aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security
Commit message (Collapse)AuthorAgeFilesLines
* Apply PHP Code Beautifier on source code for linter automatic fixesArthurHoaro2020-11-093-11/+16
|
* Fix compatiliby issue on login with PHP 7.1ArthurHoaro2020-10-281-2/+5
| | | | session_set_cookie_params does not return any value in PHP 7.1
* Move utils classes to Shaarli\Helper namespace and folderArthurHoaro2020-10-271-1/+1
|
* Use PSR-3 logger for login attemptsArthurHoaro2020-10-202-54/+43
| | | | Fixes #1122
* Add strict types for bookmarks managementArthurHoaro2020-10-131-1/+1
| | | | | | | | Parameters typing and using strict types overall increase the codebase quality by enforcing the a given parameter will have the expected type. It also removes the need to unnecessary unit tests checking methods behavior with invalid input.
* Fix broken route to filter not tagged bookmarksArthurHoaro2020-08-311-1/+0
| | | | | | Also display the filter for visitors. Fixes #1529
* Move PHP and config init to dedicated fileArthurHoaro2020-07-231-0/+14
| | | | in order to keep index.php as minimal as possible
* Process login through Slim controllerArthurHoaro2020-07-231-0/+30
|
* Process Shaarli install through Slim controllerArthurHoaro2020-07-233-12/+53
|
* Process password change controller through SlimArthurHoaro2020-07-231-0/+4
|
* Process session filters through Slim controllersArthurHoaro2020-07-231-0/+33
| | | | | | | Including: - visibility - links per page - untagged only
* Process tag cloud page through Slim controllerArthurHoaro2020-07-231-0/+10
|
* LDAP - Force protocol LDAPv3ArthurHoaro2020-06-251-3/+11
| | | | | | | On Linux, php-ldap seems to rely on a library which still uses deprecated LDAPv2 as default version, causing authentication issues. See: https://stackoverflow.com/a/48238224/1484919
* Update application/security/LoginManager.phpSébastien NOBILI2020-06-031-1/+6
| | | Co-authored-by: ArthurHoaro <arthur@hoa.ro>
* Update application/security/LoginManager.phpSébastien NOBILI2020-06-031-1/+1
| | | Co-authored-by: ArthurHoaro <arthur@hoa.ro>
* Update application/security/LoginManager.phpSébastien NOBILI2020-06-031-2/+4
| | | Co-authored-by: ArthurHoaro <arthur@hoa.ro>
* ldap authentication, fixes shaarli/Shaarli#1343Sébastien NOBILI2020-03-021-9/+55
|
* Render login page through Slim controllerArthurHoaro2020-01-261-0/+6
|
* Rewrite IP ban managementArthurHoaro2019-02-092-86/+227
| | | | | | | This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager. IPs are now stored in the same format as the datastore, through FileUtils. Fixes #1032 #587
* Merge pull request #1182 from ArthurHoaro/feature/session-protection-stay-loginArthurHoaro2019-02-091-0/+3
|\ | | | | Do not check the IP address with session protection disabled
| * Do not check the IP address with session protection disabledArthurHoaro2018-07-171-0/+3
| | | | | | | | | | | | This allows the user to stay logged in if his IP changes. Fixes #1106
* | lint: apply phpcbf to application/VirtualTam2018-12-021-1/+0
|/ | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* SessionManager+LoginManager: fix checkLoginState logicVirtualTam2018-06-022-2/+5
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Add test coverage for LoginManager methodsVirtualTam2018-06-021-5/+4
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* SessionManager: remove unused UID tokenVirtualTam2018-06-021-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor LoginManager stay-signed-in token managementVirtualTam2018-06-022-7/+33
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor session and cookie timeout controlVirtualTam2018-06-022-14/+39
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Move LoginManager and SessionManager to the Security namespaceVirtualTam2018-06-022-0/+417
Signed-off-by: VirtualTam <virtualtam@flibidi.net>