Ralf Becker
621d69f921
missing files from filemanager mount GUI
2021-09-13 17:41:21 +02:00
Ralf Becker
b3f1738f05
fix typo causing number of failed attempts on IP whitelist not to be used
2021-05-11 11:20:25 +02:00
Ralf Becker
8df0ba3d70
fixes required for EPL firewall
2021-04-20 15:51:36 +02:00
Ralf Becker
fed41622c2
fixing all sorts of PHP 8 errors and PHPStorm errors
2021-03-31 17:50:01 +02:00
Ralf Becker
4886583cc1
change sharing to allow mounting shared into existing user sessions
...
without the need to destroy the session, if the sharee is a different user
This is accomplished by keeping the sharee in the stream context / attribute of the vfs class(es) instead of static Vfs::$user.
Later is still used for the current user - identical to egw_info[user][account_id].
This commit / merge of the vfs-context feature branch also added the abilty to mount WebDAV sources, eg. a sharing link from an other EGroupware instance
or any WebDAV server
2020-10-08 11:24:34 +02:00
Ralf Becker
ca73a54d89
* Security: allow to configure SameSite cookie attribute
2020-07-27 14:03:48 +02:00
Ralf Becker
4c131c1866
SAML/Shibboleth with multiple IdP or optional on regular login page
2020-06-10 15:19:24 +02:00
Ralf Becker
1ac0ff826e
missed commit from SimpleSAMLphp
2020-04-20 12:55:19 +02:00
nathangray
1fcd502d57
Api: Fix sharing lost session ID causing logout
2020-03-05 14:08:57 -07:00
nathangray
0df0777484
Revert "Api: Fix sharing lost session ID causing logout"
...
This reverts commit 07561bf01d
.
2020-03-05 14:07:24 -07:00
nathangray
07561bf01d
Api: Fix sharing lost session ID causing logout
2020-03-05 13:58:09 -07:00
Ralf Becker
7283d33a93
fold Apache error.log and ignored PHP syntax errors, plus remove some warnings
2020-03-05 11:53:26 +01:00
Ralf Becker
5154bc2f70
fix warnings, if headers are already sent, eg. in phpUnit/Travis
2020-03-05 10:23:29 +01:00
Ralf Becker
df263c22a3
some fixes for warnings during phpUnit about session+translation
2020-03-04 20:28:30 +01:00
Ralf Becker
44d9fcc790
Revert "* CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar"
...
This reverts commit 4c6e41d479
.
2020-03-04 19:16:50 +01:00
Ralf Becker
4c6e41d479
* CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar
2020-03-04 16:58:38 +01:00
Ralf Becker
deb482aca3
suppress warning if session already active (trace logs the password)
2020-02-26 13:51:58 +01:00
Ralf Becker
4a14e0d36b
ignore exception, as it blocks session creation, if database is not writable
2020-02-19 15:39:29 +01:00
Ralf Becker
1559b017d7
validate IP address in X-Forwarded-For header
2020-01-30 13:21:56 +01:00
Ralf Becker
7b30bb7b0d
* Admin: optional session-action column in access-log and sessions
...
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
Ralf Becker
2df0095579
fix typo
2019-12-05 08:57:26 +02:00
Ralf Becker
e305ba1d23
ignore logging of session dla only for max. of 15 min, so session status is displayed correct
2019-12-02 16:27:17 +02:00
Ralf Becker
7cd4169768
* all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy
2019-11-15 13:54:34 +01:00
Ralf Becker
302800b414
new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
...
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
8f6df975fe
also remove /api/thumbnail.php from access-log updates
2019-10-29 13:20:23 +01:00
Ralf Becker
cad1ec2aaf
fix regular expression to not update access-log for avatar
2019-10-22 09:58:18 +02:00
Ralf Becker
71d3e3a80c
ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates
2019-09-27 15:59:10 +02:00
Ralf Becker
3967d2a3b6
fix aborted WebAuthn not treated as failure of 2nd factor, if registered
2019-09-06 10:36:21 +02:00
Ralf Becker
681679382c
* Api: no longer loggin last-logintime of anonymous user
...
to not block website and also to better cope with high rate anon endpoints
might be called creating a bottleneck in the egw_accounts table.
2019-08-19 16:51:13 +02:00
Ralf Becker
2776d215e2
* Login: RememberMe token for either automatic login or as 2. factor for 2-Factor-Auth
2019-08-03 18:37:18 +02:00
Ralf Becker
ad3576903a
allow to disable or require 2-Factor-Auth
2019-06-07 20:28:49 +02:00
Ralf Becker
eb286c6144
missing changes in Session class for 2FA
2019-06-05 15:29:44 +02:00
Ralf Becker
bf2de7f653
* Admin: white-list IP addresses from blocking or set higher number of attempts
2019-04-26 17:11:54 +02:00
Ralf Becker
983bf15041
remove further private IPs from proxys (incl. space after comma)
2019-04-22 23:44:51 +02:00
Ralf Becker
4622c28bb2
remove further private IPs from proxys
2019-04-22 23:20:41 +02:00
nathangray
19ead4c1cc
Fix some more PHP 7.2 warnings
...
Remove some calls to deprecated each()
2018-12-18 09:49:29 -07:00
Ralf Becker
7b69f8cfa5
* Api/Filemanager/WebDAV: fix SQL error if login error or WebDAV path contains non-ascii chars
...
in that case we transliterate these to ascii for storage in egw_access_log table, which only allows ascii chars
2018-12-10 16:47:16 +01:00
Ralf Becker
7ba77356d5
new "session_created" hook
2018-06-18 09:07:14 +02:00
Ralf Becker
7c1a481d97
fix shutdown functions did not have $GLOBALS[egw] set, caused by session created by MServer
2018-04-11 15:04:48 +02:00
Ralf Becker
98376b5908
* PHP 7.2: fix several PHP Fatal errors and warnings stalling installation and usage
2018-04-09 16:02:00 +02:00
Ralf Becker
f800ab008b
if we can not store failed login attempts in database, store it in cache
2018-02-28 18:01:32 +01:00
Ralf Becker
f4927d7e0b
* Filemanager/Sharing: fix PHP 7.1 error causing auth request to popup
...
Session only stores app-names and $GLOBALS[egw_info][user][apps] gets restored from $GLOBALS[egw_info][apps] for the allowed app-names. Check if we need to restore from installed apps array was using is_array($GLOBALS[egw_info][user][apps][api]) instead or isset($GLOBALS[egw_info][user][apps][0]), as check if it is a real, non associative array
2018-02-14 09:03:14 +01:00
Ralf Becker
96413c1096
fix no translations loaded, by keeping just that pref in the session, as it is used before rest of prefs get restored
2017-04-05 10:02:41 +02:00
Ralf Becker
2adeddce8d
do NOT store user preferences and apps in session, we restore them from instance cache
2017-04-04 19:13:43 +02:00
Ralf Becker
acfcd24983
fix not updated logout time on new farm
2017-03-01 13:36:42 +01:00
Ralf Becker
d6590cbf64
fix PHP Fatal, if debug is enabled
2017-02-27 17:31:08 +01:00
Ralf Becker
afa17b8236
fix PHP Fatal Call to a member function update() on null
2016-08-24 13:06:06 +02:00
Ralf Becker
b6c5ad31db
log menuaction of eT2 requests, instead of eT2 itself, to do so move update of access-log to destructor of Session class
2016-08-18 13:05:51 +02:00
Ralf Becker
27468f0dac
fix PHP Warning: filemtime(): stat failed for phpgwapi/setup/setup.inc.php
2016-07-31 10:29:52 +02:00
Ralf Becker
e34fe9a4e7
using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php
2016-05-11 19:23:14 +00:00