glitchier-soc

Commit Graph

Author	SHA1	Message	Date
Mathieu Brunot	128a7ab7eb	✨ Add an LDAP Mail attribute config (#12053 ) Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>	5 years ago
Mathieu Brunot	462788cb12	✨ Convert LDAP username (#12461 ) * ✨ Convert LDAP username #12021 Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix conversion var use Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🐛 Fix LDAP uid conversion test Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove comments with ref to PR Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 👌 Remove unnecessary paranthesis Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io> * 🔧 Move space in conversion string Signed-off-by: mathieu.brunot <mathieu.brunot@monogramm.io>	5 years ago
Eugen Rochko	3773115066	Fix authentication before 2FA challenge (#11943 ) Regression from #11831	5 years ago
Eugen Rochko	8eb0d880cb	Fix 2FA challenge and password challenge for non-database users (#11831 ) * Fix 2FA challenge not appearing for non-database users Fix #11685 * Fix account deletion not working when using external login Fix #11691	5 years ago
Moritz Heiber	f2cefd9d73	Disable Same-Site cookie implementation to fix SSO issues on WebKit browsers (#9819 )	6 years ago
Sorin Davidoi	0b1c90bf88	feat(cookies): Use the same-site attribute to lax (#8626 ) CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site.	6 years ago
Immae	cbaabe0215	Add ldap search filter (#8151 )	6 years ago
abcang	b46416fe47	Add secure option to additional cookie (#8069 )	6 years ago
Eugen Rochko	59b3b38b0e	Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845 ) Fix #6816, fix #6790	7 years ago
Alexander	af08f6042d	rename pam email environment variable to something more understandable and default to LOCAL_DOMAIN (better fallback) (#6833 )	7 years ago
Alexander	988f6505e4	fix logic for pam_controlled_service (#6599 )	7 years ago
Eugen Rochko	9721b7746a	Fix #942 : Seamless LDAP login (#6556 )	7 years ago
Eugen Rochko	555e7205da	Make PAM gem optional, allow configuration over environment (#6415 )	7 years ago
Alexander	23ce0c86da	pam authentication (#5303 ) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style	7 years ago
Patrick Figel	3c20cfd734	Add confirmation step for email changes (#6071 ) * Add confirmation step for email changes This adds a confirmation step for email changes of existing users. Like the initial account confirmation, a confirmation link is sent to the new address. Additionally, a notification is sent to the existing address when the change is initiated. This message includes instruction to reset the password immediately or to contact the instance admin if the change was not initiated by the account owner. Fixes #3871 * Add review fixes	7 years ago
Eugen Rochko	506508f30c	Extend Devise remember_me longevity to 1 year instead of 2 weeks (#4587 ) Force SSL only cookies for remember_me, adjust confirmation expiration time to fit with the user cleanup scheduler	7 years ago
Eugen Rochko	f3e8fca1a7	Fix sessions being replaced needlessly (#4292 )	7 years ago
Eugen Rochko	0217e15dd3	Fix #4058 - Use a long-lived cookie to keep track of user-level sessions (#4091 ) * Fix #4058 - Use a long-lived cookie to keep track of user-level sessions * Fix tests, smooth migrate from previous session-based identifier	7 years ago
Eugen Rochko	c465c5b3a8	Add overview of active sessions (#3929 ) * Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test	7 years ago
Sorin Davidoi	1280559503	Revocable sessions (#3616 ) * feat: Revocable sessions * fix: Tests using sign_in * feat: Configuration entry for the maximum number of session activations	7 years ago
Patrick Figel	15b393201e	Add recovery code support for two-factor auth (#1773 ) * Add recovery code support for two-factor auth When users enable two-factor auth, the app now generates ten single-use recovery codes. Users are encouraged to print the codes and store them in a safe place. The two-factor prompt during login now accepts both OTP codes and recovery codes. The two-factor settings UI allows users to regenerated lost recovery codes. Users who have set up two-factor auth prior to this feature being added can use it to generate recovery codes for the first time. Fixes #563 and fixes #987 * Set OTP_SECRET in test enviroment * add missing .html to view file names	8 years ago
Yann GUERN	dc7ea0225a	Avoid user enumeration with devise paranoid mode (#1527 )	8 years ago
Eugen Rochko	0bf8c1b5d8	Do not automatically login after password reset, as it would circumvent two-factor auth (if enabled) Do not require e-mail address changes to be re-confirmed, it's only trouble for no real benefit	8 years ago
Eugen Rochko	9b8670c939	Added optional two-factor authentication	8 years ago
Eugen Rochko	0e0b4f9e59	i18n for devise mailer too	8 years ago
Eugen Rochko	2c374cd97c	Adding e-mail configuration	9 years ago
Eugen Rochko	ab6696e855	Adding doorkeeper, adding a REST API POST /api/statuses Params: status (text contents), in_reply_to_id (optional) GET /api/statuses/:id POST /api/statuses/:id/reblog GET /api/accounts/:id GET /api/accounts/:id/following GET /api/accounts/:id/followers POST /api/accounts/:id/follow POST /api/accounts/:id/unfollow POST /api/follows Params: uri (e.g. user@domain) OAuth authentication is currently disabled, but the API can be used with HTTP Auth.	9 years ago
Eugen Rochko	7e93da3f8d	Removing grape and adding devise	9 years ago

28 Commits (db15d0c975696f40a857c339c53eeed697e0aa87)