Alexandre Aubin
|
4e92965eda
|
Stupid typo
|
2023-01-09 20:51:00 +01:00 |
|
Alexandre Aubin
|
92f1e0505a
|
Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth
|
2023-01-09 19:46:51 +01:00 |
|
Alexandre Aubin
|
7a2d0ed27a
|
security: Also check client-provided auth headers to prevent impersonation
|
2023-01-09 18:32:32 +01:00 |
|
selfhoster1312
|
5e378e5c2b
|
Authentication headers are ONLY set when user is logged in and has access to app
Prevents impersonating users on public applications where the auth headers were not cleared
|
2023-01-09 15:47:45 +01:00 |
|
Alexandre Aubin
|
71f68b0d4b
|
Fix password check, path to yunohost lib changed in 11.x
|
2022-12-06 15:59:32 +01:00 |
|
Cyril Romain
|
7cd4965f6c
|
[fix] helpers.lua: openssl v3 support for hmac_sha512
This change is backward compatible with older openssl versions
|
2022-11-06 19:38:12 +01:00 |
|
Alexandre Aubin
|
e2996f1451
|
User info self-edit would not update displayName (which is supposed to be the same as cn) resulting in inconsistencies
|
2022-10-09 17:27:04 +02:00 |
|
Kay0u
|
981960fb50
|
Another fix for redirect function
|
2021-11-16 21:40:04 +01:00 |
|
Alexandre Aubin
|
325964742d
|
Improve check for unauthorized redirect url
Co-authored-by: Kayou <pierre@kayou.io>
|
2021-11-15 19:02:13 +01:00 |
|
Kayou
|
0e6369bb38
|
fix not only alphanumeric characters domain name
|
2021-11-15 00:49:51 +01:00 |
|
ljf (zamentur)
|
35ee437272
|
[fix] Avoid redirection on unmanaged domains (#191)
* [fix] Avoid redirection on unmanaged domains
* [fix] redirect with uri
* Update helpers.lua
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
|
2021-09-19 21:15:54 +02:00 |
|
Alexandre Aubin
|
07378dfd46
|
Forgot to python -> python3 in password check
|
2021-08-15 21:41:50 +02:00 |
|
Alexandre Aubin
|
b28788d708
|
Improve logging when failing to authenticate ssowat cookies
|
2021-08-14 21:26:19 +02:00 |
|
ljf
|
c34d9fd74d
|
[fix] Not enough random file name
|
2021-07-29 16:34:56 +02:00 |
|
ljf
|
8d0998bc3a
|
[enh] Add comment
|
2021-07-02 19:51:02 +02:00 |
|
ljf
|
f6ddb7af65
|
[fix] Nextcloud calls strangely logout the user in SSO
|
2021-07-02 19:49:17 +02:00 |
|
ljf
|
6de4b10e81
|
[fix] Security risk due to cache full of different uris
|
2021-07-02 17:40:17 +02:00 |
|
ljf
|
b3741580da
|
[fix] dash filename, mime types, ynh_userinfo.json
|
2021-06-29 18:34:40 +02:00 |
|
Alexandre Aubin
|
2e8c2f9c67
|
Merge pull request #183 from YunoHost/avoid-a-syscall-for-cookies
Avoid a syscall for cookies
|
2021-04-08 15:38:18 +02:00 |
|
Kay0u
|
45e4f9de05
|
avoid a syscall for cookies
|
2021-04-08 11:11:46 +02:00 |
|
Kay0u
|
24e7755e8a
|
remove SSOwAuthRedirect
|
2021-04-08 10:58:36 +02:00 |
|
Kay0u
|
6c4c1ca54d
|
Revert my stuff, just change the name of header to Proxy-Authorization + set is_logged_in to false by default
|
2020-12-24 17:49:24 +01:00 |
|
Kay0u
|
73c5524518
|
is_logged_in is false at the beginning of the refresh function
|
2020-12-24 10:20:29 +01:00 |
|
Kay0u
|
50db509330
|
revert: set "Authorization" headers not Proxy
|
2020-12-23 18:39:54 +01:00 |
|
Kay0u
|
0ff5cc6af7
|
Authorization -> Proxy-Authorization
|
2020-12-23 18:13:34 +01:00 |
|
Kay0u
|
a756462e6c
|
parse auth header at the end
|
2020-12-23 15:20:55 +01:00 |
|
Titoko
|
1747da0571
|
Update access.lua
|
2020-12-17 20:12:22 +01:00 |
|
titoko
|
2ca6847d4d
|
Update helpers.lua
|
2020-12-13 12:05:27 +01:00 |
|
titoko
|
a0129b437e
|
fix(Authorization): Skipped Autorization Header that are not Basic
|
2020-12-12 14:23:46 +01:00 |
|
Alexandre Aubin
|
6a7a9d668e
|
Restore ngx logging used by fail2ban to detect failed logging attempt
|
2020-10-31 13:53:19 +01:00 |
|
Alexandre Aubin
|
ed6fa1aa49
|
Add a small helper to check if an element is in a table ... in turn fixing a bug related to calling has_access
|
2020-09-21 14:42:26 +02:00 |
|
Alexandre Aubin
|
41ed91bbcb
|
Misc cosmetics / debug tweaks
|
2020-09-20 18:00:49 +02:00 |
|
Alexandre Aubin
|
a11d8f0d87
|
Move identification of relevant permission from helpers.lua to access.lua
|
2020-09-20 17:58:26 +02:00 |
|
Alexandre Aubin
|
abc38bbffe
|
Move handling of login through HTTP headers to is_logged_in helper
|
2020-09-20 17:53:18 +02:00 |
|
Kay0u
|
41ac2e5bf8
|
Merge remote-tracking branch 'origin/dev' into permission_protection
|
2020-09-01 20:56:20 +02:00 |
|
Kay0u
|
fb45cd0441
|
do not compare the same thing several times
|
2020-06-18 14:48:14 +02:00 |
|
Kay0u
|
397f7b3910
|
authUser is defined only if authHash is accepted
|
2020-05-21 22:57:57 +02:00 |
|
Kay0u
|
6a240e1dea
|
better log message
|
2020-05-21 22:57:05 +02:00 |
|
SilverViper
|
728620778e
|
prevent SSOwAuthRedirect=;;
|
2020-04-30 17:39:07 +02:00 |
|
SilverViper
|
e4b415a64e
|
Remove all ;; in Set-Cookie
|
2020-04-30 15:45:41 +02:00 |
|
Laurent Peuch
|
e0a66428ea
|
[fix] invalid more cookies
|
2020-04-17 00:56:40 +02:00 |
|
Kay0u
|
0fc89d0fc9
|
Rework access
|
2020-04-01 00:43:59 +02:00 |
|
Kay0u
|
d8c74604c0
|
portal with the new config file
|
2020-03-31 02:20:40 +02:00 |
|
Kay0u
|
8cc2bd4b28
|
Avoid unnecessarily reloading the config file
|
2020-03-29 18:02:49 +02:00 |
|
Kay0u
|
bf0dc73381
|
using permissions, not users directive
|
2020-03-04 11:34:24 +01:00 |
|
Kay0u
|
97620aaac7
|
Unused condition
|
2020-03-04 11:32:53 +01:00 |
|
Kay0u
|
af892991af
|
refactor legacy url protections
|
2020-02-13 10:06:32 +07:00 |
|
Kay0u
|
f74619020d
|
Fix if no permission exist
|
2020-01-29 18:24:25 +07:00 |
|
Kay0u
|
02b4ecec8c
|
Fix legacy/new permissions
|
2020-01-20 22:59:25 +07:00 |
|
Kay0u
|
19ae10200d
|
fix string.match
|
2020-01-17 14:56:32 +07:00 |
|