YunoHost/SSOwat

mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00

Author	SHA1	Message	Date
Laurent Peuch	5157415ce3	[fix] remove tabs	2017-05-23 07:26:41 +02:00
Laurent Peuch	76677fab0d	[enh] uses caching for hash to avoid heavy recalculation and process spawning	2017-05-22 23:01:18 +02:00
sidddy	fc52f05459	Quick fix for CDA security issue	2017-05-18 08:45:20 +02:00
Laurent Peuch	98a6879ab4	[fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems.	2017-05-18 08:40:33 +02:00
Laurent Peuch	2456eda200	[fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore (#80 ) * [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore * [mod] remove python script and talk directly to openssl	2017-05-18 08:34:36 +02:00
Laurent Peuch	054b7d1752	[mod] remove things not related to logging	2017-05-13 15:08:56 +02:00
sidddy	ad39e3ded5	Added access log, ignore IP, check acl for basic auth	2017-05-13 15:06:18 +02:00
opi	fff95314ce	[fix] Use local variables for cookie's expired_time.	2017-02-28 15:38:46 +01:00
opi	6bd8eb1a90	[fix] Delete cookies on logout.	2017-02-28 15:36:45 +01:00
opi	2eb38d3eaa	[enh] Add 'Secure' flag in cookies.	2017-02-28 15:36:04 +01:00
opi	a2af42144b	[fix] Use 'Expires' instead of 'Max-Age' for every cookie for consistency.	2017-02-28 15:23:40 +01:00
JimboJoe	fb99ee2177	Fix HTTP cookie caching - Use "Expires" instead of "Max-Age" when using a cookie date (Max-Age is used with an interval of seconds in the future: https://en.wikipedia.org/wiki/HTTP_cookie#Expires_and_Max-Age) - Fix cookie dates to be compliant with specifications Fixes errors with various "picky" clients (for example, Lightroom/Piwigo plugin).	2017-02-28 15:19:28 +01:00
Julien Malik	fd3338de99	[fix] Refresh ldap info before loading page that requires it, fixes #633	2017-02-28 11:14:22 +01:00
opi	e7b39d4d29	[fix] Always redirect to portal when calling logout page.	2017-02-23 17:53:17 +01:00
opi	bf24cf5e50	[enh] Use consistent coding convention for function prototype.	2016-04-30 12:40:59 +02:00
root	648b552297	adding credentials for non-anonymous bind	2016-04-29 14:31:37 +02:00
Jérôme Lebleu	a46be28b53	[fix] Construct a proper emails array (fix #39 )	2015-06-30 21:03:20 +02:00
kload	cd85f6b740	[enh] Sort apps alphabeticaly + set app color regarding its name	2015-06-14 13:23:21 +02:00
kload	404fe510d2	[fix] Ensure that configuration is loaded properly when we need it + lowercase the username + do not fail when only oneemail alias is set	2015-06-02 17:05:06 +02:00
kload	8ee3d6b93d	[fix] Get rid of Cookie cache	2015-05-21 16:11:33 +02:00
kload	e15c15812c	[fix] Finally caught this little nasty Cookie setter	2015-05-21 15:29:36 +02:00
kload	f895e02986	[fix] Do not declare cookies as global variables	2015-05-16 21:03:06 +02:00
kload	0ebddc079a	[fix] Load libraries locally to avoid caching	2015-05-16 09:42:26 +02:00
kload	8953860017	[fix] Efficiently generate random strings	2015-04-30 15:16:51 +02:00
julienmalik	f5bd2dcc2b	[fix] escape minus character to avoid interpretation as range Fixes #36	2015-03-31 11:29:45 +02:00
opi	b9b6d09769	[fix] Prevent adding the same cookie again and again.	2015-02-18 14:35:13 +01:00
Jérôme Lebleu	1d44e53f7b	[fix] Allow special characters in email adresses (fix #33 )	2015-02-16 16:42:06 +01:00
Jérôme Lebleu	cf78b8929d	[enh] Consider new gTLDs in email regex using Lrexlib	2015-02-15 22:31:20 +01:00
kload	2a9769f7d9	[fix] Load modules as proper modules + typo	2015-02-15 13:03:01 +01:00
kload	35e69a1bf2	[fix] Separate files properly	2015-02-12 12:08:52 +01:00
kload	84015149b9	[enh] Separate configuration file loading to a new file and document it	2015-02-02 00:05:09 +01:00
kload	3fbb7d6d0e	[enh] Separate helpers to helpers.coffee	2015-02-01 15:04:36 +01:00

1 2

82 commits