dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9,273 Commits 3 Branches 0 Tags 75 MiB
e32eb491d2
Commit Graph

9273 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xavier Guimard
cc8c5e057e Use IV for *cryptHex methods 2019-06-27 19:36:01 +02:00
Xavier Guimard
9d5d1f6cd5 Don't use Crypt::URandom inside jail: this import file access libraries 2019-06-27 19:10:51 +02:00
Xavier Guimard
0b1643c294 Add an initialization vector in crypt methods 2019-06-27 18:39:01 +02:00
Xavier Guimard
e23611b73b Avoid failure with future Perl (warnings reserved) 2019-06-27 17:41:24 +02:00
Clément OUDOT
e53129568a Set some default values for lemonldap-ng-cli info (#1827) 2019-06-27 17:29:56 +02:00
Xavier Guimard
4b48f95507 Move missing deps in the good place (#1824) 2019-06-27 17:08:21 +02:00
Maxime Besson
a7c7c51bba Avoid race when clicking the login button in SSL form (#1826) 2019-06-27 17:05:29 +02:00
Xavier Guimard
264410409d Move CAS service verification from main to Issuer::CAS (#1795) 2019-06-27 16:55:12 +02:00
Christophe Maudoux
8f834f5bb8 Append use directive (#1824) 2019-06-27 13:27:05 +02:00
Maxime Besson
e1f927a195 Check service= parameter on CAS logout (#1795) 
service= redirect URL is not checked when logging out from CAS, to avoid
insecure redirect attacks. The verification is only made if CAS access
control is enabled.

In order for this to work in common cases (applications redirects to an
unprotected page after logout), we add CAS App domains to the list of
globally trusted domains.

If your application wants to redirect to a third-party domain, it needs
to be added to LLNG's trustedDomains
 2019-06-27 12:40:40 +02:00
Christophe Maudoux
859d7fad79 Update fr.json 2019-06-27 10:49:59 +02:00
Xavier Guimard
c7cb6594dd Fix bad merge 2019-06-27 10:24:44 +02:00
Xavier Guimard
72439d341f Merge branch 'v2.0' 2019-06-27 07:59:37 +02:00
Xavier Guimard
167b3df4b4 Merge branch 'fix-2f-upgradesession' into 'v2.0' 
Add authenticated routes to 2FA for session upgrade (#1822)

See merge request lemonldap-ng/lemonldap-ng!80
 2019-06-27 07:57:29 +02:00
Maxime Besson
5f9c4c231d Add authenticated routes to 2FA for session upgrade (#1822) 2019-06-26 23:33:00 +02:00
Maxime Besson
98650cd9f0 Add unit test for #1821 2019-06-26 22:13:12 +02:00
Xavier
3582cfb12b Don't keep pdata on upgrade (Fixes: #1821) 2019-06-26 21:47:01 +02:00
Xavier Guimard
a42c5f9f71 Clean tests (#1819) 2019-06-26 13:17:26 +02:00
Xavier Guimard
e15a41bc66 Fix typo: s/templatesDir/templateDir/g (#1819) 2019-06-26 11:59:13 +02:00
Xavier Guimard
45a0b68c3b Disable external entities in XML parsers (Fixes: #1818) 2019-06-26 11:32:10 +02:00
Xavier Guimard
c222fb4009 Update tr 2019-06-26 07:50:31 +02:00
Xavier
400b9eaab9 Revert "Better password generation (#1803)" 
This reverts commit b4ec8eaeeb.
 2019-06-26 06:19:07 +02:00
Christophe Maudoux
f11c34e9cd Cleaning code (#1783 & #1658) 2019-06-25 23:04:27 +02:00
Christophe Maudoux
f5587ac477 Improve code (#1783) 2019-06-25 22:01:20 +02:00
Xavier
b4ec8eaeeb Better password generation (Fixes: #1803) 2019-06-25 21:01:57 +02:00
Christophe Maudoux
73cd751bfd Update manifest & copying (#1783) 2019-06-25 20:52:40 +02:00
Christophe Maudoux
0b567d6c15 Merge branch 'v2.0' into 1783 2019-06-25 20:23:48 +02:00
Christophe Maudoux
b9af5d1adc Use Id 2019-06-25 19:30:06 +02:00
Christophe Maudoux
7a97bc46c4 Improve code (#1783) 2019-06-25 19:28:05 +02:00
Christophe Maudoux
13ed1589e4 Update lang 2019-06-25 19:03:04 +02:00
Xavier Guimard
a6a25f0aa5 Fix randomly CI failure (#1797) 2019-06-25 17:46:49 +02:00
Xavier Guimard
3d1be3e7e5 Set negetive values for PE_PASSWORD_OK and PE_LOGOUT_OK (Fixes: #1816) 2019-06-25 17:38:08 +02:00
Xavier Guimard
1c0ffb3e83 Import v2.0 tests 2019-06-25 17:20:27 +02:00
Xavier Guimard
1b4600b15c Merge branch 'v2.0' 2019-06-25 17:14:00 +02:00
Xavier Guimard
e91f6df254 Fix test count (#1813) 2019-06-25 10:00:46 +02:00
Xavier Guimard
390ccb4f5b Fix Apache::Session::REST::get_key_from_all_sessions when using CODE (#1813) 2019-06-25 09:48:15 +02:00
Xavier Guimard
93ccb9fd76 Set Content-Length in Apache::Session::REST requests (#1813) 2019-06-25 09:37:37 +02:00
Xavier Guimard
ddde26fa1c Add searchOn() in Apache::Session::REST (#1813) 2019-06-25 09:18:58 +02:00
Christophe Maudoux
32cb9e3a8f Delete session (#1783) 2019-06-24 23:52:39 +02:00
Christophe Maudoux
266f2fdf02 Merge branch 'v2.0' into 1783 2019-06-24 23:36:54 +02:00
Christophe Maudoux
786e136754 Create session with ContextSwitching plugin (#1783) 2019-06-24 23:36:23 +02:00
Christophe Maudoux
28fd7ea0b8 Change log level (#1664) 2019-06-24 23:35:33 +02:00
Xavier
c5d6bc42b6 Add get_key_from_all_sessions in Apache::Session::REST (#1813) 2019-06-24 23:07:34 +02:00
Xavier
9df3d57bc9 In REST, PE_LOGOUT_OK must return 200 2019-06-24 23:06:15 +02:00
Xavier Guimard
442a26a537 Remove localStorage purge (see #1815) 2019-06-24 19:05:10 +02:00
Xavier Guimard
2cb221b4e0 Set cache_depth to 3 in local config cache (Fixes: #1814) 2019-06-24 18:51:15 +02:00
Xavier Guimard
4bfad92530 Merge branch 'v2.0' 2019-06-24 11:46:57 +02:00
Xavier Guimard
f9fb8a2772 Update manager JS 2019-06-24 11:45:53 +02:00
Xavier Guimard
1c17c6b077 Update portal JS 2019-06-24 11:38:00 +02:00
Christophe Maudoux
5efa6c111a Append log (#1783) 2019-06-23 22:56:05 +02:00