Commit graph

25 commits

Author SHA1 Message Date
ArthurHoaro
b38a1b0209 Use PSR-3 logger for login attempts
Fixes #1122
2020-10-20 11:47:07 +02:00
ArthurHoaro
efb7d21b52 Add strict types for bookmarks management
Parameters typing and using strict types overall increase the codebase
quality by enforcing the a given parameter will have the expected type.

It also removes the need to unnecessary unit tests checking methods
behavior with invalid input.
2020-10-13 13:50:11 +02:00
ArthurHoaro
63b0059ed5 Fix broken route to filter not tagged bookmarks
Also display the filter for visitors.

Fixes #1529
2020-08-31 14:09:27 +02:00
ArthurHoaro
fabff3835d Move PHP and config init to dedicated file
in order to keep index.php as minimal as possible
2020-07-23 21:19:21 +02:00
ArthurHoaro
a8c11451e8 Process login through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
c4ad3d4f06 Process Shaarli install through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
ef00f9d203 Process password change controller through Slim 2020-07-23 21:19:21 +02:00
ArthurHoaro
af290059d1 Process session filters through Slim controllers
Including:
  - visibility
  - links per page
  - untagged only
2020-07-23 21:19:21 +02:00
ArthurHoaro
c266a89d0f Process tag cloud page through Slim controller 2020-07-23 21:19:21 +02:00
ArthurHoaro
8694e8411b LDAP - Force protocol LDAPv3
On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version,
causing authentication issues.

See: https://stackoverflow.com/a/48238224/1484919
2020-06-25 16:18:25 +02:00
Sébastien NOBILI
a69cfe0dd2
Update application/security/LoginManager.php
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
2020-06-03 10:36:04 +02:00
Sébastien NOBILI
9ba6982ea3
Update application/security/LoginManager.php
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
2020-06-03 10:35:41 +02:00
Sébastien NOBILI
21e5df5ee8
Update application/security/LoginManager.php
Co-authored-by: ArthurHoaro <arthur@hoa.ro>
2020-06-03 10:34:32 +02:00
Sébastien NOBILI
cc2ded54e1 ldap authentication, fixes shaarli/Shaarli#1343 2020-03-02 17:13:18 +01:00
ArthurHoaro
6c50a6ccce Render login page through Slim controller 2020-01-26 11:34:14 +01:00
ArthurHoaro
b49a04f796 Rewrite IP ban management
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.

Fixes #1032 #587
2019-02-09 16:44:48 +01:00
ArthurHoaro
905f8675a7
Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login
Do not check the IP address with session protection disabled
2019-02-09 12:36:31 +01:00
VirtualTam
f211e417bf lint: apply phpcbf to application/
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-12-02 22:39:16 +01:00
ArthurHoaro
d9ba1cdd44 Do not check the IP address with session protection disabled
This allows the user to stay logged in if his IP changes.

Fixes #1106
2018-07-17 14:13:37 +02:00
VirtualTam
8edd7f1588 SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
704637bfeb Add test coverage for LoginManager methods
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:26 +02:00
VirtualTam
ebf6151738 SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie

This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.

See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]

Relevant section:

  Une clé secrète unique aléatoire est générée côté serveur (et jamais
  envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
  générer des token de formulaires (protection contre XSRF).
  Voir $_SESSION['uid'].

Translation:

  A unique, server-side secret key is randomly generated (and never
  transmitted). It can be used to sign forms (HMAC) or generate form
  tokens (protection against XSRF).
  See $_SESSION['uid']

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c689e10863 Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
51f0128cdb Refactor session and cookie timeout control
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
fab87c2696 Move LoginManager and SessionManager to the Security namespace
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00