798e8b269c
Topt app passwords fixes (WIP) ( #805 )
...
various improvements to the TOTP code see also: #802
2025-05-16 20:31:20 +01:00
f3ce7e232d
token formatting changes
2024-05-17 22:03:55 +01:00
56dd787ce2
when going through password recovery, only wipe the recovery token after the user has updated their password
...
see https://github.com/postfixadmin/postfixadmin/issues/550
2024-05-17 22:02:01 +01:00
f01274ec94
try relaxing composer dependencies to allow php8.2 dev support, reformat so composer format passes
2024-04-22 21:02:01 +01:00
0876c368e4
feat: support Dovecot DIGEST-MD5 ( #816 )
...
Add support for dovecot DIGEST-MD5 auth (using : $CONF['pacrypt'] = 'dovecot:DIGEST-MD5')
This also changes the pacrypt() function to take an optional 3rd argument (username).
Thanks @bestlong
2024-04-12 09:57:19 +01:00
6b5801c666
typo fixes
2024-01-05 19:30:16 +00:00
4b8027e8e3
rename 'txtlarge' field type to 'txta'
...
... (think "textarea") to keep the field type name short.
This is a follow-up up https://github.com/postfixadmin/postfixadmin/pull/631#issuecomment-1188336564
2022-07-23 21:22:49 +02:00
d3e101e9d8
Merge remote-tracking branch 'origin/master' into feature/dkim
2022-07-18 08:55:07 +01:00
a97771adfd
Automatic code style fixes
2022-07-15 11:29:55 +02:00
2d6ded2786
PSR2 -> PSR12 formatting
2022-06-28 13:46:11 +01:00
9e73025058
Add Domain Key handling
2022-06-23 20:40:06 +02:00
af2cba2a6c
only update the modified field on update
2021-04-13 21:35:06 +01:00
2edabc3e03
phpcs insists on some brace changes
2021-04-13 21:19:16 +01:00
823f27b29d
phpcs wants to change ...
2021-03-22 09:28:28 +00:00
ff2a7c96d4
update changelog; try and improve tests
2021-01-14 17:07:55 +00:00
6663a35bdb
PFAHandler: fix backwards compability for store()
...
... and beforestore() and storemore()
Custom child classes might use the old names, and we should keep them
working (with a deprecation notice in the error log).
2021-01-06 21:18:53 +01:00
16531534a3
add @deprecated phpdoc
2020-10-02 20:57:55 +01:00
d07d115bd5
fix names ....
2020-10-02 20:56:45 +01:00
712939eb88
maintain backwards compatability with PFAHAndler::{store(),storemore(),beforestore()}
2020-09-28 21:51:57 +01:00
b8fa60bb8a
more type hints / psalm fixes
2020-09-28 20:33:54 +01:00
b868f950bf
refactor Login stuff out of Handler classes into Login... add tests
2020-09-25 21:32:53 +01:00
3c7da4f3b8
Refactor some methods
...
PFAHandler::store() -> PFAHandler::save();
PFAHandler::storemore() -> PFAHandler::postSave();
PFAHandler::beforestore() -> PFAHandler::preSave();
2020-09-25 21:29:45 +01:00
c3a8875ca6
psalm fixes
2020-08-06 21:10:30 +01:00
e8f27969a3
psalm fixes
2020-06-21 16:44:43 +01:00
3303f25bcc
add some php 7+ array type hints.
2020-03-16 13:11:15 +00:00
48e236ffc0
use hash_equals for login - see: https://github.com/postfixadmin/postfixadmin/issues/58
2020-03-14 22:04:54 +00:00
1ad184641d
php7.4 / psalm fixes
2020-01-31 16:30:46 +00:00
bcae218cbb
composer format time
2019-10-19 21:36:27 +01:00
87824ef970
psalm fixes/workarounds; require PHP 5.6+
2019-10-19 20:51:05 +01:00
4aa3110712
phpdoc/psalm fixes
2019-10-19 20:01:25 +01:00
80418e6412
try and avoid hitting : https://github.com/postfixadmin/postfixadmin/issues/51
2019-09-14 21:19:39 +01:00
71402e9051
comment
2019-04-26 11:46:57 +01:00
045a19ae33
re-format
2019-02-27 14:44:20 +00:00
7ed57a0cda
assume the db updates work if no exception was thrown
2019-02-27 14:44:20 +00:00
28e687ff5b
sqlite does not support NOW(), use a string comparison
2019-02-18 21:11:17 +00:00
803e2342f8
fix psalm issues; reformat; rename new db functions
2019-01-06 21:32:58 +00:00
1176c9ce78
reformat; fix some transition bugs
2019-01-06 21:32:58 +00:00
ea33d9951a
try migrating to pdo
2019-01-06 21:32:58 +00:00
4fcdba9cf4
run php-cs-fixer (code reforamt)
2018-12-28 19:31:43 +00:00
74002bbf57
psalm fixes
2018-12-27 21:43:11 +00:00
173d5775cd
psalm fixes
2018-12-27 13:55:02 +00:00
ec085b668b
missing class property
2018-06-18 21:34:24 +01:00
d2588a4de2
Fix phpcs whitespace breakage in initStruct etc.
2018-04-22 18:24:41 +02:00
500c847fe0
re-add lost comment
2018-03-25 19:16:21 +02:00
fef2591335
phpdoc fixes
2018-03-16 20:07:21 +00:00
cb34da4f46
phpcs reformat
2018-02-18 19:59:37 +00:00
152975d05c
move to use db_assoc() rather than db_array() (code assumes assoc. array)
2018-02-10 21:08:35 +00:00
15df6c1d7b
Reformat everything with PHP-Cs-Fixer
2018-01-26 23:54:37 +09:00
8fb67e6fbf
Fix broken table names caused by doubled table_by_key() calls
...
The high-level db_*() functions (like db_update(), and also
_db_add_field() in upgrade.php) call table_by_key() internally, which
also means the unwrangled table name needs to be handed over to them.
If handing over an already table_by_key()'d table name, it gets modified
again and results in something like prefix_prefix_mailbox.
2017-12-30 11:55:55 +01:00
ffb84283c2
Harden password reset process
...
The improvements are:
- Die with an explicit message when a user is trying to reset his lost password and the option is disabled in config
- Redirect user to main page after password change using relative URL
- Don't leak info whether user exists or has recovery info defined
- Throttle password reset requests to prevent brute force attacks
- Show phone/alt email fields in mailbox/admin edit form only when the password reset option is enabled
- Make database upgrade code compatible with other databases types
- Use the existing password generator to generate OTP. It is now stored in database, unique to each user, valid only for 1 hour and can only by used once.
2017-10-09 11:45:51 +09:00
