orhtej2
2880d1cfb9
Fix helper for bookworm.
2023-09-08 19:57:36 +02:00
Alexandre Aubin
c0e38b19a0
rex_pcre is now rex_pcre2
2023-05-15 17:22:50 +02:00
ewilly
ba5ffba490
Fix auth_header
...
If a colon is in the password, user and password are not well detected.
For example if user="me" and password="pass:word" the function give
user="me:pass" password="word"
2023-01-12 22:23:41 +01:00
Alexandre Aubin
8faa8057f0
security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2
2023-01-10 00:03:25 +01:00
Alexandre Aubin
4e92965eda
Stupid typo
2023-01-09 20:51:00 +01:00
Alexandre Aubin
92f1e0505a
Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth
2023-01-09 19:46:51 +01:00
Alexandre Aubin
7a2d0ed27a
security: Also check client-provided auth headers to prevent impersonation
2023-01-09 18:32:32 +01:00
selfhoster1312
5e378e5c2b
Authentication headers are ONLY set when user is logged in and has access to app
...
Prevents impersonating users on public applications where the auth headers were not cleared
2023-01-09 15:47:45 +01:00
Alexandre Aubin
71f68b0d4b
Fix password check, path to yunohost lib changed in 11.x
2022-12-06 15:59:32 +01:00
Cyril Romain
7cd4965f6c
[fix] helpers.lua: openssl v3 support for hmac_sha512
...
This change is backward compatible with older openssl versions
2022-11-06 19:38:12 +01:00
Alexandre Aubin
e2996f1451
User info self-edit would not update displayName (which is supposed to be the same as cn) resulting in inconsistencies
2022-10-09 17:27:04 +02:00
Kay0u
981960fb50
Another fix for redirect function
2021-11-16 21:40:04 +01:00
Alexandre Aubin
325964742d
Improve check for unauthorized redirect url
...
Co-authored-by: Kayou <pierre@kayou.io>
2021-11-15 19:02:13 +01:00
Kayou
0e6369bb38
fix not only alphanumeric characters domain name
2021-11-15 00:49:51 +01:00
ljf (zamentur)
35ee437272
[fix] Avoid redirection on unmanaged domains ( #191 )
...
* [fix] Avoid redirection on unmanaged domains
* [fix] redirect with uri
* Update helpers.lua
Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
2021-09-19 21:15:54 +02:00
Alexandre Aubin
07378dfd46
Forgot to python -> python3 in password check
2021-08-15 21:41:50 +02:00
Alexandre Aubin
b28788d708
Improve logging when failing to authenticate ssowat cookies
2021-08-14 21:26:19 +02:00
ljf
c34d9fd74d
[fix] Not enough random file name
2021-07-29 16:34:56 +02:00
ljf
8d0998bc3a
[enh] Add comment
2021-07-02 19:51:02 +02:00
ljf
f6ddb7af65
[fix] Nextcloud calls strangely logout the user in SSO
2021-07-02 19:49:17 +02:00
ljf
6de4b10e81
[fix] Security risk due to cache full of different uris
2021-07-02 17:40:17 +02:00
ljf
b3741580da
[fix] dash filename, mime types, ynh_userinfo.json
2021-06-29 18:34:40 +02:00
Alexandre Aubin
2e8c2f9c67
Merge pull request #183 from YunoHost/avoid-a-syscall-for-cookies
...
Avoid a syscall for cookies
2021-04-08 15:38:18 +02:00
Kay0u
45e4f9de05
avoid a syscall for cookies
2021-04-08 11:11:46 +02:00
Kay0u
24e7755e8a
remove SSOwAuthRedirect
2021-04-08 10:58:36 +02:00
Kay0u
6c4c1ca54d
Revert my stuff, just change the name of header to Proxy-Authorization + set is_logged_in to false by default
2020-12-24 17:49:24 +01:00
Kay0u
73c5524518
is_logged_in is false at the beginning of the refresh function
2020-12-24 10:20:29 +01:00
Kay0u
50db509330
revert: set "Authorization" headers not Proxy
2020-12-23 18:39:54 +01:00
Kay0u
0ff5cc6af7
Authorization -> Proxy-Authorization
2020-12-23 18:13:34 +01:00
Kay0u
a756462e6c
parse auth header at the end
2020-12-23 15:20:55 +01:00
Titoko
1747da0571
Update access.lua
2020-12-17 20:12:22 +01:00
titoko
2ca6847d4d
Update helpers.lua
2020-12-13 12:05:27 +01:00
titoko
a0129b437e
fix(Authorization): Skipped Autorization Header that are not Basic
2020-12-12 14:23:46 +01:00
Alexandre Aubin
6a7a9d668e
Restore ngx logging used by fail2ban to detect failed logging attempt
2020-10-31 13:53:19 +01:00
Alexandre Aubin
ed6fa1aa49
Add a small helper to check if an element is in a table ... in turn fixing a bug related to calling has_access
2020-09-21 14:42:26 +02:00
Alexandre Aubin
41ed91bbcb
Misc cosmetics / debug tweaks
2020-09-20 18:00:49 +02:00
Alexandre Aubin
a11d8f0d87
Move identification of relevant permission from helpers.lua to access.lua
2020-09-20 17:58:26 +02:00
Alexandre Aubin
abc38bbffe
Move handling of login through HTTP headers to is_logged_in helper
2020-09-20 17:53:18 +02:00
Kay0u
41ac2e5bf8
Merge remote-tracking branch 'origin/dev' into permission_protection
2020-09-01 20:56:20 +02:00
Kay0u
fb45cd0441
do not compare the same thing several times
2020-06-18 14:48:14 +02:00
Kay0u
397f7b3910
authUser is defined only if authHash is accepted
2020-05-21 22:57:57 +02:00
Kay0u
6a240e1dea
better log message
2020-05-21 22:57:05 +02:00
SilverViper
728620778e
prevent SSOwAuthRedirect=;;
2020-04-30 17:39:07 +02:00
SilverViper
e4b415a64e
Remove all ;; in Set-Cookie
2020-04-30 15:45:41 +02:00
Laurent Peuch
e0a66428ea
[fix] invalid more cookies
2020-04-17 00:56:40 +02:00
Kay0u
0fc89d0fc9
Rework access
2020-04-01 00:43:59 +02:00
Kay0u
d8c74604c0
portal with the new config file
2020-03-31 02:20:40 +02:00
Kay0u
8cc2bd4b28
Avoid unnecessarily reloading the config file
2020-03-29 18:02:49 +02:00
Kay0u
bf0dc73381
using permissions, not users directive
2020-03-04 11:34:24 +01:00
Kay0u
97620aaac7
Unused condition
2020-03-04 11:32:53 +01:00