Alexandre Aubin
ea0bc8a89c
portalapi: propagate changes on the new API, decrypt the AES256-encrypted password found in user cookie to be able to construct the basic auth headers
2023-07-11 22:41:09 +02:00
Alexandre Aubin
d0dba1fd2e
Epic refactoring for new portal API etc
2021-12-26 17:01:56 +01:00
ljf
ca2a605dce
[fix] Typo json
2021-06-29 18:57:06 +02:00
ljf
89d78ab312
[enh] Avoid to list hidden files
2021-06-29 18:50:05 +02:00
ljf
b3741580da
[fix] dash filename, mime types, ynh_userinfo.json
2021-06-29 18:34:40 +02:00
Kay0u
384889ae11
match the beginning of url permissions
2021-01-20 01:28:08 +01:00
Titoko
1747da0571
Update access.lua
2020-12-17 20:12:22 +01:00
Alexandre Aubin
06f1f30226
Update access.lua
...
Co-authored-by: Kayou <pierre@kayou.io>
2020-09-21 14:40:37 +02:00
Alexandre Aubin
41ed91bbcb
Misc cosmetics / debug tweaks
2020-09-20 18:00:49 +02:00
Alexandre Aubin
dcbf66d4e4
Rework/simplify code that effectively apply the permission
2020-09-20 18:00:37 +02:00
Alexandre Aubin
a11d8f0d87
Move identification of relevant permission from helpers.lua to access.lua
2020-09-20 17:58:26 +02:00
Alexandre Aubin
abc38bbffe
Move handling of login through HTTP headers to is_logged_in helper
2020-09-20 17:53:18 +02:00
Alexandre Aubin
b2b9b9c8e3
Refactor/move handling of portal assets
2020-09-20 17:47:24 +02:00
Kay0u
41ac2e5bf8
Merge remote-tracking branch 'origin/dev' into permission_protection
2020-09-01 20:56:20 +02:00
Kay0u
b5a1d8dfed
find recursively relative to the theme directory
2020-06-18 15:20:11 +02:00
Kay0u
20de3f5f37
fix theme loading
2020-06-18 14:49:26 +02:00
Kay0u
720e35df4e
do not reauth if we are already logged in
2020-05-21 22:56:52 +02:00
Kay0u
24b3f7dc3a
HTTP Auth before permissions managment
2020-05-21 21:53:04 +02:00
Kay0u
400f88e6ca
fix the redirect loop \o/
2020-05-21 21:51:55 +02:00
Kayou
0f1eea3306
Merge branch 'stretch-unstable' into permission_protection
2020-05-21 21:17:36 +02:00
Alexandre Aubin
09e0fa37aa
Alex made a drunk copypasta that broke everything lul - var user not defined ... In fact we don't need this debug line 'cause it's already done in redirect() itself
2020-04-15 01:42:47 +02:00
Kayou
6ee3486783
Merge branch 'stretch-unstable' into permission_protection
2020-04-09 21:34:38 +02:00
Alexandre Aubin
286eb771a7
Merge pull request #158 from YunoHost/dont_set_header_unallowed_users
...
Don't set header if user don't have access
2020-04-01 02:36:58 +02:00
Kay0u
0fc89d0fc9
Rework access
2020-04-01 00:43:59 +02:00
Kay0u
d8c74604c0
portal with the new config file
2020-03-31 02:20:40 +02:00
Kay0u
8cc2bd4b28
Avoid unnecessarily reloading the config file
2020-03-29 18:02:49 +02:00
Josué Tille
ef3d6af9e0
Dont't set header but serve ynhpanel
2020-03-27 15:38:41 +01:00
Josué Tille
b1080c1e1a
Don't set header if user don't have access
2020-03-27 15:30:52 +01:00
Alexandre Aubin
77afe5cf09
Check if the user has access was done right before, no need to redo it
2020-03-24 19:52:33 +01:00
Kay0u
eb2872d5ed
Test if we should skip or unprotect the url
2020-03-05 00:24:06 +01:00
Kay0u
af892991af
refactor legacy url protections
2020-02-13 10:06:32 +07:00
Kay0u
9628d51d2d
check permission after unprotected
2020-01-29 18:24:51 +07:00
Kay0u
19ae10200d
fix string.match
2020-01-17 14:56:32 +07:00
Alexandre Aubin
247847a203
Check skipped_urls before protected_urls
2019-12-02 18:13:19 +01:00
Alexandre Aubin
a13a2fee1e
More extensive check between allowed rules vs. protected rules
2019-10-03 23:11:52 +02:00
Alexandre Aubin
1eb322df17
Many tweaks in log system + implement many log messages in low-level functions
2019-10-03 20:42:01 +02:00
Alexandre Aubin
7cb61f1619
Merge branch 'logging' into logging-reloaded
2019-09-24 17:27:44 +02:00
Geoff Montel
1161367d0e
Fixed: bug serving files because of LUA exception
...
"Interrupted system call" during PWDIR change on "popen" function
Restored by removing FIND's wildcard which could yield fo emptiness
(example : `mydir/` is empty; making `cd mydir && find *` yielding
to non argumented FIND function.
Tested on Stretch with nginx (1.10.3-1+deb9u2) and lua5.1 (5.1.5-8.1+b2).
Note that this could lead to bugs, code refactor should enclose lua-filesystem (1.6.3-1),
but I'm a rookie in LUA.
2019-07-14 14:30:37 +02:00
Josué Tille
b0756e2494
Allow access in portail in other domain than main domain
2019-05-17 22:42:52 +02:00
chateau
13257e4de0
allow to redirect sso pages the same way than apps urls (from login page)
2019-03-20 03:17:17 +01:00
Alexandre Aubin
32a9229ef4
Enable cache for 1 hour for static assets
2019-03-19 16:52:43 +01:00
Alexandre Aubin
23e78c2c39
This TODO is done
2019-03-19 15:08:09 +01:00
Alexandre Aubin
0c377c3363
Rename css/js files for semantic + explain their purpose
2019-03-19 00:17:53 +01:00
Alexandre Aubin
67e253211c
This ynhpanel.json has never been used by anything ...
2019-03-18 18:24:49 +01:00
Alexandre Aubin
328c0b73f0
Misc fixes + note about stuff to fix
2019-03-14 17:41:31 +01:00
chateau
9845d99398
Make files in current theme's directory accessibles under " https://server.tld/ynhtheme/ ".
2019-03-09 11:21:12 +01:00
Alexandre Aubin
2f24e82f38
Add trick to access.lua to be able to inject custom/theme css and js when in apps as well
2019-02-23 04:20:01 +01:00
Alexandre Aubin
7dc84973df
Improve comment
2018-12-14 00:31:54 +01:00
ljf (zamentur)
c3a9380361
[fix] PCRE choice if no %. in url regex
2018-12-13 23:23:10 +01:00
ljf
b90153a5ca
[enh] Add comment about lua pattern deprecated
2018-06-24 20:44:28 +02:00