Alexandre Aubin
|
1eb322df17
|
Many tweaks in log system + implement many log messages in low-level functions
|
2019-10-03 20:42:01 +02:00 |
|
Alexandre Aubin
|
474b922089
|
Be consistent : either we use log() everywhere or we don't ... But imho just logger.info() is fine
|
2019-09-24 17:33:19 +02:00 |
|
Alexandre Aubin
|
7cb61f1619
|
Merge branch 'logging' into logging-reloaded
|
2019-09-24 17:27:44 +02:00 |
|
Alexandre Aubin
|
fc688418ce
|
info.html -> portal.html
|
2019-03-19 23:29:46 +01:00 |
|
Alexandre Aubin
|
32a9229ef4
|
Enable cache for 1 hour for static assets
|
2019-03-19 16:52:43 +01:00 |
|
Alexandre Aubin
|
2bdc12b0a0
|
Let's keep it simple ... have a folder asserts/{theme}/ containing a stylesheet.css and global.js
|
2019-02-21 18:27:28 +01:00 |
|
Lukas Fülling
|
d33cd97556
|
Add theming support, add vapor theme
|
2019-02-21 18:12:24 +01:00 |
|
chateau
|
94e15d9fe6
|
Simplify ynhpanel.js and ynhpanel.css making the YNH inapp panel an iframe that loads the info.html page.
|
2019-02-21 16:47:11 +01:00 |
|
Josué Tille
|
441f323094
|
Fix string helper if string is empty
|
2019-01-23 10:23:12 +01:00 |
|
Alexandre Aubin
|
a52ed73a11
|
Typo
|
2019-01-17 23:21:30 +01:00 |
|
Josué Tille
|
437f3c238a
|
Fix when the user stay connected
|
2019-01-17 22:54:25 +01:00 |
|
Josué Tille
|
32d04dbac9
|
Fix SSOwat crash after password change
|
2019-01-07 11:45:29 +01:00 |
|
Laurent Peuch
|
253cde4b9a
|
[fix] CVE-2018-11347 http header injection
|
2018-12-06 23:50:21 +01:00 |
|
Alexandre Aubin
|
7be6e76cb8
|
SameSite=Strict breaks multisite
|
2018-11-19 16:06:12 +00:00 |
|
Alexandre Aubin
|
2699aa8db7
|
Clarify Set-Cookie syntax
|
2018-11-19 16:03:35 +00:00 |
|
Alexandre Aubin
|
2ff41d9920
|
Merge remote-tracking branch 'tYYGH/PR_choiceRewritePW+fixes' into stretch-unstable
|
2018-11-05 03:15:43 +01:00 |
|
Alexandre Aubin
|
b68ebc04c7
|
Merge pull request #103 from frju365/patch-1
[fix] Secure cookie setting
|
2018-11-04 16:20:59 +01:00 |
|
Alexandre Aubin
|
99c108f362
|
Merge pull request #104 from YunoHost/enh-pwd-validate
[enh] Validate password strength
|
2018-11-04 15:59:39 +01:00 |
|
Alexandre Aubin
|
cb96f848d3
|
This got removed
|
2018-10-31 18:55:07 +00:00 |
|
tituspijean
|
11d0e0689a
|
[mod] Redirect after logout if r URI argument exists
|
2018-09-15 09:25:48 +02:00 |
|
ljf
|
e4ee83cc8e
|
[fix] Add a small comment
|
2018-08-29 03:00:13 +02:00 |
|
ljf
|
deeb30637e
|
[fix] Remove nginx log
|
2018-08-29 02:58:17 +02:00 |
|
ljf
|
410ba2e4a7
|
[fix] Remove extra end line of the cmd run with popen
|
2018-08-29 02:55:02 +02:00 |
|
ljf
|
7627101eb5
|
[enh] Simplify code thanks to change on password.py
|
2018-08-29 01:26:19 +02:00 |
|
ljf
|
349d486cec
|
[fix] Remove some nginx debug log
|
2018-08-29 01:08:36 +02:00 |
|
ljf
|
d83b522d50
|
[fix] Remove some nginx debug log
|
2018-08-29 00:56:24 +02:00 |
|
ljf
|
945b04cc67
|
[fix] Regex todo
|
2018-08-29 00:47:59 +02:00 |
|
ljf
|
95e1c1cd2f
|
[fix] Secure password transmission
|
2018-08-29 00:07:48 +02:00 |
|
ljf
|
ab8b040174
|
[enh] Validate password as configured
|
2018-08-28 21:33:19 +02:00 |
|
frju365
|
07c3db2c46
|
[fix] CVE CSRF with cookie setting
|
2018-08-25 02:29:26 +02:00 |
|
Eynix
|
23eb2fc3e4
|
replace hige by lustache
|
2018-06-07 11:56:34 +02:00 |
|
Y
|
db9059a55c
|
let the admin decide how passwords are handled
|
2017-09-16 19:22:47 +02:00 |
|
Laurent Peuch
|
9b7fee7a1b
|
[fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926
|
2017-08-19 04:39:51 +02:00 |
|
Laurent Peuch
|
98b1b53fbf
|
Merge pull request #87 from YunoHost/hash_algo
[fix] Auto-update user password hashes with new algo
|
2017-08-18 02:42:00 +02:00 |
|
Laurent Peuch
|
d440d06ae7
|
[fix] be paranoid and prevent shell injections here also while input is supposed to be safe
|
2017-08-18 02:35:08 +02:00 |
|
Laurent Peuch
|
c8c7fe7fc7
|
[fix] prevent shell injections
|
2017-08-18 02:34:46 +02:00 |
|
Laurent Peuch
|
d16f3f81d0
|
[enh] auto rehash in sha-512 users passwords on login
|
2017-08-15 11:41:24 +02:00 |
|
Laurent Peuch
|
2ff2fb92f3
|
[enh] encode password using sha512 on user modification of password
|
2017-08-15 11:11:35 +02:00 |
|
Côme Chilliet
|
47f01b3f6f
|
Fixed support for incomplete translations (fallback to default language for missing strings)
|
2017-08-10 16:31:00 +02:00 |
|
Laurent Peuch
|
50fcc831bf
|
[mod] comment didn't matched reality
|
2017-05-27 19:19:48 +02:00 |
|
Laurent Peuch
|
c1a388ccf0
|
Merge pull request #84 from YunoHost/caching_for_hash
[enh] uses caching for hash to avoid heavy recalculation and process spawning
|
2017-05-23 21:40:30 +02:00 |
|
Laurent Peuch
|
5157415ce3
|
[fix] remove tabs
|
2017-05-23 07:26:41 +02:00 |
|
Laurent Peuch
|
76677fab0d
|
[enh] uses caching for hash to avoid heavy recalculation and process spawning
|
2017-05-22 23:01:18 +02:00 |
|
sidddy
|
fc52f05459
|
Quick fix for CDA security issue
|
2017-05-18 08:45:20 +02:00 |
|
Laurent Peuch
|
98a6879ab4
|
[fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems.
|
2017-05-18 08:40:33 +02:00 |
|
Laurent Peuch
|
2456eda200
|
[fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore (#80)
* [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore
* [mod] remove python script and talk directly to openssl
|
2017-05-18 08:34:36 +02:00 |
|
Laurent Peuch
|
054b7d1752
|
[mod] remove things not related to logging
|
2017-05-13 15:08:56 +02:00 |
|
sidddy
|
ad39e3ded5
|
Added access log, ignore IP, check acl for basic auth
|
2017-05-13 15:06:18 +02:00 |
|
opi
|
fff95314ce
|
[fix] Use local variables for cookie's expired_time.
|
2017-02-28 15:38:46 +01:00 |
|
opi
|
6bd8eb1a90
|
[fix] Delete cookies on logout.
|
2017-02-28 15:36:45 +01:00 |
|