dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,980 Commits 3 Branches 0 Tags 75 MiB
6a579644f8
Commit Graph

3227 Commits

Author SHA1 Message Date
Christophe Maudoux
6a579644f8 Fix warning (#1842) 2019-07-04 23:20:11 +02:00
Christophe Maudoux
f38a583967 Improve code 2019-07-04 22:50:46 +02:00
Christophe Maudoux
2016abd2ee Send pdata cookie to cross domain (#1829) 2019-07-04 21:49:28 +02:00
Xavier
9cdfd4c9a6 Add notice when user is connected 2019-07-04 21:22:06 +02:00
Clément OUDOT
1ebbde9a50 Tidy code and add missing check on hash_level (#1835) 2019-07-04 09:49:01 +02:00
Xavier
a104db2f2d Clean logs 2019-07-04 07:24:50 +02:00
Xavier
d4fedbdfcf Duplicate log rules in Plugin manpage 2019-07-04 07:09:39 +02:00
Christophe Maudoux
6df12176de Disable secondFactor (#1783) 2019-07-03 23:21:19 +02:00
Christophe Maudoux
2f541370a6 perltidy (#1783) 2019-07-03 23:12:15 +02:00
Christophe Maudoux
03f2d89d0c ContextSwitching: Check (expiration) errors & Improve logs (#1783) 2019-07-03 23:08:50 +02:00
Xavier
ff6a3369a7 Fix warning 2019-07-03 22:34:48 +02:00
Xavier
2354a52e5f Fix warning 2019-07-03 22:32:36 +02:00
Christophe Maudoux
161d6cee0f Fix unit test warning (Auth-and-issuer-OIDC-authorization_code-with-none-alg.t) 2019-07-03 22:17:22 +02:00
Maxime Besson
6f058fb2fa Add manager manpages to deb 2019-07-03 15:17:16 +02:00
Maxime Besson
396e61491e Improve mail2F display in outlook 2019-07-03 11:03:37 +02:00
Xavier
78a4bb4987 ContextSwitching: Check (expiration) errors (#1783) 2019-07-03 06:47:33 +02:00
Christophe Maudoux
5a53fee2db WIP - Improve log (#1783) 2019-07-03 00:09:14 +02:00
Christophe Maudoux
42bc5efdb3 Use skin rules in plugins (#1828) 2019-07-02 22:17:53 +02:00
Christophe Maudoux
9c62a04f22 Improve code (#1783) 2019-07-02 22:08:17 +02:00
Christophe Maudoux
12e0853b51 Improve log (#1783) 2019-07-02 21:33:32 +02:00
Xavier Guimard
c1137edba8 make tidy with perltidy-20181120 2019-07-02 20:03:40 +02:00
Clément OUDOT
26c107cddb Add unit test (#1835) 2019-07-02 17:47:27 +02:00
Clément OUDOT
7c7dad9ab6 Enforce ID token signature verification in unit test (#1835) 2019-07-02 17:27:17 +02:00
Clément OUDOT
e04a6f1983 Reject none algorithm when checking JWT signature (#1835) 2019-07-02 16:36:43 +02:00
Xavier Guimard
f370255c3a Fix Perl dependencies (see RT#129960) 2019-07-02 08:56:12 +02:00
Clément OUDOT
60c03010ce Use Base64URL for JWT generation (#1834) 2019-07-01 17:29:35 +02:00
Xavier Guimard
360db2b5d5 Update manifest 2019-07-01 16:15:25 +02:00
Christophe Maudoux
b94cbe0144 Fix default value (#1825) 2019-07-01 13:28:01 +02:00
Christophe Maudoux
69d2a2db0c Fix default value (#1825) 2019-07-01 12:56:10 +02:00
Christophe Maudoux
a1f5791e06 Merge branch '1783' into v2.0 2019-06-30 19:00:41 +02:00
Christophe Maudoux
bcbea7bee0 Update version (#1825) 2019-06-29 21:48:52 +02:00
Christophe Maudoux
eda8151432 Don t mix && with and (#1825) 2019-06-29 21:35:13 +02:00
Christophe Maudoux
5054f5ac95 Append unit test (#1825) 2019-06-29 21:13:08 +02:00
Christophe Maudoux
11d2909b0a WIP - Disable persistent sessions storage (#1825) 2019-06-29 21:10:16 +02:00
Christophe Maudoux
acd6e5513c Improve unit test (#1783) 2019-06-29 00:16:37 +02:00
Christophe Maudoux
d97c36a97e Disable spoofed sessions (#1783) 2019-06-28 23:53:43 +02:00
Christophe Maudoux
897d04ac93 Merge branch 'v2.0' into 1783 2019-06-28 22:05:48 +02:00
Xavier Guimard
43d5139040 Update versions 2019-06-28 17:04:14 +02:00
Xavier Guimard
f59caf3ea1 Merge branch 'ssl-button-race-fix' into 'v2.0' 
Avoid race when clicking the login button in SSL form (#1826)

See merge request lemonldap-ng/lemonldap-ng!82
 2019-06-28 16:56:46 +02:00
Clément OUDOT
b0a69d3473 Use skin rules in 2F plugins (#1828) 2019-06-28 15:56:57 +02:00
Xavier
c921c295ed Use user skin in loadTemplate (Fixes: #1828) 2019-06-28 13:40:56 +02:00
Christophe Maudoux
87329a26a1 Make manifest 2019-06-28 11:22:23 +02:00
Xavier Guimard
44a6e25851 Improve cryptographic functions (#1823) 2019-06-28 10:30:37 +02:00
Christophe Maudoux
6519695797 Tidy (#1783) 2019-06-27 22:02:11 +02:00
Christophe Maudoux
bb39dca317 Append & update unit tests (#1783) 2019-06-27 21:54:14 +02:00
Christophe Maudoux
6510f854c8 Append unit test (#1783) 2019-06-27 21:13:10 +02:00
Christophe Maudoux
8ad895c3b8 Merge branch 'v2.0' into 1783 2019-06-27 21:11:56 +02:00
Maxime Besson
a7c7c51bba Avoid race when clicking the login button in SSL form (#1826) 2019-06-27 17:05:29 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00