mirrors/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/fox/tt-rss.git synced 2025-10-26 02:11:16 +02:00
Code Issues Projects Releases Wiki Activity
12,437 Commits 6 Branches 0 Tags
Commit Graph

62 Commits

Author SHA1 Message Date
Andrew Dolgov
1dc0c98c51
allow app passwords via auth_internal even if DISABLE_LOGIN_FORM is set 2025-03-14 11:57:48 +03:00
Andrew Dolgov
d373c1f978
add Config::DISABLE_LOGIN_FORM to allow limiting logins to SSO providers 2025-03-14 11:43:25 +03:00
wn_
abcd0e8ba2 Use native union types in most places. 2024-11-23 17:43:24 +00:00
Andrew Dolgov
b8cbb167d4
enforce lowercase usernames while keeping backwards-compatibility for authentication 2024-08-16 14:28:20 +03:00
Andrew Dolgov
a1a2fe40f6
add a separate interface for auth modules w/ change_password() method 2023-10-27 22:29:03 +03:00
Andrew Dolgov
563675de09
* auth_internal OTP form: fix double-urlencode 
* post-login redirect: handle ?return in a less idiotic fashion
 2023-03-23 20:05:03 +03:00
Veit Lehmann
aa2b770e30 add override links to utility views 
This enables `local-overrides.css` and `local-overrides.js` for all utility views, for example to add polyfills, enable responsive styling or to adjust styles globally.
 2023-02-24 00:46:40 +01:00
wn_
a355221e7f Consistently get the self URL. 
This ensures all uses of the self URL get the same normalized/sanitized value.
 2022-11-28 17:40:42 +00:00
Andrew Dolgov
cf1eaeedf3
* add UserHelper methods to manipulate user database (add, modify, delete) 
* expose said methods via CLI (update.php)
 * fix several invocations of deprecated functions
 * set stricter type hints on several method arguments
 2022-06-10 13:39:00 +03:00
Andrew Dolgov
85b974af32 auth_internal: limit password throttling to failed login attempts not using OTP 2021-11-15 13:16:49 +03:00
Andrew Dolgov
f537502fce deal with (most of) phpstan warnings in auth_internal and auth_remote 2021-11-14 21:09:53 +03:00
Andrew Dolgov
81a10f69bc deal with phpstan warnings related to base authentication modules 2021-11-14 10:48:32 +03:00
Andrew Dolgov
87a30d88d3 plugin cleanup re: phpstan 1.0 warnings 2021-11-10 20:58:40 +03:00
Andrew Dolgov
0acd33abe3 OTP: generate longer secrets, also make them easier to read/copy 2021-03-29 19:26:04 +03:00
Andrew Dolgov
52d1a5c96d gettextify previous 2021-03-12 09:35:56 +03:00
Andrew Dolgov
580eccd3da throttle login attempts, controlled by Config::AUTH_MIN_INTERVAL 2021-03-12 09:35:01 +03:00
Andrew Dolgov
4949e1a590 valid OTP code should not be enough to login, oops 2021-03-12 07:32:15 +03:00
Andrew Dolgov
4fda5ccd0e fix a bunch of bookmarklets login forms not leading back 2021-03-04 13:40:54 +03:00
Andrew Dolgov
031ee47a3e don't try to pass string literal NOW() to ORM as a timestamp 2021-03-01 23:07:20 +03:00
Andrew Dolgov
8b1a2406e6 userhelper: use orm for a few more user-related things 2021-03-01 19:32:27 +03:00
Andrew Dolgov
2d1391a02b come to think of it, we don't need it at all 2021-03-01 15:50:41 +03:00
Andrew Dolgov
dbad39d7a2 auth_internal: don't try to get otp_enabled on old schema 2021-03-01 15:49:44 +03:00
Andrew Dolgov
6359259dbb simplify internal authentication code and bump default algo to SSHA-512 2021-03-01 15:24:18 +03:00
Andrew Dolgov
20a844085f hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null) 2021-03-01 12:11:42 +03:00
Andrew Dolgov
bada1601fc OTP form: simplify layout, use dojo controls 2021-02-28 14:18:23 +03:00
Andrew Dolgov
3fd7856543 * switch to composer for qrcode and otp dependencies 
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
 2021-02-26 19:16:17 +03:00
Andrew Dolgov
167c9fc34e silence php8 warnings in otp secondary login form 2021-02-26 14:25:40 +03:00
Andrew Dolgov
e4107ac952 wip: initial for config object 2021-02-22 21:47:48 +03:00
Andrew Dolgov
15fd23c374 use shortcut echo syntax for php templates 2021-02-14 09:15:51 +03:00
Andrew Dolgov
7af8744c85 authentication: make logins case-insensitive (force lowercase) 2021-02-11 09:57:57 +03:00
Andrew Dolgov
51d2deeea9 fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost 2021-02-08 19:11:31 +03:00
Andrew Dolgov
6e774a58fe more php8 fixes mostly related to login 2021-02-06 00:12:15 +03:00
Andrew Dolgov
d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 2020-09-17 16:50:34 +03:00
Andrew Dolgov
0757ad0406 auth_internal: use type-strict comparison when checking OTP code 2020-09-17 08:46:57 +03:00
Andrew Dolgov
1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov
4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
Andrew Dolgov
f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 2019-11-03 20:47:21 +03:00
Andrew Dolgov
812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov
249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov
68b0380118 add placeholder authentication via app passwords if service is passed 
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
 2019-11-01 13:03:06 +03:00
Andrew Dolgov
178bcd4349 auth_internal: fix OTP seed checking 2019-11-01 10:34:31 +03:00
Andrew Dolgov
ef514bc4bd add notifications for mail and password changes 
update and shorten some other message templates
 2019-10-09 09:04:51 +03:00
Andrew Dolgov
54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov
3b057d5f02 OTP: css fixes 2019-02-19 20:17:13 +03:00
Andrew Dolgov
add9b37ab5 auth_internal: load Base32 using proper namespace 2018-06-20 22:15:10 +03:00
cac2s
c3637c4d9d set charset to "utf-8" 2017-12-07 08:34:17 +00:00
Andrew Dolgov
09bc54c690 further stylesheet simplification related fixes 2017-12-03 13:25:34 +03:00
Andrew Dolgov
b431d52520 auth_remote: use PDO 2017-12-03 09:21:08 +03:00
Andrew Dolgov
7d960ce7e9 auth_internal: use PDO + other fixes 2017-12-03 00:18:08 +03:00
Andrew Dolgov
a0dfd7ef88 fix several login parameters not being passed through OTP form 2014-05-03 18:37:08 +00:00