todo.sr.ht

~mfashby

#162 Log failed authentication attempts 1 year, 1 day ago

Ticket created by ~mfashby on ~migadu/alps

So that e.g. fail2ban can be configured to block users who are attempting credentials stuffing.

This could also be handled at the IMAP server, however alps is running on the same host, and it's not desirable to rate-limit connections from localhost.

Simply logging the failed login attempts with a clear pattern and the connecting user's IP allows a fail2ban rule to be added which offers some protection from this kind of abuse.

#150 IMAP Error after sending mail 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

I still haven't quite figured this out. The error message is coming from the server, which means it thinks we're sending an invalid command, I think. The command looks fine to me though,

It's worth noting this is only happening for a server running dovecot. I'm using alps on two mail servers, one with dovecot version 1:2.3.4.1-5+deb10u6 and another running maddy version v0.4.4 and this error is only occurring on the former.

If it's not very harmful for performance, I might submit a patch with this workaround. The downside will be a few more SELECT commands issued.

#150 IMAP Error after sending mail 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

There's some kind of internal state causing this. If I restart alps, the problem goes away (and I can see the sent message) I experimented a little, and found the following change to fix the bug, but I'm not totally sure why it works:

diff --git a/plugins/base/imap.go b/plugins/base/imap.go
index 64b3164..089a374 100644
--- a/plugins/base/imap.go
+++ b/plugins/base/imap.go
@@ -151,12 +151,12 @@ func getMailboxByType(conn *imapclient.Client, mboxType mailboxType) (*MailboxIn
 }

 func ensureMailboxSelected(conn *imapclient.Client, mboxName string) error {
-       mbox := conn.Mailbox()
-       if mbox == nil || mbox.Name != mboxName {
+       // mbox := conn.Mailbox()
+       //if mbox == nil || mbox.Name != mboxName {
                if _, err := conn.Select(mboxName, false); err != nil {
                        return fmt.Errorf("failed to select mailbox: %v", err)
                }
-       }
+       //}
        return nil
 }

#154 Alps theme crashes when common mailboxes are missing 1 year, 8 months ago

Ticket created by ~mfashby on ~migadu/alps

To reproduce:

have an IMAP account missing a common folder, e.g. Trash

use sourcehut with the 'alps' theme configured

Expected behaviour:

mailbox page renders correctly

Actual behaviour:

mailbox page crashes

This is happening because there is an assumption built into themes/alps/util.html that all the common mailboxes are present. Some mail servers (maddy.email in this case) do not automatically include a Trash folder.

#153 login-key doesn't preserve logins over restart 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

Closing; this works as expected and I've submitted a patch to clarify the documentation (thanks for accepting)

I'll open separate tickets for subsequent issues.

REPORTED RESOLVED FIXED

#153 login-key doesn't preserve logins over restart 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

I thought it might be the reverse proxy, but it's much simpler than that:

The loginToken cookie is only set if the 'remember me' checkbox is ticked on the login page. This checkbox is only present in the 'alps' theme, not the base or sourcehut themes.

It should probably be added to those themes I guess.

Separately, the alps theme crashes when it tries to load my inbox, but another issue should be raised for that probably.

#153 login-key doesn't preserve logins over restart 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

I added some logging, seems the cookie is getting lost somehow. Logging:

@@ -315,6 +315,11 @@ func (ctx *Context) SetLoginToken(username, password string) {
 func (ctx *Context) GetLoginToken() (string, string) {
        cookie, err := ctx.Cookie(loginTokenCookieName)
        if err != nil || cookie == nil {
+               if err != nil {
+                       log.Println(err)
+               } else {
+                       log.Println("cookie is null")
+               }
                return "", ""
        }

Result:

⇨ http server started on 0.0.0.0:1323
2021/07/04 14:07:47 http: named cookie not present

#153 login-key doesn't preserve logins over restart 1 year, 8 months ago

Comment by ~mfashby on ~migadu/alps

Turned debug logging on and tried again, nothing interesting I can see.

2021-07-04T13:56:32Z - Configured upstream IMAP server: <mail server>
2021-07-04T13:56:32Z - Configured upstream SMTP server: <mail server>
2021-07-04T13:56:32Z - Loaded plugin "base"
2021-07-04T13:56:32Z - Loaded plugin "viewhtml"
2021-07-04T13:56:32Z - Loaded plugin "viewtext"
2021-07-04T13:56:32Z - Loading theme "alps"
2021-07-04T13:56:32Z - Loading theme "sourcehut"
⇨ http server started on 0.0.0.0:1323
2021-07-04T13:56:35Z method=GET, uri=/login?next=%2Fmailbox%2FINBOX, status=200

Will do some more digging.

#153 login-key doesn't preserve logins over restart 1 year, 8 months ago

Ticket created by ~mfashby on ~migadu/alps

Steps to reproduce:

Generate a key for the -login-key option. I've submitted a patch to add documentation here (https://lists.sr.ht/~migadu/alps-devel/patches/23601)

Start alps using the -login-key option.

Login in my browser.

Restart alps ensuring the same -login-key is specified.

Reload the page in my browser.

Expected behaviour:

Page loads and I'm still logged in.

Actual behaviour:

I am redirected to the login screen.

Notes: Since this option appears to be undocumented, perhaps it simply isn't finished and tested yet. I can do some further investigation later.

#150 IMAP Error after sending mail 2 years ago

Comment by ~mfashby on ~migadu/alps

Sure! Here's the output

Testing!
--c45ca1d3d95e1241471edb400a1612a217e01e3784049836d59b3e795705--

5hYANQ OK [APPENDUID 1223931916 1094] Append completed (0.051 + 0.000 + 0.050 secs).
2020-11-30T22:24:48Z method=POST, uri=/compose, status=302
6otHUQ GETMETADATA "" ("/private/vendor/alps/base.settings")
* METADATA "" (/private/vendor/alps/base.settings NIL)
6otHUQ OK Getmetadata completed (0.001 + 0.000 secs).
wXr5rQ LIST "" "*"
* LIST (\NoInferiors \UnMarked) "/" Receipts
* LIST (\NoInferiors \UnMarked) "/" Archive
* LIST (\NoInferiors \UnMarked) "/" "Archive 20130323"
* LIST (\NoInferiors \UnMarked) "/" "Archive 20170919"
* LIST (\NoInferiors \UnMarked) "/" Keys
* LIST (\NoInferiors \UnMarked) "/" "Archive 20111203"
* LIST (\NoInferiors \Drafts) "/" Drafts
* LIST (\NoInferiors \UnMarked) "/" "Archive 20110915"
* LIST (\NoInferiors \UnMarked) "/" house
* LIST (\NoInferiors \UnMarked) "/" Archives
* LIST (\NoInferiors \UnMarked) "/" Bookings
* LIST (\NoInferiors \UnMarked) "/" "Archive 20140106"
* LIST (\NoInferiors \Junk) "/" Junk
* LIST (\NoInferiors \UnMarked) "/" "Archive 20110322"
* LIST (\NoInferiors \UnMarked) "/" Spam
* LIST (\NoInferiors \Marked \Sent) "/" Sent
* LIST (\NoInferiors \Trash) "/" Trash
* LIST (\Noselect \HasChildren) "/" Shared
* LIST (\HasNoChildren \UnMarked) "/" Shared/Genealogy
* LIST (\HasNoChildren) "/" Shared/Addresses
* LIST (\HasNoChildren) "/" INBOX
wXr5rQ OK List completed (0.001 + 0.000 secs).
Oln9BA STATUS INBOX (MESSAGES UIDVALIDITY UNSEEN)
* STATUS INBOX (MESSAGES 11 UIDVALIDITY 1223931848 UNSEEN 2)
Oln9BA OK [CLIENTBUG] Status on selected mailbox completed (0.001 + 0.000 secs).
-Gs3CA GETMETADATA "" ("/private/vendor/alps/base.settings")
* METADATA "" (/private/vendor/alps/base.settings NIL)
-Gs3CA OK Getmetadata completed (0.001 + 0.000 secs).
5u6iBA FETCH 1:11 (FLAGS ENVELOPE UID BODYSTRUCTURE)
5u6iBA BAD Error in IMAP command FETCH: Invalid messageset (0.001 + 0.000 secs).
2020-11-30T22:24:48Z ERROR failed to fetch message list: Error in IMAP command FETCH: Invalid messageset (0.001 + 0.000 secs).
2020-11-30T22:24:48Z method=GET, uri=/mailbox/INBOX, status=500

It seems like that last FETCH command is problematic, but I'm not sure why

5u6iBA FETCH 1:11 (FLAGS ENVELOPE UID BODYSTRUCTURE)