Commit Graph

35 Commits (8ed927dbd2b54aaabe6be75f9fcf4145e2c3249a)

Author SHA1 Message Date
Jacek Tomasiak 0c38dc8456 Improve missing token check
Avoid "E_NOTICE (8) (classes/userhelper.php:78) Undefined index:
csrf_token" in logs.
4 years ago
Andrew Dolgov 0acd33abe3 OTP: generate longer secrets, also make them easier to read/copy 4 years ago
Andrew Dolgov 2cd159e2ce use separate database column for OTP secrets (migrate previous format if needed) 4 years ago
Andrew Dolgov fe06416f17 sessions: stop validating against hash of user agent because chromium is sending
different agent headers for whatever reason, example:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36

seems to be related, at least, to App.postOpenWindow() hack.
4 years ago
Andrew Dolgov d6629ed188 move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class 4 years ago
Andrew Dolgov 031ee47a3e don't try to pass string literal NOW() to ORM as a timestamp 4 years ago
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 4 years ago
Andrew Dolgov 127a868e40 userhelper: use orm for some things 4 years ago
Andrew Dolgov 6359259dbb simplify internal authentication code and bump default algo to SSHA-512 4 years ago
Andrew Dolgov ebf16a36a1 remove a bunch of return type hints that didn't quite fit 4 years ago
Andrew Dolgov 3fd7856543 * switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
4 years ago
Andrew Dolgov 89ad25405e userhelper: only notify failed login for actual logins 4 years ago
Andrew Dolgov 8915bd1b21 fix crash caused by non-numeric non-null _SESSION[uid] passed to sql logger 4 years ago
Andrew Dolgov dcf0135285 logger: shorter syntax 4 years ago
Andrew Dolgov 59c14e9c00 api: remove base64 encoded passwords (wtf), log all authentication failures in userhelper 4 years ago
Andrew Dolgov efd196839a stop caching schema version entirely, fix some session_start() related warnings 4 years ago
Andrew Dolgov c96172fa04 use constants in get_pref()/set_pref() 4 years ago
Andrew Dolgov bd2314170d implement prefs UI based on new prefs class and a few more things 4 years ago
Andrew Dolgov 988eb3ac91 initial (wip) for new prefs 4 years ago
Andrew Dolgov e4107ac952 wip: initial for config object 4 years ago
Andrew Dolgov fc0ebf0891 move bookmarklet-related methods out of public.php into the plugin 4 years ago
Andrew Dolgov 9d7ba773ec move session-related functions to their own namespace 4 years ago
Andrew Dolgov 39604bedef move reset_password to UserHelper 4 years ago
Andrew Dolgov 8e79f1717d prefs: unify naming 4 years ago
Andrew Dolgov a8cc43a0ff move logout_user() to UserHelper 4 years ago
Andrew Dolgov 71dfc83466 force _ENABLED_PLUGINS to string when passed to pluginhost 4 years ago
Andrew Dolgov 09e9f34bb4 add UserHelper::find_user_by_login() and rewrite some user checks to invoke it instead of going through PDO 4 years ago
Andrew Dolgov 51d2deeea9 fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost 4 years ago
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 4 years ago
Andrew Dolgov 403dca154c initial WIP for php8; bump php version requirement to 7.0 4 years ago
Andrew Dolgov 40f38fc87f pluginhost: load plugin data automatically (also marks load_data method as private) 4 years ago
Andrew Dolgov 4e3ef7a4dd get_user_ip: remove REMOTEADDR for the time being 4 years ago
Andrew Dolgov a8302fb253 use X-Real-IP headers if possible while authenticating 4 years ago
Andrew Dolgov 6811d0bde2 use self:: in some places to invoke static methods from the same class 4 years ago
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 4 years ago