Commit graph

18 commits

Author SHA1 Message Date
ArthurHoaro
a5a9cf23ac Compatibility with PHPUnit 9 2020-09-29 18:57:20 +02:00
ArthurHoaro
8f60e1206e Comply with PHPUnit V8: setup/teardown functions must return void 2020-09-26 15:08:39 +02:00
ArthurHoaro
63b0059ed5 Fix broken route to filter not tagged bookmarks
Also display the filter for visitors.

Fixes #1529
2020-08-31 14:09:27 +02:00
ArthurHoaro
c4ad3d4f06 Process Shaarli install through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
af290059d1 Process session filters through Slim controllers
Including:
  - visibility
  - links per page
  - untagged only
2020-07-23 21:19:21 +02:00
Sébastien NOBILI
46846fd4fc fixed typo 2020-03-02 18:23:55 +01:00
Sébastien NOBILI
cc2ded54e1 ldap authentication, fixes shaarli/Shaarli#1343 2020-03-02 17:13:18 +01:00
ArthurHoaro
b49a04f796 Rewrite IP ban management
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.

Fixes #1032 #587
2019-02-09 16:44:48 +01:00
ArthurHoaro
905f8675a7
Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login
Do not check the IP address with session protection disabled
2019-02-09 12:36:31 +01:00
VirtualTam
dea72c711f Optimize and cleanup imports
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2019-01-13 00:04:42 +01:00
VirtualTam
067c2dd8f5 lint: apply phpcbf to tests/
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-12-02 22:39:16 +01:00
ArthurHoaro
d9ba1cdd44 Do not check the IP address with session protection disabled
This allows the user to stay logged in if his IP changes.

Fixes #1106
2018-07-17 14:13:37 +02:00
VirtualTam
8edd7f1588 SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
704637bfeb Add test coverage for LoginManager methods
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:26 +02:00
VirtualTam
ebf6151738 SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie

This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.

See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]

Relevant section:

  Une clé secrète unique aléatoire est générée côté serveur (et jamais
  envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
  générer des token de formulaires (protection contre XSRF).
  Voir $_SESSION['uid'].

Translation:

  A unique, server-side secret key is randomly generated (and never
  transmitted). It can be used to sign forms (HMAC) or generate form
  tokens (protection against XSRF).
  See $_SESSION['uid']

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c689e10863 Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
51f0128cdb Refactor session and cookie timeout control
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
fab87c2696 Move LoginManager and SessionManager to the Security namespace
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00