Commit Graph

45 Commits

Author SHA1 Message Date
Andrew Dolgov 031ee47a3e don't try to pass string literal NOW() to ORM as a timestamp 2021-03-01 23:07:20 +03:00
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 2021-03-01 19:32:27 +03:00
Andrew Dolgov 2d1391a02b come to think of it, we don't need it at all 2021-03-01 15:50:41 +03:00
Andrew Dolgov dbad39d7a2 auth_internal: don't try to get otp_enabled on old schema 2021-03-01 15:49:44 +03:00
Andrew Dolgov 6359259dbb simplify internal authentication code and bump default algo to SSHA-512 2021-03-01 15:24:18 +03:00
Andrew Dolgov 20a844085f hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null) 2021-03-01 12:11:42 +03:00
Andrew Dolgov bada1601fc OTP form: simplify layout, use dojo controls 2021-02-28 14:18:23 +03:00
Andrew Dolgov 3fd7856543 * switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
2021-02-26 19:16:17 +03:00
Andrew Dolgov 167c9fc34e silence php8 warnings in otp secondary login form 2021-02-26 14:25:40 +03:00
Andrew Dolgov e4107ac952 wip: initial for config object 2021-02-22 21:47:48 +03:00
Andrew Dolgov 15fd23c374 use shortcut echo syntax for php templates 2021-02-14 09:15:51 +03:00
Andrew Dolgov 7af8744c85 authentication: make logins case-insensitive (force lowercase) 2021-02-11 09:57:57 +03:00
Andrew Dolgov 51d2deeea9 fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost 2021-02-08 19:11:31 +03:00
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 2021-02-06 00:12:15 +03:00
Andrew Dolgov d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 2020-09-17 16:50:34 +03:00
Andrew Dolgov 0757ad0406 auth_internal: use type-strict comparison when checking OTP code 2020-09-17 08:46:57 +03:00
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
Andrew Dolgov f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 2019-11-03 20:47:21 +03:00
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov 249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov 68b0380118 add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov 178bcd4349 auth_internal: fix OTP seed checking 2019-11-01 10:34:31 +03:00
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov 3b057d5f02 OTP: css fixes 2019-02-19 20:17:13 +03:00
Andrew Dolgov add9b37ab5 auth_internal: load Base32 using proper namespace 2018-06-20 22:15:10 +03:00
cac2s c3637c4d9d set charset to "utf-8" 2017-12-07 08:34:17 +00:00
Andrew Dolgov 09bc54c690 further stylesheet simplification related fixes 2017-12-03 13:25:34 +03:00
Andrew Dolgov b431d52520 auth_remote: use PDO 2017-12-03 09:21:08 +03:00
Andrew Dolgov 7d960ce7e9 auth_internal: use PDO + other fixes 2017-12-03 00:18:08 +03:00
Andrew Dolgov a0dfd7ef88 fix several login parameters not being passed through OTP form 2014-05-03 18:37:08 +00:00
Andrew Dolgov cdbcb2778a move Zoom stylesheet to a separate file
update stylesheet/javascript tag helpers to return output instead of
printing it
2014-01-28 01:39:24 +04:00
Andrew Dolgov 5bbc4bb4b0 move stylesheets to css/, reference default tt-rss stylesheets from
default.css to make custom themes easier
2013-05-19 21:22:01 +04:00
Rasmus Lerdorf 6f7798b643 Fixing bugs found by static analysis 2013-05-07 00:35:10 -07:00
Andrew Dolgov 106a3de91c plugins: bump API version 2013-04-19 17:31:56 +04:00
Andrew Dolgov e441b5837b initial 2013-04-17 21:19:00 +04:00
Andrew Dolgov a42c55f02b fix blank character after opening bracket in function calls 2013-04-17 18:34:18 +04:00
Andrew Dolgov 6322ac79a0 remove $link 2013-04-17 16:48:41 +04:00
Andrew Dolgov da1e51cdfb add some styling to otp form 2013-04-16 21:15:41 +04:00
Andrew Dolgov 6f148528dc set otp field to autocomplete=off 2013-04-16 20:52:36 +04:00
Andrew Dolgov 9c3a4f293c remove password type from otp field 2013-04-16 20:50:17 +04:00
Andrew Dolgov 3972bf5981 db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 2013-03-22 09:14:55 +04:00
Andrew Dolgov e938b1de11 rename plugin main class files 2012-12-30 13:36:40 +04:00
Andrew Dolgov 0f28f81f89 move authentication modules to plugins/ 2012-12-27 15:14:44 +04:00