46646f4ee2
Merge pull request #932 from simple-login/ac-fix-webauthn-transport
...
Do not send the transports to the js part since we have not stored them previously
2022-04-28 16:53:00 +02:00
bb4207c3a1
Merge pull request #938 from simple-login/ac-fix-invalid-import
...
Use the proper import for newrelic agent
2022-04-28 16:52:09 +02:00
74b31eac66
PR comments
2022-04-28 15:24:45 +02:00
7fd9bdc5a7
PR comments
2022-04-28 15:23:52 +02:00
8e35a09788
Add methods to check if alias will be auto-created
2022-04-28 15:10:38 +02:00
f9a390c1a2
PR comments
2022-04-28 15:03:14 +02:00
9a04376894
Allow sending messages in a background thread
2022-04-28 14:43:24 +02:00
25c3626226
Use the proper import for newrelic agent
2022-04-28 13:02:45 +02:00
93ae82aa46
Merge pull request #936 from simple-login/disable-user-cannot-use-api
...
prevent disabled user from using the api
2022-04-28 12:13:14 +02:00
845b53b03f
not send emails to inform about an alias can't be created to disabled user
2022-04-28 12:10:40 +02:00
7b7cb0b571
prevent disabled user from using the api
2022-04-27 16:24:38 +02:00
eab7606f93
make sure disabled user can't create new alias
2022-04-27 16:06:54 +02:00
657cae53a6
Remove it for all creds
2022-04-26 18:44:57 +02:00
ff33380bed
Do not send the transports to the js part since we have not stored them previously
2022-04-26 18:41:12 +02:00
5208c549fa
Rename TransactionalComplaint to ProviderComplaint
2022-04-25 14:40:42 +02:00
58b332b7bc
add new parameter disabled in /GET /api/v2/aliases
2022-04-25 09:22:29 +02:00
fcd2ab6fed
Set data to non-nullable
2022-04-22 14:53:04 +02:00
89d94963d7
PR comments
2022-04-22 14:49:03 +02:00
5053d9f1f5
Merge pull request #918 from simple-login/handle-error-as-bytes
...
handle the AttributeError that can also be raised by as_bytes()
2022-04-22 10:51:55 +02:00
68ec159d91
catch all exception in to_bytes
2022-04-22 10:20:43 +02:00
2bcc22c391
Merge pull request #906 from simple-login/ac-hash-change
...
Support python>3.8 for verp emails and reduce size by truncating hmac and storing time in minutes since 2022-01-01
2022-04-22 10:11:31 +02:00
0f14c3e74e
Move some comments as docstrings
2022-04-21 15:25:06 +02:00
112b2c77c3
Add backwards compat with shake128 signed verp emails
2022-04-21 11:30:39 +02:00
0f7ccec51a
handle the AttributeError that can also be raised by as_bytes()
2022-04-21 11:28:11 +02:00
c573ef655e
Store bounces in the reply phase to prevent abuse
2022-04-21 11:23:58 +02:00
bddb5e500a
able to handle several noreply addresses
...
This prepares the change of noreply@simplelogin.co to noreply@simplelogin.io
2022-04-21 08:59:46 +02:00
af24876c71
Use sha3 and truncate to 8 bytes and store time in minutes starting at 2022-01-01
2022-04-20 20:46:35 +02:00
9b624edf11
Merge pull request #901 from simple-login/no-dot-in-reverse-alias
...
use _ instead of . in reverse alias
2022-04-19 18:24:37 +02:00
bad9202cf8
Calculate proper padding when decoding base32
2022-04-19 10:50:25 +02:00
259851a04e
Merge pull request #860 from acasajus/remove-softfail
...
Generate secure transactional emails from address
2022-04-19 09:28:47 +02:00
8dfdac79bf
use _ instead of . in reverse alias
...
to avoid AC_FROM_MANY_DOTS SpamAssassin rule
2022-04-15 17:34:29 +02:00
d28980a810
Format
2022-04-14 18:27:20 +02:00
4bcc728222
Merge remote-tracking branch 'origin/master' into remove-softfail
...
* origin/master: (34 commits)
fix flake8
add link to the anti phishing page
improve email wording
Move tests
Only send enum names
Only send enum name for events intead of the full class.enum
Also track login and register events from the api routes
typo
revert changes
Added fix for parts that are not messages
Add missing formatting place
Revert unwanted changes
Do not show an error if we receive an unsubscribe from a different address
Revert changes to pgp_utils
fix import
Send newrelic events on login and register
PR changes
format
Move dmarc management to its own file
ignore VERPTransactional
...
2022-04-14 18:25:03 +02:00
debed67c68
return whether a domain is custom or primary in GET /api/v5/alias/options
2022-04-14 17:28:40 +02:00
a957cbb3c0
fix flake8
2022-04-14 09:47:58 +02:00
1709de93ef
add link to the anti phishing page
2022-04-14 09:28:26 +02:00
95770de4d5
improve email wording
2022-04-14 09:23:49 +02:00
ca93c8e603
Merge remote-tracking branch 'origin/master' into ac-dmarc-reply-phase
...
* origin/master:
Only send enum name for events intead of the full class.enum
Also track login and register events from the api routes
typo
revert changes
Added fix for parts that are not messages
Add missing formatting place
Revert unwanted changes
Do not show an error if we receive an unsubscribe from a different address
Revert changes to pgp_utils
Send newrelic events on login and register
2022-04-12 12:48:46 +02:00
0f91effce9
Only send enum names
2022-04-12 09:34:05 +02:00
9928525cf9
Only send enum name for events intead of the full class.enum
2022-04-12 09:04:57 +02:00
7a0fd34823
Merge pull request #886 from simple-login/ac-fix-unauthorized-email
...
Do not assume all parts in multipart messages are processed as messages
2022-04-11 17:54:35 +02:00
2b149747f5
Also track login and register events from the api routes
2022-04-11 16:11:01 +02:00
8da4293305
typo
2022-04-11 16:04:28 +02:00
c16fd25b2e
Added fix for parts that are not messages
2022-04-11 15:52:31 +02:00
ae8824a356
Revert unwanted changes
2022-04-11 14:20:56 +02:00
7649f6b822
Do not show an error if we receive an unsubscribe from a different address
2022-04-11 14:19:32 +02:00
dc59b61fba
Revert changes to pgp_utils
2022-04-11 10:20:02 +02:00
f333bb00c5
fix import
2022-04-11 10:19:25 +02:00
60a070731e
Send newrelic events on login and register
2022-04-11 10:18:22 +02:00
7fdd7d7f6a
PR changes
2022-04-11 09:28:57 +02:00
0dbe504329
format
2022-04-08 14:23:59 +02:00
8df6d98522
Merge remote-tracking branch 'origin/master' into ac-dmarc-reply-phase
2022-04-08 11:34:12 +02:00
68e58c0876
Move dmarc management to its own file
2022-04-08 11:28:14 +02:00
b128d64563
Moved spamd check to a custom file and cached the result
2022-04-07 19:17:37 +02:00
0e3c46d944
Save original envelope for debugging
2022-04-06 17:31:46 +02:00
8ca1be0166
Apply dmarc policy to the reply phase
2022-04-06 12:51:04 +02:00
451e69a3c4
More rebase fixes
2022-03-30 16:09:17 +02:00
dce9e633bf
fix
2022-03-30 16:02:05 +02:00
db06ce0ae6
Create signed email addresses for VERP emails
2022-03-30 16:00:02 +02:00
67c2c6afad
add warning to email content when dmarc softfail
2022-03-30 19:48:07 +07:00
110f2f2f2c
Merge pull request #861 from acasajus/spf-dmarc-backscatter
...
Reduce backscatter by checking return-path domain SPF status
2022-03-30 19:44:39 +07:00
f7a98bc7d2
Merge pull request #862 from simple-login/ac/sanitize-next
...
Properly validate //host.com urls
2022-03-30 19:40:36 +07:00
83fc8964a8
PR comments
2022-03-30 09:53:35 +02:00
d561bae7dd
Merge pull request #864 from simple-login/ac/insecure-random
...
Replace using random with secrets for security purposes
2022-03-30 11:49:33 +07:00
1555bc6346
fix test
2022-03-29 21:03:55 +02:00
19e87a7156
More random to secrets
2022-03-29 18:42:28 +02:00
b15facb6e4
Use secrets instead of random
2022-03-29 18:40:52 +02:00
97ef5ff765
Fix oauth redirect when clientid is invalid
2022-03-29 18:37:01 +02:00
a9e31cff26
Fix tests
2022-03-29 18:34:13 +02:00
c5b0f5304e
Format
2022-03-29 18:18:11 +02:00
d6df5e0ea0
Add limiters to auth routes
2022-03-29 18:14:13 +02:00
e91fd26964
Sanitized missing places
2022-03-29 18:03:18 +02:00
fe9161b101
Properly validate //host.com urls when redirecting after receiving a next param
2022-03-29 17:53:00 +02:00
085c166cb2
Replace 5XX with 2XX for return path that fail SPF check
2022-03-29 15:09:10 +02:00
7d36256b7c
Check return-path spf record before bouncing a message
2022-03-29 10:52:11 +02:00
0d7d56c0ea
send email when an email is put to quarantine
2022-03-25 18:02:17 +01:00
63b1100a8b
log event when there's no dmarc result
2022-03-25 16:19:11 +01:00
ce2d2a3b3a
fix case where header isn't string
2022-03-25 16:17:58 +01:00
32fd65b69b
add more log for alias transfer
2022-03-23 18:33:33 +01:00
3d30870395
Merge pull request #849 from acasajus/new/parse-rpamd-headers
...
Return 200 on fishy dmarc result
2022-03-22 17:36:45 +01:00
99b05034b0
Merge pull request #843 from acasajus/new/parse-rpamd-headers
...
Parse rspamd headers and apply dmarc policy if found.
2022-03-22 17:13:11 +01:00
517bcb632e
MR changes
2022-03-22 17:02:59 +01:00
5b3688b6df
set a domain for message-id
2022-03-22 11:02:02 +01:00
5f831d593a
CamelCase to snake_case
2022-03-21 17:59:43 +01:00
45459d65be
PR comments
2022-03-21 17:43:26 +01:00
f554375f23
decode, replace and encode for base64 encoding
2022-03-21 17:29:22 +01:00
1952f368a8
require password to use the api key page
2022-03-21 14:40:47 +01:00
9dc7cff87f
add rate limiting for /auth/mfa
2022-03-21 14:23:35 +01:00
a662ef4aee
remove g.deduct_limit in api auth endpoint
2022-03-21 14:23:20 +01:00
06a1363e92
Updated MR comments
2022-03-21 12:03:11 +01:00
cdea0f5ee2
Rename header
2022-03-21 10:43:19 +01:00
44dd06fabf
Added spoofed email test
2022-03-21 10:43:18 +01:00
c9cbaeb460
format
2022-03-21 10:43:17 +01:00
e8013f8e0c
Initial parse of rpamd extra headers
2022-03-21 10:43:17 +01:00
0931642d11
use 10.0.0.0 network instead of 240.0.0.0
2022-03-20 10:38:58 +01:00
fa2f83dbf4
fix and refactor
2022-03-16 10:24:59 +01:00
7e0992b767
add mime version header for transactional email
2022-03-14 19:23:38 +01:00
79154378f2
Merge pull request #836 from cquintana92/feature/allow-to-edit-manual-subscription
...
Allow to edit manual subscription
2022-03-14 18:07:07 +01:00
ed58e811d1
Allow to edit manual subscription
2022-03-14 16:47:30 +01:00
479a7420cb
Useful time format
2022-03-14 15:40:50 +01:00
b463ba8f41
Added filter
2022-03-14 15:33:09 +01:00
bf177ac5ba
Remove unused
2022-03-14 15:29:17 +01:00
9b16143e59
Show nicer admin logs
2022-03-14 15:28:53 +01:00
553d8976be
Added extend subscription log
2022-03-14 15:07:51 +01:00
549c6ec7d3
Comment changes
2022-03-11 11:37:14 +01:00
4368fd323f
Less changes
2022-03-10 18:13:33 +01:00
d0860cd54d
Merge remote-tracking branch 'origin/master' into new/admin-audit-trail
...
* origin/master: (35 commits)
reduce nb of commit
show "more" only when a notification has a title. Show either title or message. Use bold font when a notification isn't read
create a notification when an alias is disabled
mark a notification as read when user arrives on the notification page
Use plausible outbound link tracking
add more log
fix discover page
fix
fix "local variable 'alias_id' referenced before assignment"
make sure to close session in monitoring
use Date instead of date for header value
lessen alias automatic disable check
refactor
return the block reason in should_disable()
add adhoc upgrade on admin
add extend subscription for 1 month to admin
disable edition on admin
comment out some admin pages
fix migration
fix duplicated stats
...
2022-03-10 18:10:13 +01:00
733efc387c
Updated admin view
2022-03-10 17:49:30 +01:00
98c942d84a
Added admin log view
2022-03-10 17:32:35 +01:00
bc82bab1eb
Added alembic migration
2022-03-10 16:37:21 +01:00
1d15af53b7
Add an audit log for the admin panel
2022-03-10 16:13:31 +01:00
0e3a5c3d3c
mark a notification as read when user arrives on the notification page
2022-03-09 17:58:26 +01:00
6f80edfd64
fix discover page
2022-03-08 16:38:03 +01:00
a64a70cbc8
use Date instead of date for header value
2022-03-07 15:57:29 +01:00
350f498b94
lessen alias automatic disable check
2022-03-07 15:50:58 +01:00
71136669e9
return the block reason in should_disable()
2022-03-07 15:44:27 +01:00
f7ba3873d0
add adhoc upgrade on admin
2022-03-02 19:05:17 +01:00
52a911f9d3
add extend subscription for 1 month to admin
2022-03-02 19:04:45 +01:00
b2d8f5a017
disable edition on admin
2022-03-02 19:04:30 +01:00
627b2e56d9
comment out some admin pages
2022-02-28 16:40:07 +01:00
6a520e110c
Merge pull request #816 from simple-login/feature/include-sender-in-header
...
Feature/include sender in header
2022-02-28 09:24:18 +01:00
205d8d7d3f
add index for Alias custom_domain_id and directory_id columns
2022-02-26 17:51:50 +01:00
4faf0d7636
optimize dashboard page: load custom domain using joinedload() instead of explicit join
2022-02-26 17:34:53 +01:00
7df93c2ee5
Merge pull request #813 from cquintana92/feature/make-nameservers-configurable
...
Make nameservers configurable
2022-02-25 12:29:50 +01:00
007aa56551
user can turn on/off the including sender in header option
2022-02-25 12:24:54 +01:00
51598ada02
add User.include_header_email_header column
2022-02-25 12:24:54 +01:00
e9dd73e99b
Replace env by os.environ.get
2022-02-25 11:19:49 +01:00
01cc65bdca
Allow to have lower priority MX servers
2022-02-24 17:23:45 +01:00
8f339923f8
Make nameservers configurable
2022-02-24 15:05:05 +01:00
7da06ba424
return 422 if account not activated
2022-02-22 22:12:36 +01:00
e9d134fe8f
Merge pull request #784 from FozzieHi/fix-testing-warnings
...
Fix deprecation warnings.
2022-02-21 17:12:36 +01:00
e55c3a155b
Merge pull request #803 from acasajus/fix/sentry-APP-ZP
...
Only allow authenticated and enabled users to accept a OAuth post request
2022-02-21 17:11:53 +01:00
4b13d5a28c
Fix test
2022-02-21 16:03:39 +01:00
7d008228e3
Merge pull request #811 from cquintana92/feature/ignore-or-reject-for-blocked-contacts
...
Allow to configure ignore or reject response for blocked contacts
2022-02-21 15:55:48 +01:00
bfcd75bdea
Merge pull request #801 from acasajus/new/no-reply
...
Send support questions to the support ticket page
2022-02-21 15:07:27 +01:00
ee9170bb17
Allow to configure ignore or reject response for blocked contacts
2022-02-21 12:52:21 +01:00
33163660f7
PR comments
2022-02-21 12:30:26 +01:00
3e983e3557
Only allow authenticated and enabled users to accept a OAuth post request
2022-02-17 17:25:04 +01:00
b0ac2f871a
Fixes
2022-02-17 13:21:40 +01:00
398c1a55f1
Change SUPPORT_EMAIL to NOREPLY
2022-02-17 13:18:52 +01:00
15ce7b00d8
Reply to noreply@... once per user
2022-02-16 18:38:31 +01:00
2a751624a8
Default ALLOWED_REDIRECT_DOMAINS to URL if it's not set
2022-02-16 16:16:14 +01:00
b4e291d4fd
Make NextUrlSanitizer a static class
2022-02-16 16:05:50 +01:00
6be99bc576
Do not account for urlencoded redirects
2022-02-16 16:02:13 +01:00
a44acf1846
Add support for allowed redirect domains
2022-02-16 09:38:55 +01:00
39222cf868
Simplify conditional
2022-02-15 16:33:30 +01:00
2f9489fe39
Only allow relative redirects
2022-02-15 15:16:31 +01:00
728d935d65
add ZENDESK_ENABLED param
2022-02-14 18:08:32 +01:00
c3cd1419f9
reformat code: put POST handling on top
2022-02-14 18:02:54 +01:00
a0bb4e9ccc
more verbose error
2022-02-14 18:02:30 +01:00
69c8980c18
Merge pull request #792 from acasajus/new/zendesk-support
...
Create support tickets via zendesk
2022-02-14 17:53:30 +01:00
416e7b363a
PR fixes
2022-02-14 15:58:36 +01:00
305ce38379
PR changes
2022-02-14 11:19:03 +01:00
700856053a
PR comment fixes
2022-02-11 13:32:31 +01:00
8120128a51
Added Zendesk token
2022-02-10 12:59:48 +01:00
639d4412e1
Updated comments from PR
2022-02-10 12:47:31 +01:00
c9974d5321
Removed successful ticket created page and replaced with notification
2022-02-10 12:38:56 +01:00
3fedc84c95
Add rate limit to ticket createion
2022-02-10 12:34:46 +01:00
c18f9658b0
Merge pull request #787 from FozzieHi/test-config
...
Update testing suite and refactor.
2022-02-10 11:37:36 +01:00
e844c9a392
Removed disabled page and redirected to the normal dashboard
2022-02-10 11:04:36 +01:00
f59c5499fb
Formatting
2022-02-10 10:30:28 +01:00
8aee883aae
Updated with more PR comments
2022-02-09 16:41:04 +01:00
95fa95649d
Added comments from PR
2022-02-09 16:20:55 +01:00
e57dcac2d2
Added zendesk submission flow
2022-02-09 12:00:48 +01:00
219d5b998f
Add a suport form to create tickets in zendesk
2022-02-08 22:04:25 +01:00
5b62f5a745
add rate limit to /auth/register
2022-02-07 18:45:41 +01:00
c415324932
Add flake8-bugbear
2022-02-06 20:37:43 +00:00
f7be992437
Update black, flake8 and pre-commit and use specific pre-commit versions.
2022-02-06 14:25:53 +00:00
5da31f53b4
add MONITORING_EMAIL param
2022-02-04 15:43:40 +01:00
936d90a5f5
Fix deprecation warnings.
2022-02-04 13:49:38 +00:00
4d1c4cfdff
support pinned parameter in /api/v2/aliases
2022-02-03 11:16:49 +01:00
543923b325
Merge pull request #760 from FozzieHi/delete-all-api-keys-button
...
Add a button to delete all API Keys
2022-02-02 18:31:05 +01:00
049bd746ad
refactor shell
2022-01-26 15:22:37 +01:00
5a712f3877
make sure subdomain can only contain lowercase letters, numbers and dashes.
2022-01-26 14:53:27 +01:00
74713c2142
Rename method.
2022-01-25 18:32:34 +00:00
89a800eed9
Merge pull request #753 from FozzieHi/totp-invalid-login-email
...
Invalid TOTP and recovery code email notifications
2022-01-24 18:35:52 +01:00
fc3f06f4d8
create notification listing page
2022-01-24 16:45:36 +01:00
90fa4abf69
create a notification for a bounce email
2022-01-24 16:10:36 +01:00
1de6fefc59
add notification detail page
2022-01-24 15:22:01 +01:00
5b7949f346
return title in /api/notifications
2022-01-24 15:20:59 +01:00
3422f038eb
add Notification title
2022-01-24 15:18:56 +01:00
65531b5c63
Add a button to delete all API Keys.
2022-01-23 18:38:54 +00:00
e73288354d
remove IGNORED_EMAILS variable
2022-01-21 19:30:27 +01:00
ab72927a16
Update text.
2022-01-20 18:24:28 +00:00
50122da0fe
Implement API notifications and use a function in email_utils
2022-01-20 17:42:11 +00:00
42407a0543
Send the email after the local error.
2022-01-20 16:44:15 +00:00
f7f91afc1e
Send a notification email for invalid recovery codes.
2022-01-20 16:41:42 +00:00
6d736aa915
Implement rate limiting with send_email_with_rate_control.
2022-01-20 15:05:18 +00:00
0eb2984b9c
Add invalid TOTP login email notifications.
2022-01-20 14:18:47 +00:00
b929dc5462
check if alias is not none
2022-01-18 09:40:50 +01:00
0806f9243e
return custom domain json in patch
2022-01-16 17:26:11 +01:00
841621dbe2
handle the case mailboxes is empty in try_auto_create_via_domain
2022-01-13 09:33:32 +01:00
4cea47cc27
add setting for include_website_in_one_click_alias
2022-01-12 11:50:49 +01:00
6cd8e45d21
return the default sender format (AT) in case user uses a non-supported sender format
2022-01-12 10:19:25 +01:00
c0067b7657
add more log
2022-01-10 15:58:22 +01:00
73d781cf6b
handle non number alias_id
2022-01-10 10:44:41 +01:00
9c696bd038
ignore VERPReply
2022-01-09 20:35:57 +01:00
6cdf5637aa
validate the alias address before creating
2022-01-09 20:22:41 +01:00
a0727435eb
use warning level
2022-01-09 20:13:41 +01:00
c5e4dd6d16
save email for debug with error name as prefix
2022-01-08 16:58:23 +01:00
Adrià Casajús
Adrià Casajús
Son Nguyen Kim
Carlos Quintana
george