Commit graph

85 commits

Author SHA1 Message Date
SilverViper
728620778e
prevent SSOwAuthRedirect=;; 2020-04-30 17:39:07 +02:00
SilverViper
e4b415a64e
Remove all ;; in Set-Cookie 2020-04-30 15:45:41 +02:00
Laurent Peuch
e0a66428ea [fix] invalid more cookies 2020-04-17 00:56:40 +02:00
Kay0u
8cc2bd4b28
Avoid unnecessarily reloading the config file 2020-03-29 18:02:49 +02:00
Kay0u
bf0dc73381
using permissions, not users directive 2020-03-04 11:34:24 +01:00
Kay0u
97620aaac7
Unused condition 2020-03-04 11:32:53 +01:00
Kay0u
af892991af
refactor legacy url protections 2020-02-13 10:06:32 +07:00
Kay0u
f74619020d
Fix if no permission exist 2020-01-29 18:24:25 +07:00
Kay0u
02b4ecec8c
Fix legacy/new permissions 2020-01-20 22:59:25 +07:00
Kay0u
19ae10200d
fix string.match 2020-01-17 14:56:32 +07:00
Alexandre Aubin
ff700062a5 At least one rule should exist + should be the longest match 2019-10-09 18:45:50 +02:00
Alexandre Aubin
a13a2fee1e More extensive check between allowed rules vs. protected rules 2019-10-03 23:11:52 +02:00
Alexandre Aubin
1eb322df17 Many tweaks in log system + implement many log messages in low-level functions 2019-10-03 20:42:01 +02:00
Alexandre Aubin
474b922089 Be consistent : either we use log() everywhere or we don't ... But imho just logger.info() is fine 2019-09-24 17:33:19 +02:00
Alexandre Aubin
7cb61f1619 Merge branch 'logging' into logging-reloaded 2019-09-24 17:27:44 +02:00
Alexandre Aubin
fc688418ce info.html -> portal.html 2019-03-19 23:29:46 +01:00
Alexandre Aubin
32a9229ef4 Enable cache for 1 hour for static assets 2019-03-19 16:52:43 +01:00
Alexandre Aubin
2bdc12b0a0 Let's keep it simple ... have a folder asserts/{theme}/ containing a stylesheet.css and global.js 2019-02-21 18:27:28 +01:00
Lukas Fülling
d33cd97556 Add theming support, add vapor theme 2019-02-21 18:12:24 +01:00
chateau
94e15d9fe6 Simplify ynhpanel.js and ynhpanel.css making the YNH inapp panel an iframe that loads the info.html page. 2019-02-21 16:47:11 +01:00
Josué Tille
441f323094
Fix string helper if string is empty 2019-01-23 10:23:12 +01:00
Alexandre Aubin
a52ed73a11
Typo 2019-01-17 23:21:30 +01:00
Josué Tille
437f3c238a
Fix when the user stay connected 2019-01-17 22:54:25 +01:00
Josué Tille
32d04dbac9
Fix SSOwat crash after password change 2019-01-07 11:45:29 +01:00
Laurent Peuch
253cde4b9a [fix] CVE-2018-11347 http header injection 2018-12-06 23:50:21 +01:00
Alexandre Aubin
7be6e76cb8 SameSite=Strict breaks multisite 2018-11-19 16:06:12 +00:00
Alexandre Aubin
2699aa8db7 Clarify Set-Cookie syntax 2018-11-19 16:03:35 +00:00
Alexandre Aubin
2ff41d9920 Merge remote-tracking branch 'tYYGH/PR_choiceRewritePW+fixes' into stretch-unstable 2018-11-05 03:15:43 +01:00
Alexandre Aubin
b68ebc04c7
Merge pull request #103 from frju365/patch-1
[fix] Secure cookie setting
2018-11-04 16:20:59 +01:00
Alexandre Aubin
99c108f362
Merge pull request #104 from YunoHost/enh-pwd-validate
[enh] Validate password strength
2018-11-04 15:59:39 +01:00
Alexandre Aubin
cb96f848d3 This got removed 2018-10-31 18:55:07 +00:00
tituspijean
11d0e0689a [mod] Redirect after logout if r URI argument exists 2018-09-15 09:25:48 +02:00
ljf
e4ee83cc8e [fix] Add a small comment 2018-08-29 03:00:13 +02:00
ljf
deeb30637e [fix] Remove nginx log 2018-08-29 02:58:17 +02:00
ljf
410ba2e4a7 [fix] Remove extra end line of the cmd run with popen 2018-08-29 02:55:02 +02:00
ljf
7627101eb5 [enh] Simplify code thanks to change on password.py 2018-08-29 01:26:19 +02:00
ljf
349d486cec [fix] Remove some nginx debug log 2018-08-29 01:08:36 +02:00
ljf
d83b522d50 [fix] Remove some nginx debug log 2018-08-29 00:56:24 +02:00
ljf
945b04cc67 [fix] Regex todo 2018-08-29 00:47:59 +02:00
ljf
95e1c1cd2f [fix] Secure password transmission 2018-08-29 00:07:48 +02:00
ljf
ab8b040174 [enh] Validate password as configured 2018-08-28 21:33:19 +02:00
frju365
07c3db2c46
[fix] CVE CSRF with cookie setting 2018-08-25 02:29:26 +02:00
Eynix
23eb2fc3e4 replace hige by lustache 2018-06-07 11:56:34 +02:00
Y
db9059a55c let the admin decide how passwords are handled 2017-09-16 19:22:47 +02:00
Laurent Peuch
9b7fee7a1b [fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926 2017-08-19 04:39:51 +02:00
Laurent Peuch
98b1b53fbf Merge pull request #87 from YunoHost/hash_algo
[fix] Auto-update user password hashes with new algo
2017-08-18 02:42:00 +02:00
Laurent Peuch
d440d06ae7 [fix] be paranoid and prevent shell injections here also while input is supposed to be safe 2017-08-18 02:35:08 +02:00
Laurent Peuch
c8c7fe7fc7 [fix] prevent shell injections 2017-08-18 02:34:46 +02:00
Laurent Peuch
d16f3f81d0 [enh] auto rehash in sha-512 users passwords on login 2017-08-15 11:41:24 +02:00
Laurent Peuch
2ff2fb92f3 [enh] encode password using sha512 on user modification of password 2017-08-15 11:11:35 +02:00