yves
/
SSOwat
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
333 Commits
2 Branches
0 Tags
1.2 MiB
Commit Graph

333 Commits (de20c9187111eb1f21abce31891681339ec9a165)

Author SHA1 Message Date
Y de20c91871 Limited support for app-logout on SSO-logout 2017-09-22 20:07:02 +02:00
Yves G 049ad9f48a Use request_uri instead of uri; internal redirects break the latter 2017-09-19 19:04:42 +02:00
Yves G db8724d578 req.var.scheme broken behind a reverse-proxy. Allow the Nginx admin to set "proxy_https" to override "https" 2017-09-19 13:59:06 +02:00
Y a0d143aad9 Avoid lua error in helpers.lua: for url, name in pairs(conf["users"][user]) do 2017-09-17 18:23:32 +02:00
Y 1d3ee78cba Avoid lua error in helpers.lua: for k, v in pairs(conf["additional_headers"]) do 2017-09-17 18:18:46 +02:00
Y d1c53a6e1b Scheme check is broken behind a reverse-proxy; same can be achieved with regular Nginx conf 2017-09-17 18:02:00 +02:00
Y 61ca14a09a Some debug statements 2017-09-17 16:27:09 +02:00
Y 7698e778cf Avoid lua error in helpers.lua: if not conf["users"][user] then 2017-09-17 16:19:29 +02:00
Y db9059a55c let the admin decide how passwords are handled 2017-09-16 19:22:47 +02:00
Y 6b6fd09f34 portal_path must end with / 2017-09-16 18:51:57 +02:00
Y c24a5ecd20 skipped_urls is mandatory 2017-09-16 15:00:11 +02:00
Alexandre Aubin 41c8997255 Update changelog for 2.7.2 release 2017-08-22 21:18:02 -04:00
root 227ef2a6fc Update changelog for 2.7.1 release 2017-08-19 22:06:35 +00:00
Laurent Peuch 87dbee3e8d Merge pull request #88 from yunohost-bot/weblate-yunohost-ssowat 
Update from Weblate.
 2017-08-19 21:20:58 +02:00
Weblate 0e47b1f0a1 Merge remote-tracking branch 'origin/unstable' into unstable 2017-08-19 21:09:10 +02:00
Laurent Peuch 9b7fee7a1b [fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926 2017-08-19 04:39:51 +02:00
Laurent Peuch 98b1b53fbf Merge pull request #87 from YunoHost/hash_algo 
[fix] Auto-update user password hashes with new algo
 2017-08-18 02:42:00 +02:00
Laurent Peuch d440d06ae7 [fix] be paranoid and prevent shell injections here also while input is supposed to be safe 2017-08-18 02:35:08 +02:00
Laurent Peuch c8c7fe7fc7 [fix] prevent shell injections 2017-08-18 02:34:46 +02:00
Laurent Peuch 37938fd0f4 Merge pull request #86 from MCMic/unstable 
Fixed support for incomplete translations
 2017-08-17 23:13:34 +02:00
Laurent Peuch d16f3f81d0 [enh] auto rehash in sha-512 users passwords on login 2017-08-15 11:41:24 +02:00
Laurent Peuch 2ff2fb92f3 [enh] encode password using sha512 on user modification of password 2017-08-15 11:11:35 +02:00
MCMic 97df24e794 [i18n] Translated using Weblate (Esperanto) 
Currently translated at 26.8% (11 of 41 strings)
 2017-08-11 18:35:42 +02:00
Côme Chilliet 47f01b3f6f Fixed support for incomplete translations (fallback to default language for missing strings) 2017-08-10 16:31:00 +02:00
Alexandre Aubin 044aa1d8eb Update changelog for 2.7.0 release 2017-08-07 12:59:52 -04:00
YunoHost Bot 3ecdb97bf6 Update from Weblate. (#85) 
* Added translation using Weblate (Russian)
* [i18n] Translated using Weblate (Russian)
Currently translated at 12.1% (5 of 41 strings)
 2017-08-07 18:24:55 +02:00
Evgeniy Ozhiganov a4445a862b [i18n] Translated using Weblate (Russian) 
Currently translated at 12.1% (5 of 41 strings)
 2017-08-07 18:20:56 +02:00
Ozhiganov c7bc762ea3 Added translation using Weblate (Russian) 2017-07-21 05:20:01 +02:00
Laurent Peuch 50fcc831bf [mod] comment didn't matched reality 2017-05-27 19:19:48 +02:00
opi aca5f054ab Update changelog for 2.6.8 release 2017-05-23 21:46:14 +02:00
Laurent Peuch c1a388ccf0 Merge pull request #84 from YunoHost/caching_for_hash 
[enh] uses caching for hash to avoid heavy recalculation and process spawning
 2017-05-23 21:40:30 +02:00
Laurent Peuch 5157415ce3 [fix] remove tabs 2017-05-23 07:26:41 +02:00
Laurent Peuch 76677fab0d [enh] uses caching for hash to avoid heavy recalculation and process spawning 2017-05-22 23:01:18 +02:00
opi 37c0980155 Update changelog for 2.6.7 release 2017-05-18 09:14:33 +02:00
opi d105b28ccf [fix] sidddy takes 3 d 2017-05-18 08:56:48 +02:00
opi 25ce273120 [love] Add siddy to contributors file. 
Thanks for you security reviews !
 2017-05-18 08:54:45 +02:00
sidddy fc52f05459 Quick fix for CDA security issue 2017-05-18 08:45:20 +02:00
Laurent Peuch 98a6879ab4 [fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems. 2017-05-18 08:40:33 +02:00
Laurent Peuch 2456eda200 [fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore (#80) 
* [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore
* [mod] remove python script and talk directly to openssl
 2017-05-18 08:34:36 +02:00
Laurent Peuch 96b077fe02 Merge pull request #79 from YunoHost/crypto_random 
[fix] uses a cryptographically secure source of randomness
 2017-05-17 21:37:55 +02:00
Laurent Peuch c5bb6ef2ae [fix] uses a cryptographically secure source of randomness 2017-05-15 03:29:34 +02:00
opi 46b6d1048e Update changelog for 2.6.6 release 2017-05-12 22:51:24 +02:00
opi 737ebba474 Merge branch 'acl_on_basic_http_auth' into stable 2017-05-12 22:49:12 +02:00
Laurent Peuch c019f9d208 [fix] check users ACL on http basic auth 2017-05-12 22:45:19 +02:00
Alexandre Aubin 442147bbbe Update changelog for 2.6.5 release 2017-05-12 22:45:19 +02:00
Jeroen Keerl 2a648b8475 [i18n] Translated using Weblate (Dutch) 
Currently translated at 95.1% (39 of 41 strings)
 2017-05-12 22:45:19 +02:00
Fabian Gruber 4450ba8f95 [i18n] Translated using Weblate (German) 
Currently translated at 100.0% (41 of 41 strings)
 2017-05-12 22:45:19 +02:00
Alexandre Aubin d0709ff1f3 Adding link to bugtracker 2017-05-12 22:45:19 +02:00
JimboJoe 5228bf4f0c [fix] Fix tile not displayed when app is installed on root (bug #285) (#71) 
* Fix proposal for bug #285 (YunoHost tile is not displayed when the app is installed on root path)
* Fix access to administration page
 2017-05-12 22:45:19 +02:00
Alexandre Aubin 3a04c42ae6 Update changelog for 2.6.5 release 2017-04-24 13:03:07 -04:00