 2022-01-08 00:42:03 +01:00
Son
ed4acebdb1 delete the email log in reply phase if NonReverseAliasInReplyPhase 2022-01-08 00:28:26 +01:00
Son
01ba5e8bf0 return 5** if CannotCreateContactForReverseAlias 2022-01-08 00:16:16 +01:00
Son
20b6ce29fc take into account authorized_address when checking email loop 2022-01-08 00:09:45 +01:00
Son
d4e31257fa make sure to output exception name in log 2022-01-07 16:45:12 +01:00
Son
fb87225d2d raise error when receiving emails sent from reverse alias 2022-01-07 16:14:21 +01:00
Son
d4e1aec875 refactor 2022-01-07 14:57:47 +01:00
Son
6b31b8926e fix comment 2022-01-07 14:27:53 +01:00
Son
1bdae7fbe8 handle CannotCreateContactForReverseAlias when user creates a new contact 2022-01-07 10:47:36 +01:00