Add changelog, remove SRP session after 5 failed logins, tweak email text.
This commit is contained in:
Bruno Bernardino
parent
df18e71e6a
commit
e0933dbfc1
42
CHANGELOG.md
42
CHANGELOG.md
|
|
@ -6,40 +6,16 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
|
|||
and this project adheres to
|
||||
[Semantic Versioning](http://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 3.1.2
|
||||
## 4.1.0
|
||||
|
||||
- Fixes bug that caused values from previously created vault item to be
|
||||
pre-filled when creating the next item.
|
||||
- Fixes attachment previews on Android
|
||||
- (feature): Account activity email notifications!
|
||||
|
||||
## 3.1.1
|
||||
You will now receive email notifications when there's been 5 failed login
|
||||
attempts, and another when there's been a successful login from a new or
|
||||
untrusted device. You can disable these from your security settings.
|
||||
|
||||
- Fixes various bugs related to shared vault syncing and billing.
|
||||
## 4.0.0
|
||||
|
||||
## 3.1.0
|
||||
|
||||
### New Stuff & Improvements
|
||||
|
||||
- Improved flow for creating a vault item
|
||||
- If a vault filter is active, preselect that vault during vault item creation
|
||||
- Prefill field names with sensible default when adding new field
|
||||
- Automated account migration if legacy account is detected during
|
||||
login/signup
|
||||
- "Login" vault item template is now called "Website / App"
|
||||
- Added new vault item template "Computer"
|
||||
- [DESKTOP] Ctrl/cmd + Shift + F to search all items (resetting any active
|
||||
filters)
|
||||
- [ANDROID] Allow reordering fields via drag and drop on Android
|
||||
- [SERVER] Option to enable secure connection when sending emails, enabled via
|
||||
`PL_EMAIL_SECURE` environment variable
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
- Sometimes the app would show a blank screen directly after unlocking.
|
||||
- Changes made to a vault item directly after creating it would sometimes be
|
||||
discarded.
|
||||
|
||||
## 3.0.0
|
||||
|
||||
Initial release of Padloc 3 (changes before 3.0.0 are not included in this
|
||||
change log).
|
||||
Initial release of Padloc 4 (changes before 4.0.0 are not included in this
|
||||
change log), though
|
||||
[some can be seen in this commit](https://github.com/padloc/padloc/blob/12b027b37ccf123b15a066e4715354f4cf080384/CHANGELOG.md).
|
||||
|
|
|
|||
|
|
@ -233,6 +233,18 @@
|
|||
Note that if this happened on a trusted device, it was already
|
||||
removed from the trusted devices list, automatically.
|
||||
</p>
|
||||
|
||||
<p
|
||||
style="
|
||||
font-family: sans-serif;
|
||||
font-size: 14px;
|
||||
font-weight: normal;
|
||||
margin: 0;
|
||||
margin-bottom: 15px;
|
||||
"
|
||||
>
|
||||
Have a great day!
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -6,4 +6,6 @@ If this was you, there's no action necessary, otherwise you might want to make s
|
|||
|
||||
Note that if this happened on a trusted device, it was already removed from the trusted devices list, automatically.
|
||||
|
||||
Have a great day!
|
||||
|
||||
This email was sent to you by Padloc (https://padloc.app). If you have any questions, please don't hesitate to contact us at support@padloc.app!
|
||||
|
|
|
|||
|
|
@ -220,6 +220,18 @@
|
|||
to remove potentially compromised devices from your trusted list
|
||||
inside the app.
|
||||
</p>
|
||||
|
||||
<p
|
||||
style="
|
||||
font-family: sans-serif;
|
||||
font-size: 14px;
|
||||
font-weight: normal;
|
||||
margin: 0;
|
||||
margin-bottom: 15px;
|
||||
"
|
||||
>
|
||||
Have a great day!
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -4,4 +4,6 @@ This is just an email to warn you that there was a new successful login to your
|
|||
|
||||
If this was you, there's no action necessary, otherwise you might want to make sure your trusted devices haven't been compromised, or to remove potentially compromised devices from your trusted list inside the app.
|
||||
|
||||
Have a great day!
|
||||
|
||||
This email was sent to you by Padloc (https://padloc.app). If you have any questions, please don't hesitate to contact us at support@padloc.app!
|
||||
|
|
|
|||
|
|
@ -599,7 +599,6 @@ export class Controller extends API {
|
|||
if (!(await getCryptoProvider().timingSafeEqual(M, srp.M1!))) {
|
||||
this.log("account.createSession", { success: false });
|
||||
++srpState.failedAttempts;
|
||||
await this.storage.save(auth);
|
||||
if (srpState.failedAttempts >= 5) {
|
||||
if (this.context.device) {
|
||||
try {
|
||||
|
|
@ -607,6 +606,10 @@ export class Controller extends API {
|
|||
} catch (e) {}
|
||||
}
|
||||
|
||||
// Delete pending SRP context
|
||||
auth.srpSessions = auth.srpSessions.filter((s) => s.id !== srpState.id);
|
||||
await this.storage.save(auth);
|
||||
|
||||
if (acc.settings.notifications.failedLoginAttempts) {
|
||||
try {
|
||||
const location = this._buildLocationAndDeviceString(this.context.location, this.context.device);
|
||||
|
|
@ -614,7 +617,11 @@ export class Controller extends API {
|
|||
this.messenger.send(acc.email, new FailedLoginAttemptMessage({ location }));
|
||||
} catch (e) {}
|
||||
}
|
||||
} else {
|
||||
// Saves the updated failed attempts
|
||||
await this.storage.save(auth);
|
||||
}
|
||||
|
||||
throw new Err(ErrorCode.INVALID_CREDENTIALS);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue