Alexandre Aubin
abc38bbffe
Move handling of login through HTTP headers to is_logged_in helper
2020-09-20 17:53:18 +02:00
Alexandre Aubin
b2b9b9c8e3
Refactor/move handling of portal assets
2020-09-20 17:47:24 +02:00
Kay0u
41ac2e5bf8
Merge remote-tracking branch 'origin/dev' into permission_protection
2020-09-01 20:56:20 +02:00
Kay0u
b5a1d8dfed
find recursively relative to the theme directory
2020-06-18 15:20:11 +02:00
Kay0u
20de3f5f37
fix theme loading
2020-06-18 14:49:26 +02:00
Kay0u
720e35df4e
do not reauth if we are already logged in
2020-05-21 22:56:52 +02:00
Kay0u
24b3f7dc3a
HTTP Auth before permissions managment
2020-05-21 21:53:04 +02:00
Kay0u
400f88e6ca
fix the redirect loop \o/
2020-05-21 21:51:55 +02:00
Kayou
0f1eea3306
Merge branch 'stretch-unstable' into permission_protection
2020-05-21 21:17:36 +02:00
Alexandre Aubin
09e0fa37aa
Alex made a drunk copypasta that broke everything lul - var user not defined ... In fact we don't need this debug line 'cause it's already done in redirect() itself
2020-04-15 01:42:47 +02:00
Kayou
6ee3486783
Merge branch 'stretch-unstable' into permission_protection
2020-04-09 21:34:38 +02:00
Alexandre Aubin
286eb771a7
Merge pull request #158 from YunoHost/dont_set_header_unallowed_users
...
Don't set header if user don't have access
2020-04-01 02:36:58 +02:00
Kay0u
0fc89d0fc9
Rework access
2020-04-01 00:43:59 +02:00
Kay0u
d8c74604c0
portal with the new config file
2020-03-31 02:20:40 +02:00
Kay0u
8cc2bd4b28
Avoid unnecessarily reloading the config file
2020-03-29 18:02:49 +02:00
Josué Tille
ef3d6af9e0
Dont't set header but serve ynhpanel
2020-03-27 15:38:41 +01:00
Josué Tille
b1080c1e1a
Don't set header if user don't have access
2020-03-27 15:30:52 +01:00
Alexandre Aubin
77afe5cf09
Check if the user has access was done right before, no need to redo it
2020-03-24 19:52:33 +01:00
Kay0u
eb2872d5ed
Test if we should skip or unprotect the url
2020-03-05 00:24:06 +01:00
Kay0u
af892991af
refactor legacy url protections
2020-02-13 10:06:32 +07:00
Kay0u
9628d51d2d
check permission after unprotected
2020-01-29 18:24:51 +07:00
Kay0u
19ae10200d
fix string.match
2020-01-17 14:56:32 +07:00
Alexandre Aubin
247847a203
Check skipped_urls before protected_urls
2019-12-02 18:13:19 +01:00
Alexandre Aubin
a13a2fee1e
More extensive check between allowed rules vs. protected rules
2019-10-03 23:11:52 +02:00
Alexandre Aubin
1eb322df17
Many tweaks in log system + implement many log messages in low-level functions
2019-10-03 20:42:01 +02:00
Alexandre Aubin
7cb61f1619
Merge branch 'logging' into logging-reloaded
2019-09-24 17:27:44 +02:00
Geoff Montel
1161367d0e
Fixed: bug serving files because of LUA exception
...
"Interrupted system call" during PWDIR change on "popen" function
Restored by removing FIND's wildcard which could yield fo emptiness
(example : `mydir/` is empty; making `cd mydir && find *` yielding
to non argumented FIND function.
Tested on Stretch with nginx (1.10.3-1+deb9u2) and lua5.1 (5.1.5-8.1+b2).
Note that this could lead to bugs, code refactor should enclose lua-filesystem (1.6.3-1),
but I'm a rookie in LUA.
2019-07-14 14:30:37 +02:00
Josué Tille
b0756e2494
Allow access in portail in other domain than main domain
2019-05-17 22:42:52 +02:00
chateau
13257e4de0
allow to redirect sso pages the same way than apps urls (from login page)
2019-03-20 03:17:17 +01:00
Alexandre Aubin
32a9229ef4
Enable cache for 1 hour for static assets
2019-03-19 16:52:43 +01:00
Alexandre Aubin
23e78c2c39
This TODO is done
2019-03-19 15:08:09 +01:00
Alexandre Aubin
0c377c3363
Rename css/js files for semantic + explain their purpose
2019-03-19 00:17:53 +01:00
Alexandre Aubin
67e253211c
This ynhpanel.json has never been used by anything ...
2019-03-18 18:24:49 +01:00
Alexandre Aubin
328c0b73f0
Misc fixes + note about stuff to fix
2019-03-14 17:41:31 +01:00
chateau
9845d99398
Make files in current theme's directory accessibles under " https://server.tld/ynhtheme/ ".
2019-03-09 11:21:12 +01:00
Alexandre Aubin
2f24e82f38
Add trick to access.lua to be able to inject custom/theme css and js when in apps as well
2019-02-23 04:20:01 +01:00
Alexandre Aubin
7dc84973df
Improve comment
2018-12-14 00:31:54 +01:00
ljf (zamentur)
c3a9380361
[fix] PCRE choice if no %. in url regex
2018-12-13 23:23:10 +01:00
ljf
b90153a5ca
[enh] Add comment about lua pattern deprecated
2018-06-24 20:44:28 +02:00
ljf
9cbe43862b
[enh] Add PCRE regex support
2018-06-24 16:04:26 +02:00
Alexandre Aubin
d38d5e3d29
[fix] Force back_url to use HTTPS ( #93 )
2017-10-12 22:06:30 +02:00
sidddy
fc52f05459
Quick fix for CDA security issue
2017-05-18 08:45:20 +02:00
sidddy
ad39e3ded5
Added access log, ignore IP, check acl for basic auth
2017-05-13 15:06:18 +02:00
Laurent Peuch
c019f9d208
[fix] check users ACL on http basic auth
2017-05-12 22:45:19 +02:00
JimboJoe
5228bf4f0c
[fix] Fix tile not displayed when app is installed on root (bug #285 ) ( #71 )
...
* Fix proposal for bug #285 (YunoHost tile is not displayed when the app is installed on root path)
* Fix access to administration page
2017-05-12 22:45:19 +02:00
opi
9956a7c1c1
[fix] Validate domain & url before redirection on login.
2017-03-08 11:08:33 +01:00
opi
0823062e30
[fix] Escape dash in domain before matching.
2017-02-23 23:14:03 +01:00
opi
af53f4d393
[fix] match protected URIs against URL arguments
2016-04-29 17:28:08 +02:00
Maniack Crudelis
3b2bc73df5
Regex non reconnues sur protected_regex
...
Les patterns sont interprétés correctement sur unprotected_regex, mais pas sur protected_regex.
L'ajout de ..hlp.uri_args_string() corrige ça et permet d'interpréter correctement les patterns
2016-04-29 17:28:08 +02:00
kload
0ebddc079a
[fix] Load libraries locally to avoid caching
2015-05-16 09:42:26 +02:00