Commit graph

36 commits

Author SHA1 Message Date
David Duque
cd9bd51ed0
Import changes from upstream (v56) 2022-01-20 15:02:16 +00:00
David Duque
4812ffd6b3
v55.1 2021-11-17 22:58:33 +00:00
kiekerjan
646f971d8b
Update mailinabox.yml (#2054)
The examples for login and logout use GET instead of POST. GET gives me an error when using it, while POST seems to work.
2021-10-31 12:49:26 -04:00
Felix Spöttel
86067be142
fix(docs): set a schema for /logout responses (#2051)
* this remedies an OpenAPI syntax violation resulting in a redoc-cli crash
2021-10-27 12:27:54 -04:00
David Duque
109267c7b0
v55.0 2021-10-19 21:12:17 +01:00
David
f6d7d5689c
Merge v55 from upstream 2021-10-19 14:42:07 +01:00
Joshua Tauberer
e884c4774f Replace HMAC-based session API keys with tokens stored in memory in the daemon process
Since the session cache clears keys after a period of time, this fixes #1821.

Based on https://github.com/mail-in-a-box/mailinabox/pull/2012, and so:

Co-Authored-By: NewbieOrange <NewbieOrange@users.noreply.github.com>

Also fixes #2029 by not revealing through the login failure error message whether a user exists or not.
2021-09-06 09:23:58 -04:00
David Duque
09f635c1f9
v0.54.POWER.5 2021-08-26 17:17:56 +01:00
David
8b2f7f2e4c
v0.54.POWER.4 2021-07-29 01:42:55 +01:00
David
e98d830f7f
v0.54.POWER.3 2021-07-04 11:24:11 +01:00
David
9ab5733af4
v0.54.POWER.2 2021-07-03 22:55:12 +01:00
David
63081c647a
v0.54.POWER.1 2021-07-03 21:27:01 +01:00
David
3018cdd698
v0.54.POWER.0 2021-06-28 00:17:23 +01:00
David Duque
9f9eb920b3
v0.53.POWER.2 2021-05-16 23:20:55 +01:00
David Duque
f382a55a0a
v0.53.POWER.1 2021-05-16 21:41:37 +01:00
David Duque
9f13ee6d55
v0.53.POWER.0 2021-04-13 23:02:08 +01:00
David Duque
a3851bd6be
v0.52.POWER.3 2021-03-30 20:34:27 +01:00
David Duque
5e20a00e25
v0.52.POWER.2 2021-03-30 20:09:01 +01:00
David Duque
353645f8db
Sync with master 2021-03-24 11:05:03 +00:00
David Duque
2ac999fca4
v0.52.POWER.1 2021-03-24 10:48:45 +00:00
David Duque
9b50d05751
Resync with master branch 2021-02-13 01:00:37 +00:00
David Duque
1ea90a5dbb
Include unique set of UID emails on key representations 2021-02-10 01:54:45 +00:00
David Duque
1ad7ad855a
Document /system/pgp/wkd endpoint in ReDoc 2021-02-07 03:23:14 +00:00
David Duque
4829e687ff
Merge changes from master 2021-01-31 16:20:15 +00:00
Richard Willis
f66e609d3f
Api spec cleanup (#1869)
* Fix indentation

* Add parameter definition and remove unused model

* Update version

* Quote example string
2020-11-26 06:56:04 -05:00
Victor
b85b86e6de
Add download zonefile button to external DNS page (#1853)
Co-authored-by: Joshua Tauberer <jt@occams.info>
2020-11-16 06:03:41 -05:00
David Duque
13ef53de71
Merge changes from master 2020-11-15 19:15:20 +00:00
David Duque
a67a57913d v0.51 (November 14, 2020)
Software updates:
 
 * Upgraded Nextcloud from 17.0.6 to 20.0.1 (with Contacts from 3.3.0 to 3.4.1 and Calendar from 2.0.3 to 2.1.2)
 * Upgraded Roundcube to version 1.4.9.
 
 Mail:
 
 * The MTA-STA max_age value was increased to the normal one week.
 
 Control Panel:
 
 * Two-factor authentication can now be enabled for logins to the control panel. However, keep in mind that many online services (including domain name registrars, cloud server providers, and TLS certificate providers) may allow an attacker to take over your account or issue a fraudulent TLS certificate with only access to your email address, and this new two-factor authentication does not protect access to your inbox. It therefore remains very important that user accounts with administrative email addresses have strong passwords.
 * TLS certificate expiry dates are now shown in ISO8601 format for clarity.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl+v8k4PHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BMYUIAJTD1iKzY1SoDNSp8JMPn2sWusOnJNrnvYEV
 vsrBM4AzwJv3DIZKSkYCitbTQW2FsTcjF6Jl5PCavEmAGe55AIKAPM/52Uq6jqDE
 aR8EZvI9ca1i7yR7DOHEI043QSPmp/iCFD48vvmKgN/LZy67TaHaOlGJbc3nfpk0
 y7ejMpF/6RP6ik4snnRQoWTFShaOpB9WcEVnUO7CHZdWcpSCZ55c9yi6A6ExGk7e
 97R5+JN1MgOdZ6rzWZuMWiz7EZ/Ew4jYLZpOwg8qJm0HNbYJ6+/xxsQBwaQzyBw3
 TsTl4GmunNPfoNrmKdJeLy0sBwiVBv/rysjWjim5v8jAYBoKoUQ=
 =2oRU
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl+xc7sACgkQLzJ3OKPA
 rjo6Zw//eYyTBlfQfFHIsLYKxJbwh6fDrIG6/Za6898cPhkJ/ugBeJlNEyT/EjpU
 MvtIgEU9xbG/tjsnQXsgAXJ6s7ZWm1QB5D+wqUIEeAFUn5IkCnXo0wPZJhSTNZhD
 4InnWsicYZj/ByuSH179xHyTAx2uYDBbPT4HjUlzIsaopvWOKLvAfzY3r42AiNvZ
 e79MhKbtOs9kDkrB2LULRzz6WzJDKb11fJccf7UaBerwFvOarMr8hSpOysK0ocHk
 H0wbrGxjb8iBjczVP4OFh36satQ5l4B1W+QVIxZG9ufVAOe3dhv8HngaHqAVyUgF
 gWjDYTnL/anoMMew+kbn2sjeKH6m2ZA+u9g+mDyMGSECVVYhkpOpcbPjZlmlNAQN
 C5BHmHltIg90uicrhzEEPFDBR1JF7JrYO42EwnOWMwjhzRkH2cepVw86lDr+pbrH
 s3hvoWiFFt7cs5ShCpgZDL20ey1e+9wL6b72Qlo7ls7MK3vfZvLPxJLpTi+bnymD
 CNt82Mjpu3BrhjCIGp+px9E2JU/7wUwqyUbgWFtyqxCdJOZXA4ZXVtDs5pQFzhug
 G+Z1HxFmhxck17SD0uHhXJKRD8IRttnO5sBESJaLNB4Ws/KspHVPePNskB/1XSfr
 pFOqikZsoKOICZnpd/eTnUlciqFygqvB0WuFsJNttQN2dBpJViA=
 =ZMFZ
 -----END PGP SIGNATURE-----

Merge upstream v0.51
2020-11-15 18:30:19 +00:00
Joshua Tauberer
545e7a52e4 Add MFA list/disable to the management CLI so admins can restore access if MFA device is lost 2020-10-31 10:23:43 -04:00
David Duque
a210261e34
Be consistent with notation 2020-10-04 22:20:17 +01:00
David Duque
d46b98dcda
Update api documentation file 2020-10-04 22:10:53 +01:00
Felix Spöttel
be5032ffbe Don't expose mru_token and secret for enabled mfas over HTTP 2020-09-29 19:46:02 +02:00
Felix Spöttel
6d82c0035a Update openAPI docs 2020-09-28 21:27:24 +02:00
David Duque
6c608ea868
Update API docs 2020-09-27 00:36:33 +01:00
Felix Spöttel
89b301afc7 Update OpenApi docs, rename /2fa/ => /mfa/ 2020-09-03 13:54:28 +02:00
Richard Willis
62b9b1f15f
Add OpenAPI HTTP spec (#1804) 2020-08-22 15:44:19 -04:00