- Fix displaying QR code when configuring 2FA
- Dovecot lua auth: Fix encoding of payload
- Dovecot lua auth: Fix quota attribute
- Add docker image for human testing
- Unify API access token handlers
- Simplify apache config example
- Improve documentation
- Update dependencies
- Add retention API to update last login time for users
- Add retention API to list deleted users
- Do not filter displayed aliases in /alias
- Support trusted proxies for userli behind reverse proxy
- Fix postfix controller
- Fix userdb attributes in dovecot lua auth script
- Migrate large parts of release process to Makefile
- Add Deprecation for UsersCheckPasswordCommand
- Update dependencies
- Upgrade to Symfony 6.4.14 (#659)
- Add API for Postfix (#644)
- Add API for Dovecot (#651)
- Fix adding Users in Admin
- Show email and domain filters per default in admin user list
- Add roundcube API endpoint to get list of aliases
- Fix MailCryptKeyHandler create/update (#629)
- Update dependencies
- Add Support for TOTP in KeyCloak API
- Update dependencies
- Fix Readonly Attribute in Registration Form
- Move validation config from yaml to attributes
- Adjust Validator Signatures
- Add Types to Properties
- Split StartController into specific Controllers
- Vagrant provisioning: Install php-sqlite3
- PasswordChange: Use builtin validators
- Gather Coverage from Behat Tests
- Add TestCase for DomainCreator
- Make password not optional in PasswordUpdater
- Add keycloak API endpoints
- Update dependencies
- Remove URL-based localized routes, store locale in session
- Check for invited by
ROLE_SUSPICIOUSwhen assigning the role - Don't accept invite codes of suspicious users on registration
- Add missing use to RecoveryController
- Add missing default value for roles column
- Require Node v18.x
- Check whether user is suspicious before creating voucher
- Bring back old logic of
findOneBySource()in AliasRepository - Update dependencies
- Add fallback route for
/recovery
- Migrate from deprecated
$defaultNameto name annotation - Update docs how to test
checkpasswordcommand
- Fix CSP Settings for Sonata Admin
- Fix malformed expiry date for PGP key
- Use mkdocs instead of hugo
- Improve documentation
- Migrate Doctrine mappings to PHP annotations
- Make Project PHP 8 ready
- Move routing configuration to annotations
- Modernize form login
- Fix regression in CRUD controllers
- Modernize authentication and repositories
- Fix malformed date for recovery page
- Fix login for deleted user in UsersCheckPasswordCommand
- Update dependencies
- Upgrade to Symfony 6
- Split index route in public (index) and authenticated (start)
- Adjust Admin List Order
- Add __toString methods to Entities
- Improve fixture loading while increasing the number of fixtures
- Fix Filters in User Admin
- Fix Filters in Alias Admin
- Improve Performance for Alias and Voucher Admin
- Use Autocomplete for loading Users in Alias and Voucher Admin
- Update dependencies
- Add command to delete a user alias.
- Fix setting last_login_time on authentication through checkpassword command.
- Update dependencies
- Update dependencies
- Fix display of recovery token during registration process (Fixes #451)
- Update dependencies
- Add Command to export metrics to Prometheus
- Add Two-factor authentication support
- Drop official support for PHP 7.3
- Update to symfony 4.4.40
- Update dependencies
- Update translations
- Rework Registration Config (removed
HAS_SINA_BOX, addedREGISTRATION_OPEN)
- Add Italian as supported language (Thanks J. Lavoie)
- Update to symfony 4.4.38
- Update dependencies
- Add console command to reset a user (
app:users:reset) - Update dependencies
- Many code style fixes
- Fix CheckPasswordCommand with latest symfony/process (Fixes #341)
- Document cron job to delete obsolete maildirs. Thanks to 1resu.
- Set creationTime and updatedTime in all entity constructors (Fixes #207)
- Update to symfony 4.3.36
- Update dependencies
- Show correct random alias by forcing reload (Fixes #307)
- Update German and Frensh translations
- Update to symfony 4.3.33
- Update dependencies
- Show correct random alias without reload (Fixes #307)
- Make php7.3 serve traffic in vagrant
- Update PHP and JS dependencies
- Rename default git branch to
main - Include default translations
- Don't print info line in RemoveUsersCommand with
--list
- Add
--listoption to RemoveUsersCommand to list maildir directories - Add psalm static analysis CI job
- Add contributors to README.md
- Fix query logic when listing inactive users in findInactiveUsers()
- Update PHP and JS dependencies
- Add ROLE_PERMANANT to be used for excluding accounts in user cleanup
- Update ansible roles to fix playbook run
- Add console command
app:users:listwith option to list inactive users - Dispatch AliasCreatedEvent after validation (Fixes: #216)
- Really fix CVE-2021-21424
- Upgrade to symfony 4.4.24
- Update PHP and JS dependencies
- Fix CVE-2021-21424
- Upgrade to symfony 4.4.23
- Update PHP and JS dependencies
- Typo fixes
- Update dependencies
- Add placeholder for recovery code (Thanks xshadow)
- Limit permissions to set admin role to admin users
- Move mail location and dovecot UID/GID settings to environment variables (Thanks 1resu)
- Show footer on recovery page (Fixes: #141, thanks 1resu)
- Add hint to clear the cache to docs (Thanks 1resu)
- Open homepage link in same window (Thanks 1resu)
- Change username input type in login forms (Thanks 1resu)
- Checkpassword: Don't throw an Exception on missing password
- Always initiate Web Key Directory for new domains
- Improve style of pasted OpenPGP key (Thanks trashcan55)
- Fix verification of invite codes
- Improve OpenPGP key import filter:
- Keep UIDs with valid email address but without realname
- Drop UIDs with invalid email address that have the valid email address in realname
- Fix Munin account stats
- Fix overwriting existing OpenPGP keys
- Upgrade Travis CI for bionic and PHP7.3
- Downgrade
twbs/bootstrapback to 3.3
- Add support to import OpenPGP keys and export them to an OpenPGP Web Key Directory.
- Drop support for PHP 7.1 and 7.2
- Allow to batch delete users (Fixes: #78)
- Update Portugues translation (Thanks Silvério Santos)
- Update dependencies
- Allow mails to be delivered to suspected spammers (Fixes: #212)
- Update to symfony 4.4
- Update translations
- Attempt to fix mail body translation string format (Fixes: #205)
- Add new console command
app:users:deleteto delete users.
- Fix userDB lookups for accounts without mail_crypt when MAIL_CRYPT=3.
- Add French translation (Thanks Nathan Bonnemains)
- Merge
MAIL_CRYPT_*dotenv variables into a single one. Please seeUPGRADING.mdand the documentation for further information. - Update to symfony 4.3.9
- Update Norwegian translation (Thanks Alan Nordhøy)
- Allow to create first domain and account via web frontend (Fixes: #195)
- Automatically create
postmaster@domainfor all domains (Fixes: #111)
- Skip check against HIBP service if unavailable
- Add copy-to-clipboard for aliases (Fixes: #181) (Thanks @jelhan)
- Add Swiss German to supported languages (Thanks wee)
- Update dependencies
- Add manual language switcher (Fixes: #172)
- Add Norwegian Bokmål as available translation
- Block Spammers from authenticating via checkpassword (Fixes: #177)
- Test passwords againt haveibeenpwned database (Fixes: #161)
- Upgrade to symfony 4.3.2
- Improve speed of Vagrant box
- Repair js copying of invite codes (Fixes: #165)
- Several minor language fixes (Thanks to ssantos)
- Start Norwegian translation (Thanks to Allan Nordhøy)
- Switch to PHP-only checkpassword script for security reasons. This eliminates the requirement to setup sudo. See the updated docs for details.
- Delete aliases when deleting user (Fixes: #121)
- Fix error when trying to register deleted username (Fixes: #176)
- Remove link to registration from right navbar
- Update PHP and JS dependecies
- Add org/organisation/... to reserved names
- Update to symfony 4.2.9
- Update PHP and JS dependecies
- Rename ROLE_SUPPORT to ROLE_MULTIPLIER
- Add initial Spanish translation
- Add initial Portuguese translation (Thanks to Bruno Gama)
- Add plural forms of many reserved names
- Update to symfony 4.2.8
- Fix mailcrypt-encrypt-maildir script for paths with whitespaces
- Fix release tarball creation, don't use tar option --transform
- Create release tarball in subdirectory
- Add optional link to webmail (Fixes: #146)
- Update to symfony 4.2.7
- Change default locale setting to 'en'
- Don't resolve symlinks to not break sudo in checkpassword
- New shell script
bin/mailcrypt-encrypt-maildirto encrypt legacy mailboxes - Update to symfony 4.2.4
- Add sudo support to checkpassword script (Fixes: #127)
- Update SecurityController to use AuthenticationUtils
- Add CSRF protection to login forms (Fixes: #95)
- Add column and filter for
hasRecoveryTokenproperty on user in admin list (Fixes: #144) - Export number of users with Recovery Tokens to Munin
- Recovery also works now with email localpart (Fixes: #148)
- Fix release tar balls (Fixes: #150)
- We adopted the code of conduct from Contributor Covenant
- Fix bug in
CryptoSecretHandler::decrypt()that broke recovery token recreation.
- Rename project to Userli (Fixes: #133)
- Add support for Dovecot's MailCrypt plugin. New users automatically get
a MailCrypt key pair generated which is then passed to Dovecot via
checkpassword. (Fixes: #83) - Add support for recovery tokens. New users automatically get a recovery token generated, which can be used to restore their account if the password got lost at a later time. (Fixes: #89, #106, #108)
- Add support for direct registration links with prefilled invite vouchers. (Fixes: #117)
- Move flash messages to upper right corner (Fixes: #129)
- Always display footer when logged in (Fixes: #104)
- Open external links in new window (Fixes: #100)
- Add option to copy link as URL (Fixes: #117)
- Explain purpose of alias addresses (Fixes: #45)
- Remove trailing slash from default URLs
- Adjust database to snake_case. See
UPGRADE.mdon how to adjust an older database. (Fixes: #112) - Add infobox with password policy to password change forms (Fixes: #130)
- Turn autocompletion off for voucher form field at registration (Fixes: #32)
- Started external docs at systemli.github.io/userli
- Update to symfony 4.1.11
- Hide vouchers in secondary domains (Fixes: #110)
- DomainAdmins are only allowed to create Alias in their domain (Fixes: #94)
- Update to symfony 4.1.10
- Add quota to checkpassword (Fixes: #91)
- Add a role for detected spammers (Fixes: #77)
- Split startpage into subpages (Fixes: #43)
- Reverse order of vouchers, display newest vouchers first
- Fix when users updatedTime is updated (Fixes: #71)
- Don't show voucher menu to suspicious users (Fixes: #81)
- Add scripts to automate building and publishing of releases
- Start to list relevant changes in a dedicated changelog file.
- Hide voucher stats from domain admins (Fixes: #72)
- Improve message about custom alias limit (Fixes: #74)
- Fix passing passwords that start with special chars to checkpassword script