Commit Graph

50 Commits (6c06a26649459b33070281132f9977480c87d3c1)

Author SHA1 Message Date
Andrew Dolgov 0acd33abe3 OTP: generate longer secrets, also make them easier to read/copy 4 years ago
Andrew Dolgov 52d1a5c96d gettextify previous 4 years ago
Andrew Dolgov 580eccd3da throttle login attempts, controlled by Config::AUTH_MIN_INTERVAL 4 years ago
Andrew Dolgov 4949e1a590 valid OTP code should not be enough to login, oops 4 years ago
Andrew Dolgov 4fda5ccd0e fix a bunch of bookmarklets login forms not leading back 4 years ago
Andrew Dolgov 031ee47a3e don't try to pass string literal NOW() to ORM as a timestamp 4 years ago
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 4 years ago
Andrew Dolgov 2d1391a02b come to think of it, we don't need it at all 4 years ago
Andrew Dolgov dbad39d7a2 auth_internal: don't try to get otp_enabled on old schema 4 years ago
Andrew Dolgov 6359259dbb simplify internal authentication code and bump default algo to SSHA-512 4 years ago
Andrew Dolgov 20a844085f hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null) 4 years ago
Andrew Dolgov bada1601fc OTP form: simplify layout, use dojo controls 4 years ago
Andrew Dolgov 3fd7856543 * switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
4 years ago
Andrew Dolgov 167c9fc34e silence php8 warnings in otp secondary login form 4 years ago
Andrew Dolgov e4107ac952 wip: initial for config object 4 years ago
Andrew Dolgov 15fd23c374 use shortcut echo syntax for php templates 4 years ago
Andrew Dolgov 7af8744c85 authentication: make logins case-insensitive (force lowercase) 4 years ago
Andrew Dolgov 51d2deeea9 fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost 4 years ago
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 4 years ago
Andrew Dolgov d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 4 years ago
Andrew Dolgov 0757ad0406 auth_internal: use type-strict comparison when checking OTP code 4 years ago
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 5 years ago
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 5 years ago
Andrew Dolgov f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 5 years ago
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 5 years ago
Andrew Dolgov 249130e58d implement app password checking / management UI 5 years ago
Andrew Dolgov 68b0380118 add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
5 years ago
Andrew Dolgov 178bcd4349 auth_internal: fix OTP seed checking 5 years ago
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
5 years ago
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 6 years ago
Andrew Dolgov 3b057d5f02 OTP: css fixes 6 years ago
Andrew Dolgov add9b37ab5 auth_internal: load Base32 using proper namespace 7 years ago
cac2s c3637c4d9d set charset to "utf-8" 7 years ago
Andrew Dolgov 09bc54c690 further stylesheet simplification related fixes 7 years ago
Andrew Dolgov b431d52520 auth_remote: use PDO 7 years ago
Andrew Dolgov 7d960ce7e9 auth_internal: use PDO + other fixes 7 years ago
Andrew Dolgov a0dfd7ef88 fix several login parameters not being passed through OTP form 11 years ago
Andrew Dolgov cdbcb2778a move Zoom stylesheet to a separate file
update stylesheet/javascript tag helpers to return output instead of
printing it
11 years ago
Andrew Dolgov 5bbc4bb4b0 move stylesheets to css/, reference default tt-rss stylesheets from
default.css to make custom themes easier
12 years ago
Rasmus Lerdorf 6f7798b643 Fixing bugs found by static analysis 12 years ago
Andrew Dolgov 106a3de91c plugins: bump API version 12 years ago
Andrew Dolgov e441b5837b initial 12 years ago
Andrew Dolgov a42c55f02b fix blank character after opening bracket in function calls 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov da1e51cdfb add some styling to otp form 12 years ago
Andrew Dolgov 6f148528dc set otp field to autocomplete=off 12 years ago
Andrew Dolgov 9c3a4f293c remove password type from otp field 12 years ago
Andrew Dolgov 3972bf5981 db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close() 12 years ago
Andrew Dolgov e938b1de11 rename plugin main class files 12 years ago
Andrew Dolgov 0f28f81f89 move authentication modules to plugins/ 12 years ago