Commit graph

117 commits

Author SHA1 Message Date
Alexandre Aubin
325964742d
Improve check for unauthorized redirect url
Co-authored-by: Kayou <pierre@kayou.io>
2021-11-15 19:02:13 +01:00
Kayou
0e6369bb38
fix not only alphanumeric characters domain name 2021-11-15 00:49:51 +01:00
ljf (zamentur)
35ee437272
[fix] Avoid redirection on unmanaged domains (#191)
* [fix] Avoid redirection on unmanaged domains

* [fix] redirect with uri

* Update helpers.lua

Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
2021-09-19 21:15:54 +02:00
Alexandre Aubin
07378dfd46 Forgot to python -> python3 in password check 2021-08-15 21:41:50 +02:00
Alexandre Aubin
b28788d708 Improve logging when failing to authenticate ssowat cookies 2021-08-14 21:26:19 +02:00
ljf
c34d9fd74d [fix] Not enough random file name 2021-07-29 16:34:56 +02:00
ljf
8d0998bc3a [enh] Add comment 2021-07-02 19:51:02 +02:00
ljf
f6ddb7af65 [fix] Nextcloud calls strangely logout the user in SSO 2021-07-02 19:49:17 +02:00
ljf
6de4b10e81 [fix] Security risk due to cache full of different uris 2021-07-02 17:40:17 +02:00
ljf
b3741580da [fix] dash filename, mime types, ynh_userinfo.json 2021-06-29 18:34:40 +02:00
Alexandre Aubin
2e8c2f9c67
Merge pull request #183 from YunoHost/avoid-a-syscall-for-cookies
Avoid a syscall for cookies
2021-04-08 15:38:18 +02:00
Kay0u
45e4f9de05
avoid a syscall for cookies 2021-04-08 11:11:46 +02:00
Kay0u
24e7755e8a
remove SSOwAuthRedirect 2021-04-08 10:58:36 +02:00
Kay0u
6c4c1ca54d
Revert my stuff, just change the name of header to Proxy-Authorization + set is_logged_in to false by default 2020-12-24 17:49:24 +01:00
Kay0u
73c5524518
is_logged_in is false at the beginning of the refresh function 2020-12-24 10:20:29 +01:00
Kay0u
50db509330
revert: set "Authorization" headers not Proxy 2020-12-23 18:39:54 +01:00
Kay0u
0ff5cc6af7
Authorization -> Proxy-Authorization 2020-12-23 18:13:34 +01:00
Kay0u
a756462e6c
parse auth header at the end 2020-12-23 15:20:55 +01:00
Titoko
1747da0571 Update access.lua 2020-12-17 20:12:22 +01:00
titoko
2ca6847d4d
Update helpers.lua 2020-12-13 12:05:27 +01:00
titoko
a0129b437e
fix(Authorization): Skipped Autorization Header that are not Basic 2020-12-12 14:23:46 +01:00
Alexandre Aubin
6a7a9d668e Restore ngx logging used by fail2ban to detect failed logging attempt 2020-10-31 13:53:19 +01:00
Alexandre Aubin
ed6fa1aa49 Add a small helper to check if an element is in a table ... in turn fixing a bug related to calling has_access 2020-09-21 14:42:26 +02:00
Alexandre Aubin
41ed91bbcb Misc cosmetics / debug tweaks 2020-09-20 18:00:49 +02:00
Alexandre Aubin
a11d8f0d87 Move identification of relevant permission from helpers.lua to access.lua 2020-09-20 17:58:26 +02:00
Alexandre Aubin
abc38bbffe Move handling of login through HTTP headers to is_logged_in helper 2020-09-20 17:53:18 +02:00
Kay0u
41ac2e5bf8
Merge remote-tracking branch 'origin/dev' into permission_protection 2020-09-01 20:56:20 +02:00
Kay0u
fb45cd0441
do not compare the same thing several times 2020-06-18 14:48:14 +02:00
Kay0u
397f7b3910
authUser is defined only if authHash is accepted 2020-05-21 22:57:57 +02:00
Kay0u
6a240e1dea
better log message 2020-05-21 22:57:05 +02:00
SilverViper
728620778e
prevent SSOwAuthRedirect=;; 2020-04-30 17:39:07 +02:00
SilverViper
e4b415a64e
Remove all ;; in Set-Cookie 2020-04-30 15:45:41 +02:00
Laurent Peuch
e0a66428ea [fix] invalid more cookies 2020-04-17 00:56:40 +02:00
Kay0u
0fc89d0fc9
Rework access 2020-04-01 00:43:59 +02:00
Kay0u
d8c74604c0
portal with the new config file 2020-03-31 02:20:40 +02:00
Kay0u
8cc2bd4b28
Avoid unnecessarily reloading the config file 2020-03-29 18:02:49 +02:00
Kay0u
bf0dc73381
using permissions, not users directive 2020-03-04 11:34:24 +01:00
Kay0u
97620aaac7
Unused condition 2020-03-04 11:32:53 +01:00
Kay0u
af892991af
refactor legacy url protections 2020-02-13 10:06:32 +07:00
Kay0u
f74619020d
Fix if no permission exist 2020-01-29 18:24:25 +07:00
Kay0u
02b4ecec8c
Fix legacy/new permissions 2020-01-20 22:59:25 +07:00
Kay0u
19ae10200d
fix string.match 2020-01-17 14:56:32 +07:00
Alexandre Aubin
ff700062a5 At least one rule should exist + should be the longest match 2019-10-09 18:45:50 +02:00
Alexandre Aubin
a13a2fee1e More extensive check between allowed rules vs. protected rules 2019-10-03 23:11:52 +02:00
Alexandre Aubin
1eb322df17 Many tweaks in log system + implement many log messages in low-level functions 2019-10-03 20:42:01 +02:00
Alexandre Aubin
474b922089 Be consistent : either we use log() everywhere or we don't ... But imho just logger.info() is fine 2019-09-24 17:33:19 +02:00
Alexandre Aubin
7cb61f1619 Merge branch 'logging' into logging-reloaded 2019-09-24 17:27:44 +02:00
Alexandre Aubin
fc688418ce info.html -> portal.html 2019-03-19 23:29:46 +01:00
Alexandre Aubin
32a9229ef4 Enable cache for 1 hour for static assets 2019-03-19 16:52:43 +01:00
Alexandre Aubin
2bdc12b0a0 Let's keep it simple ... have a folder asserts/{theme}/ containing a stylesheet.css and global.js 2019-02-21 18:27:28 +01:00