Alexandre Aubin
|
769f5f9cfa
|
access.lua: add special 'default' key in 'domain_portal_urls' to handle case where we reach an unmanaged domain
|
2023-09-29 14:31:30 +02:00 |
|
Alexandre Aubin
|
cac360bee9
|
access.lua: move helper at the top with the other sugar stuff
|
2023-09-29 14:30:36 +02:00 |
|
Alexandre Aubin
|
99749decdc
|
access.lua: rework again ACL check because the previous code sometimes ended up with error 500 because of permission = nil
|
2023-09-29 14:30:14 +02:00 |
|
Alexandre Aubin
|
e04e601455
|
Merge remote-tracking branch 'origin/bookworm' into portal-api
|
2023-09-27 18:49:28 +02:00 |
|
Alexandre Aubin
|
46352e6a7f
|
fix cached_jwt_verify signature
|
2023-09-27 18:43:13 +02:00 |
|
selfhoster1312
|
5eff85928e
|
Cache JWT crypto work, only check auth on non-public routes
|
2023-09-02 19:39:07 +02:00 |
|
selfhoster1312
|
5fcfd9ede6
|
Do not 500 when a requested domain is not configured for SSOWat
|
2023-08-13 18:17:52 +02:00 |
|
Alexandre Aubin
|
1ac6388242
|
Misc fixes after tests on the battlefield
|
2023-07-18 01:26:56 +02:00 |
|
Alexandre Aubin
|
24b7630d3c
|
epic refactoring: refactor the 'portal url' logic, we shall now have a dict mapping domains to portal urls (which is anyway imposed by cookie management unless we reintroduce complex cross-domain authentication...)
|
2023-07-15 21:27:40 +02:00 |
|
Alexandre Aubin
|
93ee6371ae
|
refactoring: drop the complex redirection check which was meant to check the callback URLs ... this is to be handled in the future new portal (or whatever is going to implement the callback redirection logic)
|
2023-07-15 21:22:27 +02:00 |
|
Alexandre Aubin
|
02952d0202
|
Moar epic refactoring ... merge 'helpers.lua' inside 'access.lua' to reduce complexity ...
|
2023-07-15 19:51:31 +02:00 |
|
Alexandre Aubin
|
df094ea0e3
|
Cleanup unused stuff
|
2023-07-13 16:41:17 +02:00 |
|
Alexandre Aubin
|
ea0bc8a89c
|
portalapi: propagate changes on the new API, decrypt the AES256-encrypted password found in user cookie to be able to construct the basic auth headers
|
2023-07-11 22:41:09 +02:00 |
|
Alexandre Aubin
|
8faa8057f0
|
security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2
|
2023-01-10 00:03:25 +01:00 |
|
selfhoster1312
|
5e378e5c2b
|
Authentication headers are ONLY set when user is logged in and has access to app
Prevents impersonating users on public applications where the auth headers were not cleared
|
2023-01-09 15:47:45 +01:00 |
|
Alexandre Aubin
|
d0dba1fd2e
|
Epic refactoring for new portal API etc
|
2021-12-26 17:01:56 +01:00 |
|
ljf
|
ca2a605dce
|
[fix] Typo json
|
2021-06-29 18:57:06 +02:00 |
|
ljf
|
89d78ab312
|
[enh] Avoid to list hidden files
|
2021-06-29 18:50:05 +02:00 |
|
ljf
|
b3741580da
|
[fix] dash filename, mime types, ynh_userinfo.json
|
2021-06-29 18:34:40 +02:00 |
|
Kay0u
|
384889ae11
|
match the beginning of url permissions
|
2021-01-20 01:28:08 +01:00 |
|
Titoko
|
1747da0571
|
Update access.lua
|
2020-12-17 20:12:22 +01:00 |
|
Alexandre Aubin
|
06f1f30226
|
Update access.lua
Co-authored-by: Kayou <pierre@kayou.io>
|
2020-09-21 14:40:37 +02:00 |
|
Alexandre Aubin
|
41ed91bbcb
|
Misc cosmetics / debug tweaks
|
2020-09-20 18:00:49 +02:00 |
|
Alexandre Aubin
|
dcbf66d4e4
|
Rework/simplify code that effectively apply the permission
|
2020-09-20 18:00:37 +02:00 |
|
Alexandre Aubin
|
a11d8f0d87
|
Move identification of relevant permission from helpers.lua to access.lua
|
2020-09-20 17:58:26 +02:00 |
|
Alexandre Aubin
|
abc38bbffe
|
Move handling of login through HTTP headers to is_logged_in helper
|
2020-09-20 17:53:18 +02:00 |
|
Alexandre Aubin
|
b2b9b9c8e3
|
Refactor/move handling of portal assets
|
2020-09-20 17:47:24 +02:00 |
|
Kay0u
|
41ac2e5bf8
|
Merge remote-tracking branch 'origin/dev' into permission_protection
|
2020-09-01 20:56:20 +02:00 |
|
Kay0u
|
b5a1d8dfed
|
find recursively relative to the theme directory
|
2020-06-18 15:20:11 +02:00 |
|
Kay0u
|
20de3f5f37
|
fix theme loading
|
2020-06-18 14:49:26 +02:00 |
|
Kay0u
|
720e35df4e
|
do not reauth if we are already logged in
|
2020-05-21 22:56:52 +02:00 |
|
Kay0u
|
24b3f7dc3a
|
HTTP Auth before permissions managment
|
2020-05-21 21:53:04 +02:00 |
|
Kay0u
|
400f88e6ca
|
fix the redirect loop \o/
|
2020-05-21 21:51:55 +02:00 |
|
Kayou
|
0f1eea3306
|
Merge branch 'stretch-unstable' into permission_protection
|
2020-05-21 21:17:36 +02:00 |
|
Alexandre Aubin
|
09e0fa37aa
|
Alex made a drunk copypasta that broke everything lul - var user not defined ... In fact we don't need this debug line 'cause it's already done in redirect() itself
|
2020-04-15 01:42:47 +02:00 |
|
Kayou
|
6ee3486783
|
Merge branch 'stretch-unstable' into permission_protection
|
2020-04-09 21:34:38 +02:00 |
|
Alexandre Aubin
|
286eb771a7
|
Merge pull request #158 from YunoHost/dont_set_header_unallowed_users
Don't set header if user don't have access
|
2020-04-01 02:36:58 +02:00 |
|
Kay0u
|
0fc89d0fc9
|
Rework access
|
2020-04-01 00:43:59 +02:00 |
|
Kay0u
|
d8c74604c0
|
portal with the new config file
|
2020-03-31 02:20:40 +02:00 |
|
Kay0u
|
8cc2bd4b28
|
Avoid unnecessarily reloading the config file
|
2020-03-29 18:02:49 +02:00 |
|
Josué Tille
|
ef3d6af9e0
|
Dont't set header but serve ynhpanel
|
2020-03-27 15:38:41 +01:00 |
|
Josué Tille
|
b1080c1e1a
|
Don't set header if user don't have access
|
2020-03-27 15:30:52 +01:00 |
|
Alexandre Aubin
|
77afe5cf09
|
Check if the user has access was done right before, no need to redo it
|
2020-03-24 19:52:33 +01:00 |
|
Kay0u
|
eb2872d5ed
|
Test if we should skip or unprotect the url
|
2020-03-05 00:24:06 +01:00 |
|
Kay0u
|
af892991af
|
refactor legacy url protections
|
2020-02-13 10:06:32 +07:00 |
|
Kay0u
|
9628d51d2d
|
check permission after unprotected
|
2020-01-29 18:24:51 +07:00 |
|
Kay0u
|
19ae10200d
|
fix string.match
|
2020-01-17 14:56:32 +07:00 |
|
Alexandre Aubin
|
247847a203
|
Check skipped_urls before protected_urls
|
2019-12-02 18:13:19 +01:00 |
|
Alexandre Aubin
|
a13a2fee1e
|
More extensive check between allowed rules vs. protected rules
|
2019-10-03 23:11:52 +02:00 |
|
Alexandre Aubin
|
1eb322df17
|
Many tweaks in log system + implement many log messages in low-level functions
|
2019-10-03 20:42:01 +02:00 |
|