No description

Pierre-Olivier Mercier 9870fa7831 fix(security): use crypto/rand for alias prefix generation ... Replace math/rand.Intn with crypto/rand for generating random alias prefixes. While aliases are not security tokens, using a CSPRNG ensures consistent use of cryptographically secure randomness throughout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-03-06 15:30:48 +07:00
static	fix(security): redesign password reset tokens using crypto/rand with server-side storage	2026-03-06 15:30:48 +07:00
.drone.yml	Replace bindata by embed	2024-05-31 15:52:25 +02:00
.gitignore	chldapasswd is now a go module	2021-02-03 15:16:19 +01:00
addy.go	fix(security): use crypto/rand for alias prefix generation	2026-03-06 15:30:48 +07:00
change.go	fix(security): add per-IP rate limiting to all authentication endpoints	2026-03-06 15:30:48 +07:00
csrf.go	fix(security): redesign password reset tokens using crypto/rand with server-side storage	2026-03-06 15:30:48 +07:00
Dockerfile	Replace bindata by embed	2024-05-31 15:52:25 +02:00
go.mod	chore(deps): update dependency go to v1.26.0	2026-03-06 15:30:48 +07:00
go.sum	chore(deps): update module github.com/go-ldap/ldap/v3 to v3.4.12	2026-03-06 15:30:48 +07:00
ldap.go	fix(security): redesign password reset tokens using crypto/rand with server-side storage	2026-03-06 15:30:48 +07:00
login.go	fix(security): require configurable secret for X-Special-Auth docker registry bypass	2026-03-06 15:30:48 +07:00
lost.go	fix(security): add per-IP rate limiting to all authentication endpoints	2026-03-06 15:30:48 +07:00
main.go	fix(security): enforce domain allowlist for email alias creation	2026-03-06 15:30:48 +07:00
ratelimit.go	fix(security): add per-IP rate limiting to all authentication endpoints	2026-03-06 15:30:48 +07:00
renovate.json	Add renovate.json	2021-08-03 09:02:00 +00:00
reset.go	fix(security): add per-IP rate limiting to all authentication endpoints	2026-03-06 15:30:48 +07:00
static.go	fix(security): add HTTP security headers middleware	2026-03-06 15:30:48 +07:00