00a11b1b78
Stop leaking usernames when SIGNUPS_ALLOWED=false
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
5 years ago
ee550be80c
Added http favicon url when response failed
5 years ago
fccc0a4b05
Update rocket to latest master
Downgrade rust version to fix cargo issue
Set rustup profile to minimal
5 years ago
ebc47dc161
Remove unneeded WS logging
5 years ago
3b7a5bd102
Move 2FA email config to after SMTP config
5 years ago
2edecf34ff
Use user_uuid instead of mut twofactor
5 years ago
18bc8331f9
Send email when preparing 2FA JsonError
5 years ago
603a964579
Fixed issue #663 .
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
5 years ago
9466f02696
Recoded TOTP time drift validation
5 years ago
2cde814aaa
Fixed a bug with the sqlite backup feature.
When a custom path is used the backup feature does not work.
Changed it so it will take the path of the sqlite file and use that.
5 years ago
d292269ea0
Make the blacklist logic be cached
5 years ago
ebf40099f2
Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
5 years ago
edc482c8ea
Changed HIBP Error message.
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
5 years ago
6e5c03cc78
Some modification when no HIBP API Key is set
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
5 years ago
881c1978eb
Error when the URL scheme doesn't match the database type
5 years ago
662bc27523
Updated dependencies and fixed disable_admin_token description
5 years ago
be2916333b
Fixed issue #565
Issue fixed by omitting the cookie header when cookie_str is empty
5 years ago
9124d8a3fb
Updated icon blacklisting.
- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc...
5 years ago
7b1da527a6
Change CORS headers
Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard.
5 years ago
d6e9af909b
Remove the unnecessary check for sqlite
The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways.
5 years ago
acdd42935b
Add sqlite binary into the docker images
This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use.
5 years ago
56f12dc982
Use Access-Control-Allow-Method
5 years ago
4c07f05b3a
Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.
Removed unnecessary returns
5 years ago
f5f9861a78
Adds support for PostgreSQL which resolves #87 and is mentioned in #246 .
This includes migrations as well as Dockerfile's for amd64.
The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into.
5 years ago
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints
5 years ago
5a2f968d7a
Set correct response headers, status code
5 years ago
16d88402cb
Initial version of CORS support
5 years ago
7dcf18151d
Fix onsubmit
6 years ago
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values
6 years ago
bfc517ee80
Remove unused warning
6 years ago
4a7d2a1e28
Rename static files endpoint
6 years ago
672a245548
Remove unecessary clone
6 years ago
c99df1c310
Compare token using crypto::ct_eq
6 years ago
591ae10144
Get token from single u64
6 years ago
2d2745195e
Allow explicitly defined smtp auth mechansim
6 years ago
026f9da035
Allow removing users two factors
6 years ago
d23d4f2c1d
Allow editing HIBP key in the admin panel
6 years ago
515b87755a
Update HIBP to v3, requires paid API key, fixes #583
6 years ago
ee7837d022
Add option to require new device emails
6 years ago
07743e490b
Ignore error sending device email
6 years ago
e7b6238f43
Added reqwest proxy support
6 years ago
ad2225b6e5
Add configuration options for Email 2FA
6 years ago
5609103a97
Use ring to generate email token
6 years ago
6d460b44b0
Use saved token for email 2fa codes
6 years ago
efd8d9f528
Remove some unused imports, unneeded mut variables
6 years ago
29aedd388e
Add email code logic and move two_factor into separate modules
6 years ago
27e0e41835
Add email authenticator logic
6 years ago
0b60f20eb3
Add email message for twofactor email codes
6 years ago
c9c3f07171
Updated dependencies and fixed panic getting icons
6 years ago
df71f57d86
Move send device email to end of password login
Send new device email after two factor authentication.
6 years ago
Miro Prasil
BlackDex
Daniel García
Jellyfrog
vpl
Michael Powers
ViViDboarder