holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity
36,240 Commits 27 Branches 330 Tags 157 MiB
0efa9ae141
Commit Graph

55 Commits

Author SHA1 Message Date
Ralf Becker
4886583cc1 change sharing to allow mounting shared into existing user sessions 
without the need to destroy the session, if the sharee is a different user

This is accomplished by keeping the sharee in the stream context / attribute of the vfs class(es) instead of static Vfs::$user.
Later is still used for the current user - identical to egw_info[user][account_id].

This commit / merge of the vfs-context feature branch also added the abilty to mount WebDAV sources, eg. a sharing link from an other EGroupware instance
or any WebDAV server
 2020-10-08 11:24:34 +02:00
Ralf Becker
ca73a54d89 * Security: allow to configure SameSite cookie attribute 2020-07-27 14:03:48 +02:00
Ralf Becker
4c131c1866 SAML/Shibboleth with multiple IdP or optional on regular login page 2020-06-10 15:19:24 +02:00
Ralf Becker
1ac0ff826e missed commit from SimpleSAMLphp 2020-04-20 12:55:19 +02:00
nathangray
1fcd502d57 Api: Fix sharing lost session ID causing logout 2020-03-05 14:08:57 -07:00
nathangray
0df0777484 Revert "Api: Fix sharing lost session ID causing logout" 
This reverts commit 07561bf01d.
 2020-03-05 14:07:24 -07:00
nathangray
07561bf01d Api: Fix sharing lost session ID causing logout 2020-03-05 13:58:09 -07:00
Ralf Becker
7283d33a93 fold Apache error.log and ignored PHP syntax errors, plus remove some warnings 2020-03-05 11:53:26 +01:00
Ralf Becker
5154bc2f70 fix warnings, if headers are already sent, eg. in phpUnit/Travis 2020-03-05 10:23:29 +01:00
Ralf Becker
df263c22a3 some fixes for warnings during phpUnit about session+translation 2020-03-04 20:28:30 +01:00
Ralf Becker
44d9fcc790 Revert "* CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar" 
This reverts commit 4c6e41d479.
 2020-03-04 19:16:50 +01:00
Ralf Becker
4c6e41d479 * CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar 2020-03-04 16:58:38 +01:00
Ralf Becker
deb482aca3 suppress warning if session already active (trace logs the password) 2020-02-26 13:51:58 +01:00
Ralf Becker
4a14e0d36b ignore exception, as it blocks session creation, if database is not writable 2020-02-19 15:39:29 +01:00
Ralf Becker
1559b017d7 validate IP address in X-Forwarded-For header 2020-01-30 13:21:56 +01:00
Ralf Becker
7b30bb7b0d * Admin: optional session-action column in access-log and sessions 
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
 2019-12-14 13:09:22 +02:00
Ralf Becker
2df0095579 fix typo 2019-12-05 08:57:26 +02:00
Ralf Becker
e305ba1d23 ignore logging of session dla only for max. of 15 min, so session status is displayed correct 2019-12-02 16:27:17 +02:00
Ralf Becker
7cd4169768 * all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy 2019-11-15 13:54:34 +01:00
Ralf Becker
302800b414 new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers 
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
 2019-11-12 20:13:24 +01:00
Ralf Becker
8f6df975fe also remove /api/thumbnail.php from access-log updates 2019-10-29 13:20:23 +01:00
Ralf Becker
cad1ec2aaf fix regular expression to not update access-log for avatar 2019-10-22 09:58:18 +02:00
Ralf Becker
71d3e3a80c ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates 2019-09-27 15:59:10 +02:00
Ralf Becker
3967d2a3b6 fix aborted WebAuthn not treated as failure of 2nd factor, if registered 2019-09-06 10:36:21 +02:00
Ralf Becker
681679382c * Api: no longer loggin last-logintime of anonymous user 
to not block website and also to better cope with high rate anon endpoints 
might be called creating a bottleneck in the egw_accounts table.
 2019-08-19 16:51:13 +02:00
Ralf Becker
2776d215e2 * Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth 2019-08-03 18:37:18 +02:00
Ralf Becker
ad3576903a allow to disable or require 2-Factor-Auth 2019-06-07 20:28:49 +02:00
Ralf Becker
eb286c6144 missing changes in Session class for 2FA 2019-06-05 15:29:44 +02:00
Ralf Becker
bf2de7f653 * Admin: white-list IP addresses from blocking or set higher number of attempts 2019-04-26 17:11:54 +02:00
Ralf Becker
983bf15041 remove further private IPs from proxys (incl. space after comma) 2019-04-22 23:44:51 +02:00
Ralf Becker
4622c28bb2 remove further private IPs from proxys 2019-04-22 23:20:41 +02:00
nathangray
19ead4c1cc Fix some more PHP 7.2 warnings 
Remove some calls to deprecated each()
 2018-12-18 09:49:29 -07:00
Ralf Becker
7b69f8cfa5 * Api/Filemanager/WebDAV: fix SQL error if login error or WebDAV path contains non-ascii chars 
in that case we transliterate these to ascii for storage in egw_access_log table, which only allows ascii chars
 2018-12-10 16:47:16 +01:00
Ralf Becker
7ba77356d5 new "session_created" hook 2018-06-18 09:07:14 +02:00
Ralf Becker
7c1a481d97 fix shutdown functions did not have $GLOBALS[egw] set, caused by session created by MServer 2018-04-11 15:04:48 +02:00
Ralf Becker
98376b5908 * PHP 7.2: fix several PHP Fatal errors and warnings stalling installation and usage 2018-04-09 16:02:00 +02:00
Ralf Becker
f800ab008b if we can not store failed login attempts in database, store it in cache 2018-02-28 18:01:32 +01:00
Ralf Becker
f4927d7e0b * Filemanager/Sharing: fix PHP 7.1 error causing auth request to popup 
Session only stores app-names and $GLOBALS[egw_info][user][apps] gets restored from $GLOBALS[egw_info][apps] for the allowed app-names. Check if we need to restore from installed apps array was using is_array($GLOBALS[egw_info][user][apps][api]) instead or isset($GLOBALS[egw_info][user][apps][0]), as check if it is a real, non associative array
 2018-02-14 09:03:14 +01:00
Ralf Becker
96413c1096 fix no translations loaded, by keeping just that pref in the session, as it is used before rest of prefs get restored 2017-04-05 10:02:41 +02:00
Ralf Becker
2adeddce8d do NOT store user preferences and apps in session, we restore them from instance cache 2017-04-04 19:13:43 +02:00
Ralf Becker
acfcd24983 fix not updated logout time on new farm 2017-03-01 13:36:42 +01:00
Ralf Becker
d6590cbf64 fix PHP Fatal, if debug is enabled 2017-02-27 17:31:08 +01:00
Ralf Becker
afa17b8236 fix PHP Fatal Call to a member function update() on null 2016-08-24 13:06:06 +02:00
Ralf Becker
b6c5ad31db log menuaction of eT2 requests, instead of eT2 itself, to do so move update of access-log to destructor of Session class 2016-08-18 13:05:51 +02:00
Ralf Becker
27468f0dac fix PHP Warning: filemtime(): stat failed for phpgwapi/setup/setup.inc.php 2016-07-31 10:29:52 +02:00
Ralf Becker
e34fe9a4e7 using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php 2016-05-11 19:23:14 +00:00
Ralf Becker
e87cbc4832 use static Hooks methods 2016-05-11 18:58:10 +00:00
Ralf Becker
153c068271 fix diverse occurences of egw_db 2016-05-06 11:13:19 +00:00
Ralf Becker
f68dab4862 remove no longer required use egw_mailer, since Mailer is api now 2016-03-29 06:46:42 +00:00
Ralf Becker
67cb60b972 moving egw_digest_auth, vfs_webdav_server and egw_sharing to new api 2016-03-20 16:19:53 +00:00