Commit graph

1531 commits

Author SHA1 Message Date
VirtualTam
508397a88e Bump the base Docker image to alpine:3.7
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-07-01 16:40:26 +02:00
VirtualTam
d9a0b52276
Merge pull request #1167 from virtualtam/mkdocs
Improve Mkdocs build process, fix formatting issues
2018-06-28 12:52:50 +02:00
VirtualTam
87f1431247 Fix broken documentation links and list formatting
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-26 22:22:33 +02:00
VirtualTam
972cd80085 Run MkDocs in strict mode
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-26 22:21:53 +02:00
VirtualTam
fd2e8fad79 Let MkDocs clean previously generated HTML pages
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-26 22:20:57 +02:00
VirtualTam
c1503307ce Add a Travis environment for MkDocs
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-26 22:19:21 +02:00
VirtualTam
c429f28ad4
Merge pull request #1165 from fbartels/patch-1
add Cloudron to related software
2018-06-26 21:48:01 +02:00
VirtualTam
52731281bc
Merge branch 'master' into patch-1 2018-06-26 21:47:27 +02:00
VirtualTam
ab752eaf15
Merge pull request #1164 from lapineige/patch-2
Other platform integration: add Yunohost install badge
2018-06-26 21:44:50 +02:00
Felix Bartels
359696dcbb
add Cloudron to related software 2018-06-25 10:05:04 +02:00
lapineige
de15ed1def
Other platform integration: add Yunohost install badge
Add a button to install with Yunohost in a one-click way.
2018-06-25 09:28:29 +02:00
nodiscc
969ed87fb1
Merge pull request #1155 from shaarli/doc-improvements
Improve documentation (#598, #1105)
2018-06-21 19:34:11 +02:00
VirtualTam
7519388dd6
Merge pull request #1154 from virtualtam/changelog
Update AUTHORS and CHANGELOG
2018-06-20 17:18:47 +02:00
VirtualTam
6e1df6013e Update version badges and installation instructions
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-20 17:14:30 +02:00
VirtualTam
47ddfc57a0 Update AUTHORS and CHANGELOG
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-20 17:11:09 +02:00
VirtualTam
6325e74caa
Merge pull request #1158 from virtualtam/master-dockerfile
Master: Build the Docker images from the local sources
2018-06-20 16:59:29 +02:00
nodiscc
bdfb967ca2 Improve documentation (#598, #1105)
* rework/simplify server configuration/requirements pages (consolidate/simplify SSL/TLS/apache configuration)
 * update index.md introduction
 * remove external images (badges)
 * Fix COPYING link and documentation links
 * Update features list
 * dedpulicate information
 * remove server-requirements.md and move relevant doc to other files
 * TODO: rework nginx configuration (single configuration example, with commented out blocks for special cases)
 * TODO: consolidate download/install/configuration pages
 * remove blank lighttpd configuration section
 * remove Required? column for composer packages, all libraries are mandatory
 * php 7.2 compatibilty
 * clarify that certbot binary and paths may vary depending on install method
2018-06-17 18:56:00 +02:00
VirtualTam
c064d3179e docker: update image and usage documentation
Relates to https://github.com/shaarli/Shaarli/issues/1153

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-17 13:45:39 +02:00
VirtualTam
2a3fe990dd docker: build the images from the local sources
Relates to https://github.com/shaarli/Shaarli/issues/1153

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-17 01:02:50 +02:00
VirtualTam
7cf436cea4 docker: remove 'stable' resources
Relates to https://github.com/shaarli/Shaarli/issues/1153

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-16 23:55:44 +02:00
VirtualTam
1168abb484 docker: move testing resources to tests/docker
Relates to https://github.com/shaarli/Shaarli/issues/1153

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-16 23:54:10 +02:00
ArthurHoaro
26b0b20228
Merge pull request #1152 from ArthurHoaro/hotfix/install-error
Fixes an error during the install
2018-06-07 20:00:30 +02:00
ArthurHoaro
cad4251ad7 Fixes an error during the install
was out of scope
2018-06-07 19:58:58 +02:00
ArthurHoaro
ea700dd89f
Merge pull request #1151 from kramred/master
Add <meta> tag for referrer same-origin also to new default tpl
2018-06-07 19:17:32 +02:00
Mark Schmitz
ee93a09387 remove environment specific .gitignore entries 2018-06-07 18:11:04 +01:00
Mark Schmitz
0deaedeeae Merge remote-tracking branch 'upstream/master' 2018-06-07 14:23:53 +01:00
Mark Schmitz
f6b3295d28 also for new default tpl add meta tag to block sending the referrer vintage -> #692 2018-06-07 14:23:41 +01:00
ArthurHoaro
d3f42ca487 Implements Tags endpoints for Shaarli's REST API
Endpoints:

 * List All Tags [GET]
 * Get a tag [GET]
 * Update a tag [PUT]
 * Delete a tag [DELETE]

Fixes #904
References shaarli/api-documentation#34
2018-06-04 18:51:22 +02:00
ArthurHoaro
17e45b2e9c
Merge pull request #1143 from ArthurHoaro/sort-equal-tags
Fix order of tags with the same number of occurrences
2018-06-04 18:34:50 +02:00
VirtualTam
d9cd27322a
Merge pull request #1086 from virtualtam/refactor/login
Refactor user login and session management
2018-06-03 18:26:32 +02:00
VirtualTam
8edd7f1588 SessionManager+LoginManager: fix checkLoginState logic
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
704637bfeb Add test coverage for LoginManager methods
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:26 +02:00
VirtualTam
ebf6151738 SessionManager: remove unused UID token
There already are dedicated tokens for:
- CSRF protection
- user stay-signed-in feature, via cookie

This token was most likely intended as a randomly generated,
server-side, secret key to be used when generating hashes.

See http://sebsauvage.net/wiki/doku.php?id=php:session [FR]

Relevant section:

  Une clé secrète unique aléatoire est générée côté serveur (et jamais
  envoyée). Elle peut servir pour signer les formulaires (HMAC) ou
  générer des token de formulaires (protection contre XSRF).
  Voir $_SESSION['uid'].

Translation:

  A unique, server-side secret key is randomly generated (and never
  transmitted). It can be used to sign forms (HMAC) or generate form
  tokens (protection against XSRF).
  See $_SESSION['uid']

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c689e10863 Refactor LoginManager stay-signed-in token management
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
51f0128cdb Refactor session and cookie timeout control
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
fab87c2696 Move LoginManager and SessionManager to the Security namespace
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
68dcaccfa4 LoginManager: remove unused parameter
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
89ccc83ba4 Login: update PageBuilder and default/vintage templates
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
8474208474 Pass the client IP ID to LoginManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:46:06 +02:00
VirtualTam
c7721487b2 Delegate session operations to SessionManager
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-06-02 16:45:54 +02:00
VirtualTam
1b28c66cc7 Document LoginManager properties
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
63ea23c2a6 Refactor user credential validation at login time
Changed:
- move login/password verification to LoginManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
49f1832316 Refactor PHP session handling during login/logout
Changed:
- move $_SESSION handling to SessionManager
- code cleanup

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
db45a36a53 Refactor SessionManager::$INACTIVITY_TIMEOUT
Changed:
- move INACTIVITY_TIMEOUT to SessionManager
- inject a dependency to a SessionManager instance in:
  - fillSessionInfo()
  - setup_login_state()
  - check_auth()
- cleanup related code and comments

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
VirtualTam
88110550b8 Refactor client session hijacking protection
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2018-05-29 22:53:54 +02:00
ArthurHoaro
f8c5660df8 Tag sort - UT + comment + fix filter and visibility
Before this, linksCountPerTag call without would have ignored visibility parameter
2018-05-29 20:52:30 +02:00
ArthurHoaro
8f816d8ddf
Merge pull request #1135 from ArthurHoaro/ci/csslint
Reformat SCSS to SASS format and run SASSLint in CI
2018-05-29 20:20:02 +02:00
ArthurHoaro
cdebf7f9b4
Merge pull request #1140 from ArthurHoaro/hotfix/markdown-rss-permalink
Fix feed permalink rendering with markdown escape set to true
2018-05-29 19:33:20 +02:00
ArthurHoaro
f28396a2f8 Fix order of tags with the same number of occurrences
Fixes #1142
2018-05-19 15:47:55 +02:00
ArthurHoaro
dd6794cff8 Fix feed permalink rendering with markdown escape set to true
Fixes #1134
2018-05-19 12:55:43 +02:00