Commit graph

314 commits

Author SHA1 Message Date
Laurent Peuch
98b1b53fbf Merge pull request #87 from YunoHost/hash_algo
[fix] Auto-update user password hashes with new algo
2017-08-18 02:42:00 +02:00
Laurent Peuch
d440d06ae7 [fix] be paranoid and prevent shell injections here also while input is supposed to be safe 2017-08-18 02:35:08 +02:00
Laurent Peuch
c8c7fe7fc7 [fix] prevent shell injections 2017-08-18 02:34:46 +02:00
Laurent Peuch
37938fd0f4 Merge pull request #86 from MCMic/unstable
Fixed support for incomplete translations
2017-08-17 23:13:34 +02:00
Laurent Peuch
d16f3f81d0 [enh] auto rehash in sha-512 users passwords on login 2017-08-15 11:41:24 +02:00
Laurent Peuch
2ff2fb92f3 [enh] encode password using sha512 on user modification of password 2017-08-15 11:11:35 +02:00
Côme Chilliet
47f01b3f6f Fixed support for incomplete translations (fallback to default language for missing strings) 2017-08-10 16:31:00 +02:00
Alexandre Aubin
044aa1d8eb Update changelog for 2.7.0 release 2017-08-07 12:59:52 -04:00
YunoHost Bot
3ecdb97bf6 Update from Weblate. (#85)
* Added translation using Weblate (Russian)
* [i18n] Translated using Weblate (Russian)
Currently translated at 12.1% (5 of 41 strings)
2017-08-07 18:24:55 +02:00
Laurent Peuch
50fcc831bf [mod] comment didn't matched reality 2017-05-27 19:19:48 +02:00
opi
aca5f054ab Update changelog for 2.6.8 release 2017-05-23 21:46:14 +02:00
Laurent Peuch
c1a388ccf0 Merge pull request #84 from YunoHost/caching_for_hash
[enh] uses caching for hash to avoid heavy recalculation and process spawning
2017-05-23 21:40:30 +02:00
Laurent Peuch
5157415ce3 [fix] remove tabs 2017-05-23 07:26:41 +02:00
Laurent Peuch
76677fab0d [enh] uses caching for hash to avoid heavy recalculation and process spawning 2017-05-22 23:01:18 +02:00
opi
37c0980155 Update changelog for 2.6.7 release 2017-05-18 09:14:33 +02:00
opi
d105b28ccf [fix] sidddy takes 3 d 2017-05-18 08:56:48 +02:00
opi
25ce273120 [love] Add siddy to contributors file.
Thanks for you security reviews !
2017-05-18 08:54:45 +02:00
sidddy
fc52f05459 Quick fix for CDA security issue 2017-05-18 08:45:20 +02:00
Laurent Peuch
98a6879ab4 [fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems. 2017-05-18 08:40:33 +02:00
Laurent Peuch
2456eda200 [fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore (#80)
* [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore
* [mod] remove python script and talk directly to openssl
2017-05-18 08:34:36 +02:00
Laurent Peuch
96b077fe02 Merge pull request #79 from YunoHost/crypto_random
[fix] uses a cryptographically secure source of randomness
2017-05-17 21:37:55 +02:00
Laurent Peuch
c5bb6ef2ae [fix] uses a cryptographically secure source of randomness 2017-05-15 03:29:34 +02:00
opi
46b6d1048e Update changelog for 2.6.6 release 2017-05-12 22:51:24 +02:00
opi
737ebba474 Merge branch 'acl_on_basic_http_auth' into stable 2017-05-12 22:49:12 +02:00
Laurent Peuch
c019f9d208 [fix] check users ACL on http basic auth 2017-05-12 22:45:19 +02:00
Alexandre Aubin
442147bbbe Update changelog for 2.6.5 release 2017-05-12 22:45:19 +02:00
Jeroen Keerl
2a648b8475 [i18n] Translated using Weblate (Dutch)
Currently translated at 95.1% (39 of 41 strings)
2017-05-12 22:45:19 +02:00
Fabian Gruber
4450ba8f95 [i18n] Translated using Weblate (German)
Currently translated at 100.0% (41 of 41 strings)
2017-05-12 22:45:19 +02:00
Alexandre Aubin
d0709ff1f3 Adding link to bugtracker 2017-05-12 22:45:19 +02:00
JimboJoe
5228bf4f0c [fix] Fix tile not displayed when app is installed on root (bug #285) (#71)
* Fix proposal for bug #285 (YunoHost tile is not displayed when the app is installed on root path)
* Fix access to administration page
2017-05-12 22:45:19 +02:00
Alexandre Aubin
3a04c42ae6 Update changelog for 2.6.5 release 2017-04-24 13:03:07 -04:00
opi
eba9c6ede2 Merge pull request #76 from yunohost-bot/weblate-yunohost-ssowat
Update from Weblate.
2017-04-24 17:34:20 +02:00
Jeroen Keerl
d7ed67a586 [i18n] Translated using Weblate (Dutch)
Currently translated at 95.1% (39 of 41 strings)
2017-04-24 17:29:57 +02:00
Fabian Gruber
ad274017d9 [i18n] Translated using Weblate (German)
Currently translated at 100.0% (41 of 41 strings)
2017-04-03 01:35:23 +02:00
Alexandre Aubin
25eeff041d Adding link to bugtracker 2017-04-03 01:35:16 +02:00
JimboJoe
b1a1d55e66 [fix] Fix tile not displayed when app is installed on root (bug #285) (#71)
* Fix proposal for bug #285 (YunoHost tile is not displayed when the app is installed on root path)
* Fix access to administration page
2017-04-02 23:47:54 +02:00
opi
edb1ea079c Update changelog for 2.6.4 release 2017-03-14 15:39:44 +01:00
opi
f68c7f9e44 [fix] Remove help-link in portal as they don't link to nothing. Fix #68 2017-03-14 15:32:49 +01:00
opi
ee971b453d Update changelog for 2.6.3 release 2017-03-08 11:13:50 +01:00
opi
16923ffc95 Merge pull request #75 from yunohost-bot/weblate-yunohost-ssowat
Update from Weblate.
2017-03-08 11:12:29 +01:00
opi
a6911d9037 [i18n] Translated using Weblate (French)
Currently translated at 100.0% (41 of 41 strings)
2017-03-08 11:11:29 +01:00
opi
9956a7c1c1 [fix] Validate domain & url before redirection on login. 2017-03-08 11:08:33 +01:00
opi
e6631df5b1 Update changelog for 2.6.2 release 2017-03-02 12:19:11 +01:00
opi
773d7a2830 [enh] Add Trollken to contributors list. 2017-03-02 12:17:40 +01:00
opi
2a8bf7c0a3 Merge pull request #74 from yunohost-bot/weblate-yunohost-ssowat
Update from Weblate.
2017-03-02 12:14:25 +01:00
Trollken
514f8d3d41 [i18n] Translated using Weblate (Portuguese)
Currently translated at 100.0% (39 of 39 strings)
2017-02-28 15:39:01 +01:00
opi
fff95314ce [fix] Use local variables for cookie's expired_time. 2017-02-28 15:38:46 +01:00
opi
6bd8eb1a90 [fix] Delete cookies on logout. 2017-02-28 15:36:45 +01:00
opi
2eb38d3eaa [enh] Add 'Secure' flag in cookies. 2017-02-28 15:36:04 +01:00
opi
a2af42144b [fix] Use 'Expires' instead of 'Max-Age' for every cookie for consistency. 2017-02-28 15:23:40 +01:00