dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,354 Commits 3 Branches 0 Tags 75 MiB
174193e74c
Commit Graph

9354 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Clément OUDOT
069c4ada49 Update packaging files 2019-06-29 22:37:48 +02:00
Clément OUDOT
750557e88b Update documentation 2019-06-29 22:35:59 +02:00
Clément OUDOT
9bb42cf046 Update changelog for 2.0.5 2019-06-29 22:30:26 +02:00
Christophe Maudoux
bcbea7bee0 Update version (#1825) 2019-06-29 21:48:52 +02:00
Christophe Maudoux
eda8151432 Don t mix && with and (#1825) 2019-06-29 21:35:13 +02:00
Christophe Maudoux
3e7f87eca6 Append config. tests (#1825) 2019-06-29 21:32:31 +02:00
Christophe Maudoux
4e97b8dd02 Update lang (#1825) 2019-06-29 21:14:59 +02:00
Christophe Maudoux
5054f5ac95 Append unit test (#1825) 2019-06-29 21:13:08 +02:00
Christophe Maudoux
11d2909b0a WIP - Disable persistent sessions storage (#1825) 2019-06-29 21:10:16 +02:00
Christophe Maudoux
acd6e5513c Improve unit test (#1783) 2019-06-29 00:16:37 +02:00
Christophe Maudoux
d97c36a97e Disable spoofed sessions (#1783) 2019-06-28 23:53:43 +02:00
Christophe Maudoux
897d04ac93 Merge branch 'v2.0' into 1783 2019-06-28 22:05:48 +02:00
Xavier Guimard
43d5139040 Update versions 2019-06-28 17:04:14 +02:00
Xavier Guimard
f59caf3ea1 Merge branch 'ssl-button-race-fix' into 'v2.0' 
Avoid race when clicking the login button in SSL form (#1826)

See merge request lemonldap-ng/lemonldap-ng!82
 2019-06-28 16:56:46 +02:00
Xavier Guimard
ce59789747 Update doc 2019-06-28 16:53:45 +02:00
Clément OUDOT
b0a69d3473 Use skin rules in 2F plugins (#1828) 2019-06-28 15:56:57 +02:00
Clément OUDOT
9336aaa992 Merge branch '1828' into 'v2.0' 
Use user skin in loadTemplate (Fixes: #1828)

See merge request lemonldap-ng/lemonldap-ng!83
 2019-06-28 15:46:13 +02:00
Xavier Guimard
8b7ce08587 Merge branch 'v2.0' 2019-06-28 14:35:30 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Xavier
c411406886 Typo 2019-06-28 13:13:31 +02:00
Christophe Maudoux
87329a26a1 Make manifest 2019-06-28 11:22:23 +02:00
Xavier Guimard
44a6e25851 Improve cryptographic functions (#1823) 2019-06-28 10:30:37 +02:00
Xavier
c8d38d52a6 Merge branch 'crypto-improvements' 2019-06-27 22:15:19 +02:00
Xavier
cbde82bdfc Fix HMAC verif 2019-06-27 22:12:57 +02:00
Xavier
1a1ccd7568 Merge branch 'crypto-improvements' 2019-06-27 22:03:05 +02:00
Christophe Maudoux
6519695797 Tidy (#1783) 2019-06-27 22:02:11 +02:00
Xavier
2fcaf52bcf Better random string generation (#1803) 2019-06-27 21:59:18 +02:00
Christophe Maudoux
bb39dca317 Append & update unit tests (#1783) 2019-06-27 21:54:14 +02:00
Christophe Maudoux
6510f854c8 Append unit test (#1783) 2019-06-27 21:13:10 +02:00
Christophe Maudoux
8ad895c3b8 Merge branch 'v2.0' into 1783 2019-06-27 21:11:56 +02:00
Xavier
b1f12b72e5 Add MAC verification to crypto 2019-06-27 20:48:01 +02:00
Xavier Guimard
cc8c5e057e Use IV for *cryptHex methods 2019-06-27 19:36:01 +02:00
Xavier Guimard
9d5d1f6cd5 Don't use Crypt::URandom inside jail: this import file access libraries 2019-06-27 19:10:51 +02:00
Xavier Guimard
0b1643c294 Add an initialization vector in crypt methods 2019-06-27 18:39:01 +02:00
Xavier Guimard
e23611b73b Avoid failure with future Perl (warnings reserved) 2019-06-27 17:41:24 +02:00
Clément OUDOT
e53129568a Set some default values for lemonldap-ng-cli info (#1827) 2019-06-27 17:29:56 +02:00
Xavier Guimard
4b48f95507 Move missing deps in the good place (#1824) 2019-06-27 17:08:21 +02:00
Maxime Besson
a7c7c51bba Avoid race when clicking the login button in SSL form (#1826) 2019-06-27 17:05:29 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Christophe Maudoux
8f834f5bb8 Append use directive (#1824) 2019-06-27 13:27:05 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00
Christophe Maudoux
859d7fad79 Update fr.json 2019-06-27 10:49:59 +02:00
Xavier Guimard
c7cb6594dd Fix bad merge 2019-06-27 10:24:44 +02:00
Xavier Guimard
72439d341f Merge branch 'v2.0' 2019-06-27 07:59:37 +02:00
Xavier Guimard
167b3df4b4 Merge branch 'fix-2f-upgradesession' into 'v2.0' 
Add authenticated routes to 2FA for session upgrade (#1822)

See merge request lemonldap-ng/lemonldap-ng!80
 2019-06-27 07:57:29 +02:00
Maxime Besson
5f9c4c231d Add authenticated routes to 2FA for session upgrade (#1822) 2019-06-26 23:33:00 +02:00
Maxime Besson
98650cd9f0 Add unit test for #1821 2019-06-26 22:13:12 +02:00
Xavier
3582cfb12b Don't keep pdata on upgrade (Fixes: #1821) 2019-06-26 21:47:01 +02:00
Xavier Guimard
a42c5f9f71 Clean tests (#1819) 2019-06-26 13:17:26 +02:00
Xavier Guimard
e15a41bc66 Fix typo: s/templatesDir/templateDir/g (#1819) 2019-06-26 11:59:13 +02:00