Jeremy Lin 88bea44dd8 Prevent user enumeration via password hints ...

When `show_password_hint` is enabled but mail is not configured, the previous
implementation returned a differentiable response for non-existent email
addresses.

Even if mail is enabled, there is a timing side channel since mail is sent
synchronously. Add a randomized sleep to mitigate this somewhat.

2021-07-10 01:21:27 -07:00

..

two_factor

Load RSA keys as pem format directly, and using openssl crate, backported from async branch

2021-06-25 20:53:26 +02:00

accounts.rs

Prevent user enumeration via password hints

2021-07-10 01:21:27 -07:00

ciphers.rs

Avoid Error parsing LastKnownRevisionDate warning for mobile clients

2021-06-19 21:32:11 -07:00

folders.rs

Modify rustfmt file

2021-04-06 21:54:42 +01:00

mod.rs

Remove unused lifetime and double referencing

2021-06-26 13:35:09 +02:00

organizations.rs

Fix clippy lints

2021-06-19 22:02:03 +02:00

sends.rs

Add token with short expiration time to send url

2021-06-25 20:53:26 +02:00