Commit Graph

43 Commits

Author SHA1 Message Date
Ralf Becker
deb482aca3 suppress warning if session already active (trace logs the password) 2020-02-26 13:51:58 +01:00
Ralf Becker
4a14e0d36b ignore exception, as it blocks session creation, if database is not writable 2020-02-19 15:39:29 +01:00
Ralf Becker
1559b017d7 validate IP address in X-Forwarded-For header 2020-01-30 13:21:56 +01:00
Ralf Becker
7b30bb7b0d * Admin: optional session-action column in access-log and sessions
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
Ralf Becker
2df0095579 fix typo 2019-12-05 08:57:26 +02:00
Ralf Becker
e305ba1d23 ignore logging of session dla only for max. of 15 min, so session status is displayed correct 2019-12-02 16:27:17 +02:00
Ralf Becker
7cd4169768 * all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy 2019-11-15 13:54:34 +01:00
Ralf Becker
302800b414 new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
8f6df975fe also remove /api/thumbnail.php from access-log updates 2019-10-29 13:20:23 +01:00
Ralf Becker
cad1ec2aaf fix regular expression to not update access-log for avatar 2019-10-22 09:58:18 +02:00
Ralf Becker
71d3e3a80c ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates 2019-09-27 15:59:10 +02:00
Ralf Becker
3967d2a3b6 fix aborted WebAuthn not treated as failure of 2nd factor, if registered 2019-09-06 10:36:21 +02:00
Ralf Becker
681679382c * Api: no longer loggin last-logintime of anonymous user
to not block website and also to better cope with high rate anon endpoints 
might be called creating a bottleneck in the egw_accounts table.
2019-08-19 16:51:13 +02:00
Ralf Becker
2776d215e2 * Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth 2019-08-03 18:37:18 +02:00
Ralf Becker
ad3576903a allow to disable or require 2-Factor-Auth 2019-06-07 20:28:49 +02:00
Ralf Becker
eb286c6144 missing changes in Session class for 2FA 2019-06-05 15:29:44 +02:00
Ralf Becker
bf2de7f653 * Admin: white-list IP addresses from blocking or set higher number of attempts 2019-04-26 17:11:54 +02:00
Ralf Becker
983bf15041 remove further private IPs from proxys (incl. space after comma) 2019-04-22 23:44:51 +02:00
Ralf Becker
4622c28bb2 remove further private IPs from proxys 2019-04-22 23:20:41 +02:00
nathangray
19ead4c1cc Fix some more PHP 7.2 warnings
Remove some calls to deprecated each()
2018-12-18 09:49:29 -07:00
Ralf Becker
7b69f8cfa5 * Api/Filemanager/WebDAV: fix SQL error if login error or WebDAV path contains non-ascii chars
in that case we transliterate these to ascii for storage in egw_access_log table, which only allows ascii chars
2018-12-10 16:47:16 +01:00
Ralf Becker
7ba77356d5 new "session_created" hook 2018-06-18 09:07:14 +02:00
Ralf Becker
7c1a481d97 fix shutdown functions did not have $GLOBALS[egw] set, caused by session created by MServer 2018-04-11 15:04:48 +02:00
Ralf Becker
98376b5908 * PHP 7.2: fix several PHP Fatal errors and warnings stalling installation and usage 2018-04-09 16:02:00 +02:00
Ralf Becker
f800ab008b if we can not store failed login attempts in database, store it in cache 2018-02-28 18:01:32 +01:00
Ralf Becker
f4927d7e0b * Filemanager/Sharing: fix PHP 7.1 error causing auth request to popup
Session only stores app-names and $GLOBALS[egw_info][user][apps] gets restored from $GLOBALS[egw_info][apps] for the allowed app-names. Check if we need to restore from installed apps array was using is_array($GLOBALS[egw_info][user][apps][api]) instead or isset($GLOBALS[egw_info][user][apps][0]), as check if it is a real, non associative array
2018-02-14 09:03:14 +01:00
Ralf Becker
96413c1096 fix no translations loaded, by keeping just that pref in the session, as it is used before rest of prefs get restored 2017-04-05 10:02:41 +02:00
Ralf Becker
2adeddce8d do NOT store user preferences and apps in session, we restore them from instance cache 2017-04-04 19:13:43 +02:00
Ralf Becker
acfcd24983 fix not updated logout time on new farm 2017-03-01 13:36:42 +01:00
Ralf Becker
d6590cbf64 fix PHP Fatal, if debug is enabled 2017-02-27 17:31:08 +01:00
Ralf Becker
afa17b8236 fix PHP Fatal Call to a member function update() on null 2016-08-24 13:06:06 +02:00
Ralf Becker
b6c5ad31db log menuaction of eT2 requests, instead of eT2 itself, to do so move update of access-log to destructor of Session class 2016-08-18 13:05:51 +02:00
Ralf Becker
27468f0dac fix PHP Warning: filemtime(): stat failed for phpgwapi/setup/setup.inc.php 2016-07-31 10:29:52 +02:00
Ralf Becker
e34fe9a4e7 using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php 2016-05-11 19:23:14 +00:00
Ralf Becker
e87cbc4832 use static Hooks methods 2016-05-11 18:58:10 +00:00
Ralf Becker
153c068271 fix diverse occurences of egw_db 2016-05-06 11:13:19 +00:00
Ralf Becker
f68dab4862 remove no longer required use egw_mailer, since Mailer is api now 2016-03-29 06:46:42 +00:00
Ralf Becker
67cb60b972 moving egw_digest_auth, vfs_webdav_server and egw_sharing to new api 2016-03-20 16:19:53 +00:00
Ralf Becker
85695f0d41 split html class to Api\Html, Api\Header\Content, Api\Header\UserAgent and translation 2016-03-13 11:22:44 +00:00
Ralf Becker
b95727bb6f move auth classes to Api\Auth, only Sql is currently tested! 2016-03-06 20:47:10 +00:00
Ralf Becker
d407b9aae1 moved accounts classes to Api\Accounts 2016-03-06 15:54:07 +00:00
Ralf Becker
0f2131e29a move egw_customfields class to Api\Customfields 2016-03-05 13:33:32 +00:00
Ralf Becker
aeb9c93b55 moved egw_session class to Api\Session and removed unused egw_session_(files|memcache) as listing sessions is done now via egw_sessions table in db and memcache has its own session handler 2016-03-05 13:14:54 +00:00