YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity
560 commits 8 branches 113 tags 3.6 MiB
Commit graph

75 commits

Author SHA1 Message Date
Alexandre Aubin
ff700062a5 At least one rule should exist + should be the longest match 2019-10-09 18:45:50 +02:00
Alexandre Aubin
a13a2fee1e More extensive check between allowed rules vs. protected rules 2019-10-03 23:11:52 +02:00
Alexandre Aubin
1eb322df17 Many tweaks in log system + implement many log messages in low-level functions 2019-10-03 20:42:01 +02:00
Alexandre Aubin
474b922089 Be consistent : either we use log() everywhere or we don't ... But imho just logger.info() is fine 2019-09-24 17:33:19 +02:00
Alexandre Aubin
7cb61f1619 Merge branch 'logging' into logging-reloaded 2019-09-24 17:27:44 +02:00
Alexandre Aubin
fc688418ce info.html -> portal.html 2019-03-19 23:29:46 +01:00
Alexandre Aubin
32a9229ef4 Enable cache for 1 hour for static assets 2019-03-19 16:52:43 +01:00
Alexandre Aubin
2bdc12b0a0 Let's keep it simple ... have a folder asserts/{theme}/ containing a stylesheet.css and global.js 2019-02-21 18:27:28 +01:00
Lukas Fülling
d33cd97556 Add theming support, add vapor theme 2019-02-21 18:12:24 +01:00
chateau
94e15d9fe6 Simplify ynhpanel.js and ynhpanel.css making the YNH inapp panel an iframe that loads the info.html page. 2019-02-21 16:47:11 +01:00
Josué Tille
441f323094
Fix string helper if string is empty 2019-01-23 10:23:12 +01:00
Alexandre Aubin
a52ed73a11
Typo 2019-01-17 23:21:30 +01:00
Josué Tille
437f3c238a
Fix when the user stay connected 2019-01-17 22:54:25 +01:00
Josué Tille
32d04dbac9
Fix SSOwat crash after password change 2019-01-07 11:45:29 +01:00
Laurent Peuch
253cde4b9a [fix] CVE-2018-11347 http header injection 2018-12-06 23:50:21 +01:00
Alexandre Aubin
7be6e76cb8 SameSite=Strict breaks multisite 2018-11-19 16:06:12 +00:00
Alexandre Aubin
2699aa8db7 Clarify Set-Cookie syntax 2018-11-19 16:03:35 +00:00
Alexandre Aubin
2ff41d9920 Merge remote-tracking branch 'tYYGH/PR_choiceRewritePW+fixes' into stretch-unstable 2018-11-05 03:15:43 +01:00
Alexandre Aubin
b68ebc04c7
Merge pull request #103 from frju365/patch-1 
[fix] Secure cookie setting
 2018-11-04 16:20:59 +01:00
Alexandre Aubin
99c108f362
Merge pull request #104 from YunoHost/enh-pwd-validate 
[enh] Validate password strength
 2018-11-04 15:59:39 +01:00
Alexandre Aubin
cb96f848d3 This got removed 2018-10-31 18:55:07 +00:00
tituspijean
11d0e0689a [mod] Redirect after logout if r URI argument exists 2018-09-15 09:25:48 +02:00
ljf
e4ee83cc8e [fix] Add a small comment 2018-08-29 03:00:13 +02:00
ljf
deeb30637e [fix] Remove nginx log 2018-08-29 02:58:17 +02:00
ljf
410ba2e4a7 [fix] Remove extra end line of the cmd run with popen 2018-08-29 02:55:02 +02:00
ljf
7627101eb5 [enh] Simplify code thanks to change on password.py 2018-08-29 01:26:19 +02:00
ljf
349d486cec [fix] Remove some nginx debug log 2018-08-29 01:08:36 +02:00
ljf
d83b522d50 [fix] Remove some nginx debug log 2018-08-29 00:56:24 +02:00
ljf
945b04cc67 [fix] Regex todo 2018-08-29 00:47:59 +02:00
ljf
95e1c1cd2f [fix] Secure password transmission 2018-08-29 00:07:48 +02:00
ljf
ab8b040174 [enh] Validate password as configured 2018-08-28 21:33:19 +02:00
frju365
07c3db2c46
[fix] CVE CSRF with cookie setting 2018-08-25 02:29:26 +02:00
Eynix
23eb2fc3e4 replace hige by lustache 2018-06-07 11:56:34 +02:00
Y
db9059a55c let the admin decide how passwords are handled 2017-09-16 19:22:47 +02:00
Laurent Peuch
9b7fee7a1b [fix] attempt to fix https://github.com/YunoHost/SSOwat/pull/86#issuecomment-323417926 2017-08-19 04:39:51 +02:00
Laurent Peuch
98b1b53fbf Merge pull request #87 from YunoHost/hash_algo 
[fix] Auto-update user password hashes with new algo
 2017-08-18 02:42:00 +02:00
Laurent Peuch
d440d06ae7 [fix] be paranoid and prevent shell injections here also while input is supposed to be safe 2017-08-18 02:35:08 +02:00
Laurent Peuch
c8c7fe7fc7 [fix] prevent shell injections 2017-08-18 02:34:46 +02:00
Laurent Peuch
d16f3f81d0 [enh] auto rehash in sha-512 users passwords on login 2017-08-15 11:41:24 +02:00
Laurent Peuch
2ff2fb92f3 [enh] encode password using sha512 on user modification of password 2017-08-15 11:11:35 +02:00
Côme Chilliet
47f01b3f6f Fixed support for incomplete translations (fallback to default language for missing strings) 2017-08-10 16:31:00 +02:00
Laurent Peuch
50fcc831bf [mod] comment didn't matched reality 2017-05-27 19:19:48 +02:00
Laurent Peuch
c1a388ccf0 Merge pull request #84 from YunoHost/caching_for_hash 
[enh] uses caching for hash to avoid heavy recalculation and process spawning
 2017-05-23 21:40:30 +02:00
Laurent Peuch
5157415ce3 [fix] remove tabs 2017-05-23 07:26:41 +02:00
Laurent Peuch
76677fab0d [enh] uses caching for hash to avoid heavy recalculation and process spawning 2017-05-22 23:01:18 +02:00
sidddy
fc52f05459 Quick fix for CDA security issue 2017-05-18 08:45:20 +02:00
Laurent Peuch
98a6879ab4 [fix] don't include ip in token, this is useless and make infinite redirection\n\nIt has been confirmed by a security friend that this was nearly useless here since the token is marked as Secure and can only be exchanged on https so if someone managed to steal it the user have way more important problems. 2017-05-18 08:40:33 +02:00
Laurent Peuch
2456eda200 [fix] Use hmac_sha512 instead of md5 for cookie hashing. Don't store the key in token anymore (#80) 
* [fix] uses hmac_sha512 for hasing the token and don't store the key in it anymore
* [mod] remove python script and talk directly to openssl
 2017-05-18 08:34:36 +02:00
Laurent Peuch
054b7d1752 [mod] remove things not related to logging 2017-05-13 15:08:56 +02:00
sidddy
ad39e3ded5 Added access log, ignore IP, check acl for basic auth 2017-05-13 15:06:18 +02:00