Commit Graph

25 Commits (b2e6becf2a59e17eab45fd62990e34b9370a62e1)

Author SHA1 Message Date
andryyy aef15f004a
[Web] Allow CIDR as allowed API networks; other minor fixes 2020-05-04 07:51:50 +02:00
Timo N 048899ad71
[Web] Fixed read write API permissions (#3465) 2020-04-11 07:33:13 +02:00
andryyy 8f4540d5d9 [Web] r/o API keys, Pushover integration (can be limited by ACL), other minor changes 2020-04-10 21:00:23 +02:00
andryyy 0ac4281f0e
[Web] Allow to skip IP check for API 2020-02-16 20:08:36 +01:00
ntimo cb9ab928b3
[Web] Replaced die(); with exit(); due to code conventions 2019-10-04 08:40:24 +02:00
ntimo 8b5be0b56d
[Web] Return 401 status code when API authentication fails 2019-10-02 13:05:12 +02:00
andryyy c8047b9555 [Web] Change session timeout handling
[Rspamd] Add missing spamassassin.conf
2019-04-14 13:01:47 +02:00
andryyy 3c4c760e29
[Web] Allow logout with broken session
[Web] Try to set aria hidden to false when a modal opens
2019-03-25 12:33:58 +01:00
andryyy a599536499
[Web] Various session fixes 2019-02-04 22:34:03 +01:00
André d39eab53a3 [Web] Fix API 2018-10-16 20:09:01 +02:00
André 9f0be1d8a8 [Web] Fix require_once to always include document root
[Web] Add system mails (send mails to all mailboxes via LMTP)
[Web] Allow to add more administrators
[Web] Fix domain administrator editing
[Web] Remove some foreign keys
[Web] Remove username from API
[Web] Remove more .php extension from code
[Web] More minor fixes
2018-10-11 11:59:23 +02:00
André a11cce6765 [Web] Fixes for BCC map input fields
[Web] Allow to edit alias address
[Web] $_SESSION['return'] now contains arrays and allows multiple returned messages and log entries
[Web] Some language string changes
[Web] General SQL exception handler, remove all try catch handlers
[Web] Alias table now has an ID as primary key
[Web] Be more aggressive with localStorage cleaning
2018-08-13 23:20:40 +02:00
André 7f86a80670 [Web] Fix log line handling
[Web] Add mailcow UI logs
[Web] Changes to _SESSION['return'] logic and logger (more to come)
[Web] Show last login
[Web, Postfix] Allow to disable sender check completely
[Web] Many minor fixes
[Web] Update some libs
2018-08-03 20:31:33 +02:00
andre.peters adc23d86f9 Various... 2017-12-09 13:17:15 +01:00
André 85d1ee2f49 [Web] Autodiscover returns given password decoded and trimed; Add sieve pre and post filters to UI; Move ajax called files; Rework log system: 100 entries per default, add more per click; Syncjobs: Do not read log to data attribute 2017-11-03 20:37:24 +01:00
André 81775765d8 [Web] Customize app menu and logo; Fix #671 2017-10-21 10:07:06 +02:00
andryyy 66e06a0c0c [Web] Sync jobs can be created/viewed/edited by admins/domain admins; Various fixes or improvements 2017-07-29 10:32:17 +02:00
andryyy 9bce8f0501 [Web] Fix session timeout 2017-07-26 23:09:50 +02:00
andryyy 84ad579437 [Web] Initial ratelimit support, more API actions 2017-07-16 11:03:28 +02:00
andryyy 5a95d2062c More changes to the UI, more API... 2017-05-29 21:51:06 +02:00
andryyy 4ffa80a669 Remove ip from session check 2017-05-18 19:45:41 +02:00
Dennis Neufeld 0d3d9b8c15 Fix bug: Session cookie domain
If the web domain is != mail domain, the session cookie is set to the wrong domain.
2017-05-16 19:46:24 +02:00
andryyy e91c6916ab CSRF protection 2017-05-15 11:37:12 +02:00
andryyy 49f28ecaf8 Destroy session when it becomes invalid 2017-05-14 21:53:08 +02:00
andryyy 3c937f75ba Add OWASP CSRF Protector, add more secure session handling 2017-05-07 13:38:31 +02:00