563675de09
* auth_internal OTP form: fix double-urlencode
...
* post-login redirect: handle ?return in a less idiotic fashion
2023-03-23 20:05:03 +03:00
aa2b770e30
add override links to utility views
...
This enables `local-overrides.css` and `local-overrides.js` for all utility views, for example to add polyfills, enable responsive styling or to adjust styles globally.
2023-02-24 00:46:40 +01:00
a355221e7f
Consistently get the self URL.
...
This ensures all uses of the self URL get the same normalized/sanitized value.
2022-11-28 17:40:42 +00:00
cf1eaeedf3
* add UserHelper methods to manipulate user database (add, modify, delete)
...
* expose said methods via CLI (update.php)
* fix several invocations of deprecated functions
* set stricter type hints on several method arguments
2022-06-10 13:39:00 +03:00
85b974af32
auth_internal: limit password throttling to failed login attempts not using OTP
2021-11-15 13:16:49 +03:00
f537502fce
deal with (most of) phpstan warnings in auth_internal and auth_remote
2021-11-14 21:09:53 +03:00
81a10f69bc
deal with phpstan warnings related to base authentication modules
2021-11-14 10:48:32 +03:00
87a30d88d3
plugin cleanup re: phpstan 1.0 warnings
2021-11-10 20:58:40 +03:00
0acd33abe3
OTP: generate longer secrets, also make them easier to read/copy
2021-03-29 19:26:04 +03:00
52d1a5c96d
gettextify previous
2021-03-12 09:35:56 +03:00
580eccd3da
throttle login attempts, controlled by Config::AUTH_MIN_INTERVAL
2021-03-12 09:35:01 +03:00
4949e1a590
valid OTP code should not be enough to login, oops
2021-03-12 07:32:15 +03:00
4fda5ccd0e
fix a bunch of bookmarklets login forms not leading back
2021-03-04 13:40:54 +03:00
031ee47a3e
don't try to pass string literal NOW() to ORM as a timestamp
2021-03-01 23:07:20 +03:00
8b1a2406e6
userhelper: use orm for a few more user-related things
2021-03-01 19:32:27 +03:00
2d1391a02b
come to think of it, we don't need it at all
2021-03-01 15:50:41 +03:00
dbad39d7a2
auth_internal: don't try to get otp_enabled on old schema
2021-03-01 15:49:44 +03:00
6359259dbb
simplify internal authentication code and bump default algo to SSHA-512
2021-03-01 15:24:18 +03:00
20a844085f
hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null)
2021-03-01 12:11:42 +03:00
bada1601fc
OTP form: simplify layout, use dojo controls
2021-02-28 14:18:23 +03:00
3fd7856543
* switch to composer for qrcode and otp dependencies
...
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
2021-02-26 19:16:17 +03:00
167c9fc34e
silence php8 warnings in otp secondary login form
2021-02-26 14:25:40 +03:00
e4107ac952
wip: initial for config object
2021-02-22 21:47:48 +03:00
15fd23c374
use shortcut echo syntax for php templates
2021-02-14 09:15:51 +03:00
7af8744c85
authentication: make logins case-insensitive (force lowercase)
2021-02-11 09:57:57 +03:00
51d2deeea9
fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
2021-02-08 19:11:31 +03:00
6e774a58fe
more php8 fixes mostly related to login
2021-02-06 00:12:15 +03:00
d8619b9a84
auth_internal: cast OTP code to integer before trying to check it
2020-09-17 16:50:34 +03:00
0757ad0406
auth_internal: use type-strict comparison when checking OTP code
2020-09-17 08:46:57 +03:00
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
f6090655bf
2fa: check TOTP based on previous secret values (oops of the year, 2019)
2019-11-03 20:47:21 +03:00
812a6c9f16
auth_internal: fix indents
2019-11-01 15:25:40 +03:00
249130e58d
implement app password checking / management UI
2019-11-01 15:03:57 +03:00
68b0380118
add placeholder authentication via app passwords if service is passed
...
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
178bcd4349
auth_internal: fix OTP seed checking
2019-11-01 10:34:31 +03:00
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
54c1b5c611
fill in some missing doctypes; use short doctype where it wasn't
2019-02-23 13:49:40 +03:00
3b057d5f02
OTP: css fixes
2019-02-19 20:17:13 +03:00
add9b37ab5
auth_internal: load Base32 using proper namespace
2018-06-20 22:15:10 +03:00
c3637c4d9d
set charset to "utf-8"
2017-12-07 08:34:17 +00:00
09bc54c690
further stylesheet simplification related fixes
2017-12-03 13:25:34 +03:00
b431d52520
auth_remote: use PDO
2017-12-03 09:21:08 +03:00
7d960ce7e9
auth_internal: use PDO + other fixes
2017-12-03 00:18:08 +03:00
a0dfd7ef88
fix several login parameters not being passed through OTP form
2014-05-03 18:37:08 +00:00
cdbcb2778a
move Zoom stylesheet to a separate file
...
update stylesheet/javascript tag helpers to return output instead of
printing it
2014-01-28 01:39:24 +04:00
5bbc4bb4b0
move stylesheets to css/, reference default tt-rss stylesheets from
...
default.css to make custom themes easier
2013-05-19 21:22:01 +04:00
6f7798b643
Fixing bugs found by static analysis
2013-05-07 00:35:10 -07:00
106a3de91c
plugins: bump API version
2013-04-19 17:31:56 +04:00
e441b5837b
initial
2013-04-17 21:19:00 +04:00
Andrew Dolgov
Veit Lehmann
wn_
cac2s
Andrew Dolgov
Rasmus Lerdorf
Andrew Dolgov