Shaarli - The personal, minimalist, super-fast, database free, bookmarking service

	Commit message (Collapse)	Author	Age	Files	Lines
*	LDAP - Force protocol LDAPv3	ArthurHoaro	2020-06-25	1	-3/+11
\| \| \| \| \| \| \|	On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version, causing authentication issues. See: https://stackoverflow.com/a/48238224/1484919
*	Update application/security/LoginManager.php	Sébastien NOBILI	2020-06-03	1	-1/+6
\| \| \|	Co-authored-by: ArthurHoaro <arthur@hoa.ro>
*	Update application/security/LoginManager.php	Sébastien NOBILI	2020-06-03	1	-1/+1
\| \| \|	Co-authored-by: ArthurHoaro <arthur@hoa.ro>
*	Update application/security/LoginManager.php	Sébastien NOBILI	2020-06-03	1	-2/+4
\| \| \|	Co-authored-by: ArthurHoaro <arthur@hoa.ro>
*	ldap authentication, fixes shaarli/Shaarli#1343	Sébastien NOBILI	2020-03-02	1	-9/+55
\|
*	Render login page through Slim controller	ArthurHoaro	2020-01-26	1	-0/+6
\|
*	Rewrite IP ban management	ArthurHoaro	2019-02-09	2	-86/+227
\| \| \| \| \| \| \|	This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager. IPs are now stored in the same format as the datastore, through FileUtils. Fixes #1032 #587
*	Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-login	ArthurHoaro	2019-02-09	1	-0/+3
\|\ \| \| \| \|	Do not check the IP address with session protection disabled
\| *	Do not check the IP address with session protection disabled	ArthurHoaro	2018-07-17	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \|	This allows the user to stay logged in if his IP changes. Fixes #1106
* \|	lint: apply phpcbf to application/	VirtualTam	2018-12-02	1	-1/+0
\|/ \| \| \|	Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	SessionManager+LoginManager: fix checkLoginState logic	VirtualTam	2018-06-02	2	-2/+5
\| \| \| \|	Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	Add test coverage for LoginManager methods	VirtualTam	2018-06-02	1	-5/+4
\| \| \| \|	Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	SessionManager: remove unused UID token	VirtualTam	2018-06-02	1	-6/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	Refactor LoginManager stay-signed-in token management	VirtualTam	2018-06-02	2	-7/+33
\| \| \| \|	Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	Refactor session and cookie timeout control	VirtualTam	2018-06-02	2	-14/+39
\| \| \| \|	Signed-off-by: VirtualTam <virtualtam@flibidi.net>
*	Move LoginManager and SessionManager to the Security namespace	VirtualTam	2018-06-02	2	-0/+417
	Signed-off-by: VirtualTam <virtualtam@flibidi.net>