MyShaarli

Author	SHA1	Message	Date
ArthurHoaro	fabff3835d	Move PHP and config init to dedicated file in order to keep index.php as minimal as possible	2020-07-23 21:19:21 +02:00
ArthurHoaro	a8c11451e8	Process login through Slim controller	2020-07-23 21:19:21 +02:00
ArthurHoaro	c4ad3d4f06	Process Shaarli install through Slim controller	2020-07-23 21:19:21 +02:00
ArthurHoaro	ef00f9d203	Process password change controller through Slim	2020-07-23 21:19:21 +02:00
ArthurHoaro	af290059d1	Process session filters through Slim controllers Including: - visibility - links per page - untagged only	2020-07-23 21:19:21 +02:00
ArthurHoaro	c266a89d0f	Process tag cloud page through Slim controller	2020-07-23 21:19:21 +02:00
ArthurHoaro	8694e8411b	LDAP - Force protocol LDAPv3 On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version, causing authentication issues. See: https://stackoverflow.com/a/48238224/1484919	2020-06-25 16:18:25 +02:00
Sébastien NOBILI	a69cfe0dd2	Update application/security/LoginManager.php Co-authored-by: ArthurHoaro <arthur@hoa.ro>	2020-06-03 10:36:04 +02:00
Sébastien NOBILI	9ba6982ea3	Update application/security/LoginManager.php Co-authored-by: ArthurHoaro <arthur@hoa.ro>	2020-06-03 10:35:41 +02:00
Sébastien NOBILI	21e5df5ee8	Update application/security/LoginManager.php Co-authored-by: ArthurHoaro <arthur@hoa.ro>	2020-06-03 10:34:32 +02:00
Sébastien NOBILI	cc2ded54e1	ldap authentication, fixes shaarli/Shaarli#1343	2020-03-02 17:13:18 +01:00
ArthurHoaro	6c50a6ccce	Render login page through Slim controller	2020-01-26 11:34:14 +01:00
ArthurHoaro	b49a04f796	Rewrite IP ban management This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager. IPs are now stored in the same format as the datastore, through FileUtils. Fixes #1032 #587	2019-02-09 16:44:48 +01:00
ArthurHoaro	905f8675a7	Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login Do not check the IP address with session protection disabled	2019-02-09 12:36:31 +01:00
VirtualTam	f211e417bf	lint: apply phpcbf to application/ Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-12-02 22:39:16 +01:00
ArthurHoaro	d9ba1cdd44	Do not check the IP address with session protection disabled This allows the user to stay logged in if his IP changes. Fixes #1106	2018-07-17 14:13:37 +02:00
VirtualTam	8edd7f1588	SessionManager+LoginManager: fix checkLoginState logic Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	704637bfeb	Add test coverage for LoginManager methods Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:26 +02:00
VirtualTam	ebf6151738	SessionManager: remove unused UID token There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	c689e10863	Refactor LoginManager stay-signed-in token management Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	51f0128cdb	Refactor session and cookie timeout control Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00
VirtualTam	fab87c2696	Move LoginManager and SessionManager to the Security namespace Signed-off-by: VirtualTam <virtualtam@flibidi.net>	2018-06-02 16:46:06 +02:00

22 commits