Andrew Dolgov
|
0acd33abe3
|
OTP: generate longer secrets, also make them easier to read/copy
|
4 years ago |
Andrew Dolgov
|
52d1a5c96d
|
gettextify previous
|
4 years ago |
Andrew Dolgov
|
580eccd3da
|
throttle login attempts, controlled by Config::AUTH_MIN_INTERVAL
|
4 years ago |
Andrew Dolgov
|
4949e1a590
|
valid OTP code should not be enough to login, oops
|
4 years ago |
Andrew Dolgov
|
4fda5ccd0e
|
fix a bunch of bookmarklets login forms not leading back
|
4 years ago |
Andrew Dolgov
|
031ee47a3e
|
don't try to pass string literal NOW() to ORM as a timestamp
|
4 years ago |
Andrew Dolgov
|
8b1a2406e6
|
userhelper: use orm for a few more user-related things
|
4 years ago |
Andrew Dolgov
|
2d1391a02b
|
come to think of it, we don't need it at all
|
4 years ago |
Andrew Dolgov
|
dbad39d7a2
|
auth_internal: don't try to get otp_enabled on old schema
|
4 years ago |
Andrew Dolgov
|
6359259dbb
|
simplify internal authentication code and bump default algo to SSHA-512
|
4 years ago |
Andrew Dolgov
|
20a844085f
|
hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null)
|
4 years ago |
Andrew Dolgov
|
bada1601fc
|
OTP form: simplify layout, use dojo controls
|
4 years ago |
Andrew Dolgov
|
3fd7856543
|
* switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
|
4 years ago |
Andrew Dolgov
|
167c9fc34e
|
silence php8 warnings in otp secondary login form
|
4 years ago |
Andrew Dolgov
|
e4107ac952
|
wip: initial for config object
|
4 years ago |
Andrew Dolgov
|
15fd23c374
|
use shortcut echo syntax for php templates
|
4 years ago |
Andrew Dolgov
|
7af8744c85
|
authentication: make logins case-insensitive (force lowercase)
|
4 years ago |
Andrew Dolgov
|
51d2deeea9
|
fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
|
4 years ago |
Andrew Dolgov
|
6e774a58fe
|
more php8 fixes mostly related to login
|
4 years ago |
Andrew Dolgov
|
d8619b9a84
|
auth_internal: cast OTP code to integer before trying to check it
|
4 years ago |
Andrew Dolgov
|
0757ad0406
|
auth_internal: use type-strict comparison when checking OTP code
|
4 years ago |
Andrew Dolgov
|
1f2a721905
|
allow overriding built-in templates via templates.local
|
5 years ago |
Andrew Dolgov
|
4ab3854aed
|
don't generate default.css, replace with themes/light.css as a default root CSS file
|
5 years ago |
Andrew Dolgov
|
f6090655bf
|
2fa: check TOTP based on previous secret values (oops of the year, 2019)
|
5 years ago |
Andrew Dolgov
|
812a6c9f16
|
auth_internal: fix indents
|
5 years ago |
Andrew Dolgov
|
249130e58d
|
implement app password checking / management UI
|
5 years ago |
Andrew Dolgov
|
68b0380118
|
add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
|
5 years ago |
Andrew Dolgov
|
178bcd4349
|
auth_internal: fix OTP seed checking
|
5 years ago |
Andrew Dolgov
|
ef514bc4bd
|
add notifications for mail and password changes
update and shorten some other message templates
|
5 years ago |
Andrew Dolgov
|
54c1b5c611
|
fill in some missing doctypes; use short doctype where it wasn't
|
6 years ago |
Andrew Dolgov
|
3b057d5f02
|
OTP: css fixes
|
6 years ago |
Andrew Dolgov
|
add9b37ab5
|
auth_internal: load Base32 using proper namespace
|
7 years ago |
cac2s
|
c3637c4d9d
|
set charset to "utf-8"
|
7 years ago |
Andrew Dolgov
|
09bc54c690
|
further stylesheet simplification related fixes
|
7 years ago |
Andrew Dolgov
|
b431d52520
|
auth_remote: use PDO
|
7 years ago |
Andrew Dolgov
|
7d960ce7e9
|
auth_internal: use PDO + other fixes
|
7 years ago |
Andrew Dolgov
|
a0dfd7ef88
|
fix several login parameters not being passed through OTP form
|
11 years ago |
Andrew Dolgov
|
cdbcb2778a
|
move Zoom stylesheet to a separate file
update stylesheet/javascript tag helpers to return output instead of
printing it
|
11 years ago |
Andrew Dolgov
|
5bbc4bb4b0
|
move stylesheets to css/, reference default tt-rss stylesheets from
default.css to make custom themes easier
|
12 years ago |
Rasmus Lerdorf
|
6f7798b643
|
Fixing bugs found by static analysis
|
12 years ago |
Andrew Dolgov
|
106a3de91c
|
plugins: bump API version
|
12 years ago |
Andrew Dolgov
|
e441b5837b
|
initial
|
12 years ago |
Andrew Dolgov
|
a42c55f02b
|
fix blank character after opening bracket in function calls
|
12 years ago |
Andrew Dolgov
|
6322ac79a0
|
remove $link
|
12 years ago |
Andrew Dolgov
|
da1e51cdfb
|
add some styling to otp form
|
12 years ago |
Andrew Dolgov
|
6f148528dc
|
set otp field to autocomplete=off
|
12 years ago |
Andrew Dolgov
|
9c3a4f293c
|
remove password type from otp field
|
12 years ago |
Andrew Dolgov
|
3972bf5981
|
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
|
12 years ago |
Andrew Dolgov
|
e938b1de11
|
rename plugin main class files
|
12 years ago |
Andrew Dolgov
|
0f28f81f89
|
move authentication modules to plugins/
|
12 years ago |