1. 22 Nov, 2022 1 commit
  2. 13 Nov, 2022 2 commits
  3. 08 Nov, 2022 1 commit
  4. 06 Nov, 2022 1 commit
    • Julian's avatar
      Add per-service setting for testing remailer · 05f68ec8
      Julian authored
      This setting is more flexible than the existing REMAILER_LIMIT_TO_USERS config
      option. The config option is therefore deprecated and will be removed in the
      next major version.
  5. 04 Nov, 2022 2 commits
    • Julian's avatar
      Cleanup CI tests · b5c27f1c
      Julian authored
      Turns check_migrations.py into a normal test case. Speeds up pipeline by
      making html5validator use the artifacts from tests:buster:sqlite instead of
      running the tests on its own.
    • Julian's avatar
      Force charset/collation on MariaDB and enable CI tests · 91ba4a6f
      Julian authored
      Uffd now requires that MariaDB databases have utf8mb4 charset and
      utf8mb4_nopad_bin collation. The collation was chosen for consistency with
      SQLite's BINARY collation.
  6. 03 Nov, 2022 1 commit
    • Julian's avatar
      New UID/GID allocation approach · 53c06069
      Julian authored
      Previously Unix UIDs/GIDs were allocated by using the highest used ID + 1.
      This caused ID reuse when the newest user/group was deleted. In addition, the
      implementation did not work on MariaDB (at all, it was not possible to create
      The new approach accounts for all IDs ever used regardless of whether or not
      users/groups are deleted. It always allocates the lowest ID in the configured
      range that was never used.
      Aside from the different allocation algorithm, this change introduces a
      generic locking mechanism and prerequisites for testing migration scripts.
  7. 25 Oct, 2022 1 commit
    • Julian's avatar
      Unique email addresses · 620cf9ab
      Julian authored
      Enforces uniqueness of (verified) email addresses across all users. Email
      addresses are compared case-insensitivly and Unicode-normalized. The new
      unique constraints are disabled by default and can be enabled with a CLI
      command. They are planned to become mandatory in uffd v3.
      A lot of software does not allow multiple users to share the same email
      address. This change prevents problems with such software.
      To enable this feature run the command:
        uffd-admin unique-email-addresses enable
      The commands reports any issues (e.g. existing duplicate addresses) that
      prevent enabling the feature.
      This change also introduces a generic mechanism to store feature flags in the
      database and improves error handling for login name constraint violations.
  8. 24 Oct, 2022 2 commits
    • Julian's avatar
      Run CI tests and build jobs simultaneously · 17b10ae9
      Julian authored
    • Julian's avatar
      Fix CI regression from 0bd26ee8 (Restructure tests) · 8261b723
      Julian authored
      0bd26ee8 added __init__.py files to the tests subdirectory. This had two
      unwanted side-effects:
      1. setuptools.find_packages() recognised the tests as a package, so they were
         included in the pip and Debian packages.
      2. The Debian package build process with dh_python automatically runs tests
         with unittest. Unittest's test discovery (in contrast to pytest) only works
         if __init__.py files exist, so this step did not do anything in the past.
         Now, failing tests caused the whole CI pipeline to fail very early without
         the helpful information provided by later stages.
      This change disables running any tests during the Debian package build. It also
      explicitly sets the package list to "uffd".
  9. 22 Oct, 2022 1 commit
    • Julian's avatar
      Restructure tests · 0bd26ee8
      Julian authored
      Restructure tests into views/models/commands subdirectories to mirror the new
      source tree structure introduced with ac731bf4 (Restructure source tree).
  10. 20 Oct, 2022 1 commit
    • Julian's avatar
      Remailer address format v2 · 879a04c5
      Julian authored
      Deprecates old case-sensitive format. Some software out there stores email
      addresses converted to lower case, breaking v1 remailer addresses. The new
      format is case-insensitive and generally more robust.
      Uffd continues to use and support the v1 format for services setup before
      this change. Support for the old format is planned to be remove in uffd v3.
      It is possbile to gradually migrate services to the new format with a service
      setting in the admin interface.
      Also fixes compatability issue with very recent SQLAlchemy versions introduced
      by b391e176 (whens parameter of case function).
  11. 19 Oct, 2022 1 commit
    • Julian's avatar
      Per-service email preferences · b391e176
      Julian authored
      Also fixes a minor email-related bug in the admin interface and bad
      texts/translations in the selfservice UI.
  12. 28 Aug, 2022 2 commits
  13. 27 Aug, 2022 1 commit
    • nd's avatar
      Add prometheus metric endpoint at /metrics · 76dbf7b0
      nd authored
      Access control is done via normal api credentials.
      See README.md for details.
      Adds an optional dependency on python3-prometheus-client.
  14. 22 Aug, 2022 1 commit
    • Julian's avatar
      Introduce ServiceUser · 6337c591
      Julian authored
      Preperation for future features that require per-service user settings
      or state, e.g. stateful sync or service-specific email settings.
      The additional JOIN of ServiceUser degrades getusers API performance
      by 30-50%. For API calls that return many users, this is compensated by
      an otherwise unrelated optimization (selectinload instead of joinedload).
  15. 19 Aug, 2022 1 commit
    • Julian's avatar
      Use UTC internally · ffcec8a4
      Julian authored
      Convert DateTime fields to UTC, use "utcnow" instead of "now" and use
      babel helper/filter when dates/times are displayed or parsed from user
      Uffd continues to use the system's timezone in the user interface by
      default.  However, it is now possible to overwrite this with the
      BABEL_DEFAULT_TIMEZONE config option.
  16. 15 Aug, 2022 2 commits
    • Julian's avatar
      Cleanup CI tests and LDAP remnants · 3f82ec74
      Julian authored
      Unittest jobs now fail if any test fails. Unittests on Bullseye no longer
      fail due to jinja2 import errors. Linter jobs run faster.
    • Julian's avatar
      Restructure source tree · ac731bf4
      Julian authored
      Move all models, views, cli commands and templates into corresponding
      top-level folders. Detailed changes:
      - uffd/<NAME>/models.py -> uffd/models/<NAME>.py
      - uffd/<NAME>/cli.py -> uffd/commands/<NAME>.py
      - uffd/<NAME>/views.py -> uffd/views/<NAME>.py
      - uffd/<NAME>/templates/* -> uffd/templates/
      - uffd/ratelimit.py -> uffd/models/ratelimit.py (it contains models)
      - gendevcert from uffd/__init__.py -> uffd/commands/gendevcert.py
      - profile from uffd/__init__.py -> uffd/commands/profile.py
      - cleanup from uffd/tasks.py -> uffd/commands/cleanup.py
      - roles-update-all from uffd/role/views.py -> uffd/commands/...
      - Views from uffd/__init__.py -> uffd/views/__init__.py
      - All models can/should be imported from uffd.models
      - flask shell auto-imports all models instead of only a few
      The old structure was meant to keep the code modular and related
      code/resources close to each other. However, the modules turned out to
      be heavily interdependent and not very modular. Also importing was fragile
      due to ordering issues.
      With the new structure the dependency tree is much simpler: Infrastructure
      code (top-level *.py files) has no internal dependencies. Models only
      depend on infrastructure and other models. Views and cli commands depend
      on infrastructure, models and other views/commands.
      Going forward there is still some restructuring to do, e.g.:
      - Move mfa setup views to selfservice views
      - Move mfa auth views to session views
      - Move utility code from views to infrastructure (e.g. login_required)
      - In most cases views should not need to import from other views
      - Reorganize infrastructure code
  17. 14 Aug, 2022 3 commits
  18. 19 Jul, 2022 2 commits
  19. 27 Jun, 2022 1 commit
  20. 21 Jun, 2022 1 commit
  21. 15 Jun, 2022 1 commit
  22. 24 May, 2022 1 commit
  23. 25 Apr, 2022 1 commit
    • Julian's avatar
      Remailer support · 10e37c17
      Julian authored
      With this feature, uffd can be configured to hide mail addresses of users
      from certain services while still allowing the services to send mails to the
      To these services uffd returns special remailer addresses instead of the real
      mail addresses. When a service sends an email to a remailer address the mail
      server queries uffd's API and replaces the remailer address with the real mail
      address in both envelope and headers.
      This feature requires additional mail server configuration (Postfix
      canonical_maps) and support in uffd-socketmapd.
  24. 22 Apr, 2022 2 commits
  25. 20 Apr, 2022 1 commit
    • Julian's avatar
      Fix "new invite" form resetting on error · bfd759bd
      Julian authored
      When the "new invite" page was submitted with e.g. an invalid "Valid Until"
      value, uffd displayed an error and reset the whole form. This was confusing
      to users.
      Now the form content is preserved on errors. Also the "Valid Until" field now
      has min/max attributes to prevent submitting the form with invalid values.
      Fixes #134
  26. 02 Apr, 2022 1 commit
  27. 29 Mar, 2022 1 commit
  28. 28 Mar, 2022 1 commit
  29. 24 Mar, 2022 1 commit
  30. 23 Mar, 2022 1 commit
  31. 22 Mar, 2022 1 commit