12928b832c
Fix broken tests
5 years ago
bd1e8be328
Implement change-email, email-verification, account-recovery, and welcome notifications
5 years ago
64d6f72e6c
Add the ability to disable signups, but allow signups from a whitelist
This feature can be enabled by setting SIGNUPS_ALLOWED=false and
providing a comma-separated list of whitelisted domains in
SIGNUPS_DOMAINS_WHITELIST.
Fixes #727
6 years ago
3f6809bcdf
Fixed issue/request #705
Added a config option to disable time drifted totp codes.
Default is false, since this is what the RFC recommends.
6 years ago
85dbf4e16c
Don't include excluded global equivalent domains during sync
Fixes #681
6 years ago
e449912f05
Generate recovery codes for email and duo
6 years ago
d29b6bee28
Remove unnecessary clones and other clippy fixes
6 years ago
00a11b1b78
Stop leaking usernames when SIGNUPS_ALLOWED=false
This fixes #691 - respond in less specific way to not leak the
fact that user is already registered on the server.
6 years ago
2edecf34ff
Use user_uuid instead of mut twofactor
6 years ago
18bc8331f9
Send email when preparing 2FA JsonError
6 years ago
603a964579
Fixed issue #663 .
During the 2fa activation there is no twofactor record yet.
Changed the layout a bit so that it will generate a new twofactor record
when it does not exists yet. Else it will just update the already
existing record.
6 years ago
9466f02696
Recoded TOTP time drift validation
6 years ago
ebf40099f2
Updated authenticator TOTP
- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that.
6 years ago
edc482c8ea
Changed HIBP Error message.
- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo.
6 years ago
6e5c03cc78
Some modification when no HIBP API Key is set
- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp.
6 years ago
df8114f8be
Updated client kdf iterations to 100000 and fixed some lints
6 years ago
e3404dd322
Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values
6 years ago
bfc517ee80
Remove unused warning
6 years ago
4a7d2a1e28
Rename static files endpoint
6 years ago
c99df1c310
Compare token using crypto::ct_eq
6 years ago
591ae10144
Get token from single u64
6 years ago
026f9da035
Allow removing users two factors
6 years ago
515b87755a
Update HIBP to v3, requires paid API key, fixes #583
6 years ago
ad2225b6e5
Add configuration options for Email 2FA
6 years ago
5609103a97
Use ring to generate email token
6 years ago
6d460b44b0
Use saved token for email 2fa codes
6 years ago
efd8d9f528
Remove some unused imports, unneeded mut variables
6 years ago
29aedd388e
Add email code logic and move two_factor into separate modules
6 years ago
05a1137828
Move backend checks to build.rs to fail fast, and updated dependencies
6 years ago
e22e290f67
Fix key and type variable names for mysql
6 years ago
874f5c34bd
Formatting
6 years ago
253faaf023
Use users duo host when required, instead of always using the global one
6 years ago
03fdf36bf9
Fixed purging organization vault
6 years ago
fdcc32beda
Validate Duo credentials when custom
6 years ago
8d9827c55f
Implement selection between global config and user settings for duo keys.
6 years ago
cad63f9761
Auto generate akey
6 years ago
621f607297
Update dependencies and fix some warnings
6 years ago
754087b990
Add global duo config and document options in .env template
6 years ago
cfbeb56371
Implement user duo, initial version
TODO:
- At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting.
- Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
6 years ago
61515160a7
Allow changing error codes and create an empty error.
Return 404 instead of 400 when no accounts breached.
6 years ago
04922f6aa0
Some formatting and dependency updates
6 years ago
7d2bc9e162
Added option to force 2fa at logins and made some changes to two factor code.
Added newlines to config options to keep them a reasonable length.
6 years ago
10756b0920
Update dependencies and fix some lints
6 years ago
473f8b8e31
remove some unneeded mutability
6 years ago
5ee04e31e5
Updated dependencies, removed some unnecessary clones and fixed some lints
6 years ago
a744b9437a
Implemented multiple U2f keys, key names, and compromised checks
6 years ago
6027b969f5
Delete old devices when deauthorizing user sessions
6 years ago
93805a5d7b
Fix Yubikeys deleted on error
6 years ago
820c8b0dce
Change use of deserialize_with for Option iterator
6 years ago
8b4a6f2a64
Fixed some clippy lints and changed update_uuid_revision to only use one db query
6 years ago
Daniel García
tomuta
BlackDex
Patrick Li
Miro Prasil
vpl
Emil Madsen
janost
Дамјан Георгиевски