e493a59e68
workaround for new dependencies’ API
2022-12-04 16:53:16 +01:00
242b550bd4
global and specific ACL
2017-09-24 12:20:16 +02:00
de20c91871
Limited support for app-logout on SSO-logout
2017-09-22 20:07:02 +02:00
049ad9f48a
Use request_uri instead of uri; internal redirects break the latter
2017-09-19 19:04:42 +02:00
db8724d578
req.var.scheme broken behind a reverse-proxy. Allow the Nginx admin to set "proxy_https" to override "https"
2017-09-19 13:59:06 +02:00
a0d143aad9
Avoid lua error in helpers.lua: for url, name in pairs(conf["users"][user]) do
2017-09-17 18:23:32 +02:00
d1c53a6e1b
Scheme check is broken behind a reverse-proxy; same can be achieved with regular Nginx conf
2017-09-17 18:02:00 +02:00
db9059a55c
let the admin decide how passwords are handled
2017-09-16 19:22:47 +02:00
9b7fee7a1b
[fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926
2017-08-19 04:39:51 +02:00
98b1b53fbf
Merge pull request #87 from YunoHost/hash_algo
...
[fix] Auto-update user password hashes with new algo
2017-08-18 02:42:00 +02:00
d440d06ae7
[fix] be paranoid and prevent shell injections here also while input is supposed to be safe
2017-08-18 02:35:08 +02:00
c8c7fe7fc7
[fix] prevent shell injections
2017-08-18 02:34:46 +02:00
d16f3f81d0
[enh] auto rehash in sha-512 users passwords on login
2017-08-15 11:41:24 +02:00
2ff2fb92f3
[enh] encode password using sha512 on user modification of password
2017-08-15 11:11:35 +02:00
47f01b3f6f
Fixed support for incomplete translations (fallback to default language for missing strings)
2017-08-10 16:31:00 +02:00
50fcc831bf
[mod] comment didn't matched reality
2017-05-27 19:19:48 +02:00
c1a388ccf0
Merge pull request #84 from YunoHost/caching_for_hash
...
[enh] uses caching for hash to avoid heavy recalculation and process spawning
2017-05-23 21:40:30 +02:00
5157415ce3
[fix] remove tabs
2017-05-23 07:26:41 +02:00
76677fab0d
[enh] uses caching for hash to avoid heavy recalculation and process spawning
2017-05-22 23:01:18 +02:00
fc52f05459
Quick fix for CDA security issue
2017-05-18 08:45:20 +02:00
98a6879ab4
[fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems.
2017-05-18 08:40:33 +02:00
2456eda200
[fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore ( #80 )
...
* [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore
* [mod] remove python script and talk directly to openssl
2017-05-18 08:34:36 +02:00
fff95314ce
[fix] Use local variables for cookie's expired_time.
2017-02-28 15:38:46 +01:00
6bd8eb1a90
[fix] Delete cookies on logout.
2017-02-28 15:36:45 +01:00
2eb38d3eaa
[enh] Add 'Secure' flag in cookies.
2017-02-28 15:36:04 +01:00
a2af42144b
[fix] Use 'Expires' instead of 'Max-Age' for every cookie for consistency.
2017-02-28 15:23:40 +01:00
fb99ee2177
Fix HTTP cookie caching
...
- Use "Expires" instead of "Max-Age" when using a cookie date (Max-Age is used with an interval of seconds in the future: https://en.wikipedia.org/wiki/HTTP_cookie#Expires_and_Max-Age )
- Fix cookie dates to be compliant with specifications
Fixes errors with various "picky" clients (for example, Lightroom/Piwigo plugin).
2017-02-28 15:19:28 +01:00
fd3338de99
[fix] Refresh ldap info before loading page that requires it, fixes #633
2017-02-28 11:14:22 +01:00
e7b39d4d29
[fix] Always redirect to portal when calling logout page.
2017-02-23 17:53:17 +01:00
bf24cf5e50
[enh] Use consistent coding convention for function prototype.
2016-04-30 12:40:59 +02:00
648b552297
adding credentials for non-anonymous bind
2016-04-29 14:31:37 +02:00
a46be28b53
[fix] Construct a proper emails array ( fix #39 )
2015-06-30 21:03:20 +02:00
cd85f6b740
[enh] Sort apps alphabeticaly + set app color regarding its name
2015-06-14 13:23:21 +02:00
404fe510d2
[fix] Ensure that configuration is loaded properly when we need it
...
+ lowercase the username
+ do not fail when only oneemail alias is set
2015-06-02 17:05:06 +02:00
8ee3d6b93d
[fix] Get rid of Cookie cache
2015-05-21 16:11:33 +02:00
e15c15812c
[fix] Finally caught this little nasty Cookie setter
2015-05-21 15:29:36 +02:00
f895e02986
[fix] Do not declare cookies as global variables
2015-05-16 21:03:06 +02:00
0ebddc079a
[fix] Load libraries locally to avoid caching
2015-05-16 09:42:26 +02:00
8953860017
[fix] Efficiently generate random strings
2015-04-30 15:16:51 +02:00
f5bd2dcc2b
[fix] escape minus character to avoid interpretation as range
...
Fixes #36
2015-03-31 11:29:45 +02:00
b9b6d09769
[fix] Prevent adding the same cookie again and again.
2015-02-18 14:35:13 +01:00
1d44e53f7b
[fix] Allow special characters in email adresses ( fix #33 )
2015-02-16 16:42:06 +01:00
cf78b8929d
[enh] Consider new gTLDs in email regex using Lrexlib
2015-02-15 22:31:20 +01:00
2a9769f7d9
[fix] Load modules as proper modules + typo
2015-02-15 13:03:01 +01:00
35e69a1bf2
[fix] Separate files properly
2015-02-12 12:08:52 +01:00
84015149b9
[enh] Separate configuration file loading to a new file and document it
2015-02-02 00:05:09 +01:00
3fbb7d6d0e
[enh] Separate helpers to helpers.coffee
2015-02-01 15:04:36 +01:00
Yves G