Access control is done via normal api credentials.
See README.md for details.
Adds an optional dependency on python3-prometheus-client.

With this feature, uffd can be configured to hide mail addresses of users
from certain services while still allowing the services to send mails to the
users.

To these services uffd returns special remailer addresses instead of the real
mail addresses. When a service sends an email to a remailer address the mail
server queries uffd's API and replaces the remailer address with the real mail
address in both envelope and headers.

This feature requires additional mail server configuration (Postfix
canonical_maps) and support in uffd-socketmapd.

Added guard to first v2 migration in order to prevent accidental upgrades.
Extended the upgrade instructions and moved them from the README to a
standalone file.

The command replaces all existing mechanisms for deleting expired objects. It
should run at least daily. The Debian package includes a corresponding cron
job.

Ratelimit events now use UTC timestamps instead of localtime. On upgrade all
past ratelimit events are cleared.

Argon2 is a modern password hashing algorithm. It is significantly more secure
than the previous algorithm (salted SHA512). User logins with Argon2 are
relativly slow and cause significant spikes in CPU and memory (100MB) usage.

Existing passwords are gradually migrated to Argon2 on login.

CONFIG_FILENAME works relative to the app's instance path. While (strictly
speaking) CONFIG_FILENAME is named correctly, it is not really obvious that
it should be set to an instance-relative filename instead of a path. The
current uwsgi.ini file illustrates this problem.

Not having a way to specify an absolute config file path is a problem for
the Debian package: The actual config file /etc/uffd/uffd.cfg must be
symlinked to /usr/share/uffd/instance/config.cfg to be found. Setting
CONFIG_PATH to "/etc/uffd/uffd.cfg" simplifies this.

Since this change is part of a new major release, we can drop
CONFIG_FILENAME in favour of CONFIG_PATH.

The script generated a broken changelog if the current commit is tagged as
a release. That works now.

Additional improvements:
* Merge commits are ignored
* "^fixup!" commits are ignored
* Commit summaries are line-wrapped
* Authors can be merged by manually supplied name mapping
* The first release also includes a list of commits. They were originally
  excluded because the first release contains so many commits, including
  many unclean ones. But excluding those commits also means excluding the
  attribution, so it is not really an option.
* Authors are ordered by the number of their contributions in a release
  to make occasional contributors more visible.

Previously CHANGELOG had to be updated manually. This was done by downloading
the output of a CI job that used listed commits since the last release. This
made releasing a bit more complicated and led to uselsess release commits.

Now a script creates the full debian/changelog with all versions based on
git tags and git commits.

* Removal of ldapalchemy and LDAP mocking support
* Removal of dependency on ldap3 (except for the migration)
* Remaining "LDAP_<name>" config keys are renamed to "<name>"
* Web interface to create, edit and delete groups
* Consistent foreign key, cascading and nullable configuration on all models
* User/Group.dn is replaced with numeric User/Group.id
* User.uid is renamed to User.unix_uid (to differentiate with new User.id)
* Group.gid is renamed to Group.unix_gid (to differentiate with new Group.id)
* All User/Group/Mail related routes now use the database ids instead of uid/gid/dn
* PasswordToken/MailToken now reference users directly instead of storing loginnames

The database migration (optionally) uses the v1 config keys to connect to
an LDAP server and to import all users, groups and mail forwardings.

Use runuser instead of su, as su does not really support multiple arguments to -c

Fixes #112

Also fixed architecture of Debian packages.

Co-authored-by: nd <nd@cccv.de>

This was forgotten in 45d4598e.

sistason authored 3 years ago and Julian committed 3 years ago

This changes config key "LOGINNAME_BLACKLIST" to "LOGINNAME_BLOCKLIST".