| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Previously we'd generate links for each individual email, when clicking
the link on the emails. This generates a huge number of URLs that
contain basically the same thing, which has an adverse effect on both
caching and (stupid) bots. So round it off to even days which puts at
least some level of a cap on it.
Also, when a hit comes in that specifies the full hour, redirect it back
to the rounded-off value.
|
|
This makes a tiny javascript run to convert it into a POST and then
receive that POST. The idea behind this is to remove the links from view
of crawlers (hello AI bots!) that completely ignore robots.txt, causing
lots of redirect chains on account of logins.
We still allow GET requests on those endpoints, as there are external
links pointing to them as well as people having scripts. But those are
at least to fewer emails than all.
|
|
At least GMail will show the Message-ID including the < > characters.
|
|
|
|
This was missed when pgweb@8b420bfd4 was added.
Reported-by: Sehrope Sarkuni <sehrope@jackdb.com>
|
|
|
|
When an attachment is downloaded, add the http header
X-attached-to-message with the message-id of the message that the
attachment belongs to.
|
|
|
|
We're supposed to feed django bytes, and by feeding it a string it got
converted bytes->string by the mail end and then string->bytes by
django. Which promptly blew up on bad encodings. By keeping it as bytes
all the way, the problem is ignored.
|
|
Too many browsers have changed the wrong way and doesn't actually prompt
people properly, which means they try to log in with a bunch of random
things, none of them being "archives/antispam". So instead, send them
off to do a community login, now that we have support for this (which
was added when we added message re-sending).
If the request comes in with the authentication header already on it and
it being a valid archives/antispam combination, keep allowing that so we
don't break scripts and plugins that we don't have to break.
|
|
Add the required authentication backend configuration and include an
example for how to set up the pgauth plugin.
|
|
Search forms currently point to the hardcoded address of www.postgresql.org.
Add a parameter in the settings to make it possible to configure the domain
hosting the /search/ function.
Originally from Célestin Matte, but in the end not his patch
|
|
|
|
|
|
Allows the use of IP ranges in CIDR format in the SEARCH_CLIENTS
parameter. Individual addresses can still be specified and continue to
work like before.
|
|
Back in 2018, commit 4d159ca accidentally included unrelated
functionality which was not completed. This causes the database to be
out of sync with the models defined in the code.
This commit reverts those parts that were not supposed to be included
and leaves the changes that actually were. The code can be re-added once
completed...
Spotted by Célestin Matte
|
|
The lack of this would result in a 404 for any users who clicked a
resend link when (1) they were not logged in, and (2) the messageid
cotnained a plus character. This would then end up getting unescaped
one too many times in the authentication flow and came out as a space on
the other end instead of a plus.
Reported by Justin Pryzby (and several others, but Justin was persistant
in tracking down good examples)
|
|
When suggesting which lists people should use first, we should use the
recommended name for the list.
|
|
Without the proper quoting, having a + sign in a message-id would get
unquoted to a space before sending the user off to the community
authentication, which in turn would then redirect back to the incorrect
url.
Reported by Noah Misch
|
|
The specification is a bit unclear on which it should be and completely
unclear about what should go in the field, but at least it seems most
implementations use article:author rather than og:article:author, so try
changing it.
Also change og:published_time to be article:published_time.
|
|
This makes for nicer "previews" on for example twitter when posting
links.
Suggested by Andres Freund
|
|
This includes support for receiving updates through the push api.
|
|
|
|
|
|
|
|
Rename title above Tips to be about Tips, add paragraph talking about
how to Unsubscribe.
|
|
This was pointing to the Wiki page, which was pointing to
a different page on .org
|
|
If the next URL contained a + django would helpfully change that into a
space, which broke things further down the chain. So put back this
escaping, in the hope that the redirect will be correct down the road.
This fixes is for spaces, let's hope it doesn't instead break it for
something else.
|
|
It seems older django implicitly added a bytes() around bytea fields
returned from psycopg2. The actual change happened around the python3
move, but django painted over the differences so we didn't realize it
needed to be changed.
|
|
|
|
|
|
|
|
|
|
This page just says the resend has completed, but a user having the
messageid but subscribed to a *different* list on the same server could
leak the existance of the email.
|
|
|
|
|
|
Now that we use xkey for purging, no need to keep the old headers
around.
|
|
The way it was done ended up defeaeting the service sending things right
away for people who did *not* violate the rate limit.
So instead, keep track of exactly when the last email was sent for each
user, and rate-limit based on that.
|
|
Per-user limit that says how many seconds must go between each email.
Outgoing emails are also delayed by this much (or we'd miss it)
|
|
To the same user, that is.
|
|
|
|
For hidden archives, it makes sense to require a subscription in order
to be allowed to log in. But for public archives, any user should be
able to log in to request a re-send of a message.
|
|
This allows the authentication to work even when used behind a varnish
proxy that eats all other URLs than those directly to the archives.
To make use of this, LOGIN_URL must also be changed to point to
/list/_auth/accounts/login/, and the entry in the community
authentication system must point to /list/_auth/auth_receive/.
|
|
Instead of just our own x-pglm and x-pgthread, add specific xkey
headers. These are used by our Varnish frontends to purge more
efficiently.
For the time being, leave the older headers in place -- we need to have
the entire contents of the cache containing xkey headers before we can
start using xkey for purging, and only once that is done we will be able to
remove the non-xkey headers.
|
|
This allows a logged-in user to get an email delivered to their mailbox,
thereby making it easy to reply to even if they haven't got it already
(and don't have a MUA capable of handling mbox files).
The email body will go out unmodified (including any list headers that
are stored in the archives, but this does not include for example the
unsubscribe link). Envelope sender is set to one configured in the ini
file, and envelope recipient is set to the email address of the user.
|
|
Missed in py3 migration
|
|
We already did that check in the list of emails, but not on the
individual email.
|
|
Previous commit forgot to move the rules for attachment up, which
basically broke them. Oops.
In passing also fix for legacy redirects, though they're not really in
use anymore.
|
|
Our URL patterns assumed that there would never be a slash in a
messageid. It's been extremely uncommon, so this case has been missed
before, but now it turns out GitHub have started doing that with their
commit messages so it becomes more common.
|
