glitchier-soc

Commit Graph

Author	SHA1	Message	Date
Mathieu Brunot	bd8dc9bd0c	✨ Add an LDAP Mail attribute config (#12053 ) Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>	5 years ago
Mathieu Brunot	d70268f099	✨ Convert LDAP username (#12461 ) * ✨ Convert LDAP username #12021 Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix conversion var use Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix LDAP uid conversion test Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove comments with ref to PR Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove unnecessary paranthesis Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🔧 Move space in conversion string Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>	5 years ago
Eugen Rochko	a1f04c1e34	Fix authentication before 2FA challenge (#11943 ) Regression from #11831	5 years ago
Eugen Rochko	c707ef49d9	Fix 2FA challenge and password challenge for non-database users (#11831 ) * Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691	5 years ago
Moritz Heiber	ecf40d09ed	Disable Same-Site cookie implementation to fix SSO issues on WebKit browsers (#9819 )	6 years ago
Sorin Davidoi	6f3d934bc1	feat(cookies): Use the same-site attribute to lax (#8626 ) CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site.	6 years ago
Immae	b0f4fe456b	Add ldap search filter (#8151 )	6 years ago
abcang	69bf116345	Add secure option to additional cookie (#8069 )	6 years ago
Eugen Rochko	ac49c7932d	Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845 ) Fix #6816, fix #6790	7 years ago
Alexander	33ee347c99	rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833 )	7 years ago
Alexander	42fe05dea1	fix logic for pam_controlled_service (#6599 )	7 years ago
Eugen Rochko	47bdb9b33b	Fix #942 : Seamless LDAP login (#6556 )	7 years ago
Eugen Rochko	38e0133e1b	Make PAM gem optional, allow configuration over environment (#6415 )	7 years ago
Alexander	04fef7b888	pam authentication (#5303 ) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style	7 years ago
Patrick Figel	04ecf44c2f	Add confirmation step for email changes (#6071 ) * Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes	7 years ago
Eugen Rochko	40be4ea239	Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587 ) Force SSL only cookies for remember_me, adjust confirmation expiration time to fit with the user cleanup scheduler	7 years ago
Eugen Rochko	8d6c3cd48a	Fix sessions being replaced needlessly (#4292 )	7 years ago
Eugen Rochko	00df69bc89	Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091 ) * Fix #4058 - Use a long-lived cookie to keep track of user-level sessions * Fix tests, smooth migrate from previous session-based identifier	7 years ago
Eugen Rochko	f7301bd5b9	Add overview of active sessions (#3929 ) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test	7 years ago
Sorin Davidoi	2211e8d1cd	Revocable sessions (#3616 ) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations	7 years ago
Patrick Figel	df4ff9a8e1	Add recovery code support for two-factor auth (#1773 ) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names	8 years ago
Yann GUERN	a85d4473aa	Avoid user enumeration with devise paranoid mode (#1527 )	8 years ago
Eugen Rochko	76e970c856	Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled) Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit	8 years ago
Eugen Rochko	ba192f12e3	Added optional two-factor authentication	8 years ago
Eugen Rochko	116ab27e08	i18n for devise mailer too	8 years ago
Eugen Rochko	2c374cd97c	Adding e-mail configuration	9 years ago
Eugen Rochko	ab6696e855	Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.	9 years ago
Eugen Rochko	7e93da3f8d	Removing grape and adding devise	9 years ago

28 Commits (99f8f6b07a3315503e7bb1499065953b90ecc5ec)