Kay0u
|
397f7b3910
|
authUser is defined only if authHash is accepted
|
2020-05-21 22:57:57 +02:00 |
|
Kay0u
|
6a240e1dea
|
better log message
|
2020-05-21 22:57:05 +02:00 |
|
Kay0u
|
0fc89d0fc9
|
Rework access
|
2020-04-01 00:43:59 +02:00 |
|
Kay0u
|
d8c74604c0
|
portal with the new config file
|
2020-03-31 02:20:40 +02:00 |
|
Kay0u
|
8cc2bd4b28
|
Avoid unnecessarily reloading the config file
|
2020-03-29 18:02:49 +02:00 |
|
Kay0u
|
bf0dc73381
|
using permissions, not users directive
|
2020-03-04 11:34:24 +01:00 |
|
Kay0u
|
97620aaac7
|
Unused condition
|
2020-03-04 11:32:53 +01:00 |
|
Kay0u
|
af892991af
|
refactor legacy url protections
|
2020-02-13 10:06:32 +07:00 |
|
Kay0u
|
f74619020d
|
Fix if no permission exist
|
2020-01-29 18:24:25 +07:00 |
|
Kay0u
|
02b4ecec8c
|
Fix legacy/new permissions
|
2020-01-20 22:59:25 +07:00 |
|
Kay0u
|
19ae10200d
|
fix string.match
|
2020-01-17 14:56:32 +07:00 |
|
Alexandre Aubin
|
ff700062a5
|
At least one rule should exist + should be the longest match
|
2019-10-09 18:45:50 +02:00 |
|
Alexandre Aubin
|
a13a2fee1e
|
More extensive check between allowed rules vs. protected rules
|
2019-10-03 23:11:52 +02:00 |
|
Alexandre Aubin
|
1eb322df17
|
Many tweaks in log system + implement many log messages in low-level functions
|
2019-10-03 20:42:01 +02:00 |
|
Alexandre Aubin
|
474b922089
|
Be consistent : either we use log() everywhere or we don't ... But imho just logger.info() is fine
|
2019-09-24 17:33:19 +02:00 |
|
Alexandre Aubin
|
7cb61f1619
|
Merge branch 'logging' into logging-reloaded
|
2019-09-24 17:27:44 +02:00 |
|
Alexandre Aubin
|
fc688418ce
|
info.html -> portal.html
|
2019-03-19 23:29:46 +01:00 |
|
Alexandre Aubin
|
32a9229ef4
|
Enable cache for 1 hour for static assets
|
2019-03-19 16:52:43 +01:00 |
|
Alexandre Aubin
|
2bdc12b0a0
|
Let's keep it simple ... have a folder asserts/{theme}/ containing a stylesheet.css and global.js
|
2019-02-21 18:27:28 +01:00 |
|
Lukas Fülling
|
d33cd97556
|
Add theming support, add vapor theme
|
2019-02-21 18:12:24 +01:00 |
|
chateau
|
94e15d9fe6
|
Simplify ynhpanel.js and ynhpanel.css making the YNH inapp panel an iframe that loads the info.html page.
|
2019-02-21 16:47:11 +01:00 |
|
Josué Tille
|
441f323094
|
Fix string helper if string is empty
|
2019-01-23 10:23:12 +01:00 |
|
Alexandre Aubin
|
a52ed73a11
|
Typo
|
2019-01-17 23:21:30 +01:00 |
|
Josué Tille
|
437f3c238a
|
Fix when the user stay connected
|
2019-01-17 22:54:25 +01:00 |
|
Josué Tille
|
32d04dbac9
|
Fix SSOwat crash after password change
|
2019-01-07 11:45:29 +01:00 |
|
Laurent Peuch
|
253cde4b9a
|
[fix] CVE-2018-11347 http header injection
|
2018-12-06 23:50:21 +01:00 |
|
Alexandre Aubin
|
7be6e76cb8
|
SameSite=Strict breaks multisite
|
2018-11-19 16:06:12 +00:00 |
|
Alexandre Aubin
|
2699aa8db7
|
Clarify Set-Cookie syntax
|
2018-11-19 16:03:35 +00:00 |
|
Alexandre Aubin
|
2ff41d9920
|
Merge remote-tracking branch 'tYYGH/PR_choiceRewritePW+fixes' into stretch-unstable
|
2018-11-05 03:15:43 +01:00 |
|
Alexandre Aubin
|
b68ebc04c7
|
Merge pull request #103 from frju365/patch-1
[fix] Secure cookie setting
|
2018-11-04 16:20:59 +01:00 |
|
Alexandre Aubin
|
99c108f362
|
Merge pull request #104 from YunoHost/enh-pwd-validate
[enh] Validate password strength
|
2018-11-04 15:59:39 +01:00 |
|
Alexandre Aubin
|
cb96f848d3
|
This got removed
|
2018-10-31 18:55:07 +00:00 |
|
tituspijean
|
11d0e0689a
|
[mod] Redirect after logout if r URI argument exists
|
2018-09-15 09:25:48 +02:00 |
|
ljf
|
e4ee83cc8e
|
[fix] Add a small comment
|
2018-08-29 03:00:13 +02:00 |
|
ljf
|
deeb30637e
|
[fix] Remove nginx log
|
2018-08-29 02:58:17 +02:00 |
|
ljf
|
410ba2e4a7
|
[fix] Remove extra end line of the cmd run with popen
|
2018-08-29 02:55:02 +02:00 |
|
ljf
|
7627101eb5
|
[enh] Simplify code thanks to change on password.py
|
2018-08-29 01:26:19 +02:00 |
|
ljf
|
349d486cec
|
[fix] Remove some nginx debug log
|
2018-08-29 01:08:36 +02:00 |
|
ljf
|
d83b522d50
|
[fix] Remove some nginx debug log
|
2018-08-29 00:56:24 +02:00 |
|
ljf
|
945b04cc67
|
[fix] Regex todo
|
2018-08-29 00:47:59 +02:00 |
|
ljf
|
95e1c1cd2f
|
[fix] Secure password transmission
|
2018-08-29 00:07:48 +02:00 |
|
ljf
|
ab8b040174
|
[enh] Validate password as configured
|
2018-08-28 21:33:19 +02:00 |
|
frju365
|
07c3db2c46
|
[fix] CVE CSRF with cookie setting
|
2018-08-25 02:29:26 +02:00 |
|
Eynix
|
23eb2fc3e4
|
replace hige by lustache
|
2018-06-07 11:56:34 +02:00 |
|
Y
|
db9059a55c
|
let the admin decide how passwords are handled
|
2017-09-16 19:22:47 +02:00 |
|
Laurent Peuch
|
9b7fee7a1b
|
[fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926
|
2017-08-19 04:39:51 +02:00 |
|
Laurent Peuch
|
98b1b53fbf
|
Merge pull request #87 from YunoHost/hash_algo
[fix] Auto-update user password hashes with new algo
|
2017-08-18 02:42:00 +02:00 |
|
Laurent Peuch
|
d440d06ae7
|
[fix] be paranoid and prevent shell injections here also while input is supposed to be safe
|
2017-08-18 02:35:08 +02:00 |
|
Laurent Peuch
|
c8c7fe7fc7
|
[fix] prevent shell injections
|
2017-08-18 02:34:46 +02:00 |
|
Laurent Peuch
|
d16f3f81d0
|
[enh] auto rehash in sha-512 users passwords on login
|
2017-08-15 11:41:24 +02:00 |
|