composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-06 09:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
5,090 Commits 152 Branches 134 Tags
3dbbf296b83fc07eebf6beed8ca3beedab93e994
Commit Graph

91 Commits

Author SHA1 Message Date
Stephen Abello
248dab9289 N°2633 - Security hardening 2020-01-20 15:46:04 +01:00
Pierre Goiffon
bc3b50ad23 Fix wrong method call 2019-02-22 10:00:23 +01:00
Pierre Goiffon
d5568afc68 🔒 N°1795 prevent XSS on some fields 2018-11-23 18:00:26 +01:00
Eric
5cedcb2389 N°1620: Fix 'forgot your password?' error when resetting password 2018-11-16 10:34:12 +01:00
Pierre Goiffon
588899db63 Convert all files from CrLf to Lf (preparing merge to develop) 2018-10-18 14:20:40 +02:00
Eric
10683d943f N°1620: Fix 'forgot your password?' link 2018-09-03 16:50:30 +02:00
Pierre Goiffon
3f612cfc90 some PHPDoc 
SVN:trunk[5875]
 2018-06-14 15:19:30 +00:00
Stephen Abello
3974406f1b N°1175 : Fixed missing params error occurring when resetting password from a notification linking to portal. 
SVN:trunk[5763]
 2018-05-02 08:19:27 +00:00
Stephen Abello
d441595ee6 N°1319 & N°1203: Added a conf params 'email_default_sender_address' and 'email_default_sender_label' that will be used if a mail has no sender set. (forgot password, test mail, test notification mail, data source fail notification) 
SVN:trunk[5750]
 2018-04-27 08:29:48 +00:00
Denis Flaven
9c3b053727 (Enhancement for developers) Use a timestamp defined at compile time to workaround client-side caching problems during development. 
SVN:trunk[5690]
 2018-04-18 13:45:08 +00:00
Pierre Goiffon
c562098ef7 N°993: restrict the access to the REST/JSON web services to users having the profile "REST Services User" (restore 2018-04-10 revisions : r5632..r5633) 
SVN:trunk[5630]
 2018-04-12 08:53:02 +00:00
Guillaume Lajarige
5f2245595f N°313 Show product name on branding logo title instead of a generic "iTop" text. 
SVN:trunk[4866]
 2017-08-18 13:50:33 +00:00
Guillaume Lajarige
3420db26a5 N°564 LoginWebPage title default value is now a dictionary entry ('UI:Login:Title'). Only english & french are available for now, feel free to contribute ! :) 
SVN:trunk[4850]
 2017-07-31 15:06:21 +00:00
Romain Quetiez
46b5293867 N.542, N.912 Finalized the API UserRights::Impersonate. This is an enabler for several enhancements. 
SVN:trunk[4837]
 2017-07-18 09:36:25 +00:00
Romain Quetiez
fa2fd6dcdf NEW! Archiving data. Archiving is a soft delete. It can be undone. Enter the archive mode to see all the data including archives (everything is read-only in that mode). Archiving must be enabled per class (data model). Archiving is achieved by the mean of the API DBObject::Archive (or Unarchive). 
SVN:trunk[4692]
 2017-04-26 09:52:20 +00:00
Denis Flaven
93ff327b54 2.3.0 Regression: login_mode was broken ! 
SVN:trunk[4301]
 2016-07-08 11:56:27 +00:00
Denis Flaven
2773419faa New field on the User class to enable/disable user accounts. 
SVN:trunk[4230]
 2016-06-21 09:22:14 +00:00
Denis Flaven
63b6b95f71 Use one-way encryption for storing the token used for the "Forgotten password" feature. 
SVN:trunk[3920]
 2016-02-19 18:17:11 +00:00
Guillaume Lajarige
879f5d89b9 Moved static method GetAllowedPortals() from LoginWebpage class to UserRights class. 
SVN:trunk[3862]
 2016-01-15 10:32:17 +00:00
Romain Quetiez
3fe2aa3b1d Portal: Use absolute URLs for js+css embedded into iTop (login prompt not working with the usage of symlinks or rewrite rules) 
SVN:trunk[3857]
 2016-01-12 09:15:37 +00:00
Romain Quetiez
3be0bc8ca8 Improved the User Rights management API: 
- new verbs: HasProfile and ListProfiles
- doing less queries (no need for listing all the profiles, caching the user profiles into the SESSION cookie
- did some code cleanup (unused variables)

SVN:trunk[3852]
 2015-12-15 20:30:30 +00:00
Denis Flaven
3eec1d358c Make sure that the images are reloaded when the application is upgraded. 
SVN:trunk[3785]
 2015-09-22 15:14:04 +00:00
Denis Flaven
9f92e5e0be #788 Whenever a timeout is detected by an ajax request, a popup dialog warns the user to log-in again. 
SVN:trunk[3613]
 2015-06-25 15:32:30 +00:00
Denis Flaven
4919ca88ec Modularization of the portal. The entry points for portals is now defined in XML, and thus can be altered by an extension. 
SVN:trunk[3509]
 2015-03-23 16:02:44 +00:00
Denis Flaven
a64b299644 "Portal Users" are not allowed to use the REST/JSON webservices. This case is now properly handled with a specific message. 
SVN:trunk[3253]
 2014-07-08 10:47:50 +00:00
Denis Flaven
06582cfe35 Oops, fixed a typo in: Add the ability to supply a default "from" email address for the "forgot password" feature, instead of using the same address as for the "to". 
SVN:trunk[3219]
 2014-06-18 15:57:25 +00:00
Denis Flaven
4fccf5c815 Add the ability to supply a default "from" email address for the "forgot password" feature, instead of using the same address as for the "to". 
SVN:trunk[3213]
 2014-06-16 15:14:40 +00:00
Romain Quetiez
d07ca49e53 #636 and #861 Set the focus on User Name in iTop Login Form 
SVN:trunk[3197]
 2014-06-05 09:48:59 +00:00
Denis Flaven
e2e6861b03 Properly handle external and basic authentication methods for REST web services. 
SVN:trunk[3170]
 2014-05-23 13:53:20 +00:00
Denis Flaven
678f982024 #923: prevent XSS injection in forgot password page. 
SVN:trunk[3139]
 2014-05-06 08:26:54 +00:00
Denis Flaven
d36a03bfc3 Make the Basic Authentication (login_mode=basic) work with non-ASCII characters (in the username as well as in the password), though this may depend on the browser... 
SVN:trunk[3084]
 2014-02-19 17:34:53 +00:00
Romain Quetiez
f83bb7fa90 Fixed regression introduced with "forgot password": button to reset the user password labelled as "Send now!" 
SVN:trunk[2965]
 2013-10-29 13:13:58 +00:00
Romain Quetiez
7017bbf88b The login web page must NOT be cached by the web browsers 
SVN:trunk[2880]
 2013-10-08 08:28:25 +00:00
Romain Quetiez
6f8be14711 Internal: failed authentication to return error 401 instead of prompting the end-user (to be exploited by the ajax calls) 
SVN:trunk[2871]
 2013-10-02 09:30:14 +00:00
Romain Quetiez
955beb70e4 Cosmetics on the login web page 
SVN:trunk[2857]
 2013-09-24 12:43:44 +00:00
Romain Quetiez
fde3808cdf New feature: Forgot password -> email to reset (possibly disabled in the config file) 
SVN:trunk[2855]
 2013-09-24 09:15:52 +00:00
Romain Quetiez
607236a7cb Compiler: added brand management 
SVN:trunk[2838]
 2013-08-29 08:35:44 +00:00
Denis Flaven
3060462edc #732: Change password: exit after building the page in case of wrong "old" password 
SVN:trunk[2756]
 2013-05-22 08:43:48 +00:00
Denis Flaven
9afe28be20 Support non scalar posted parameters... 
SVN:trunk[2749]
 2013-05-16 15:45:57 +00:00
Denis Flaven
667f258ec2 Preserve POSted parameters on the login web page (useful when the session expires) 
SVN:trunk[2659]
 2013-03-28 09:59:49 +00:00
Romain Quetiez
b38dea4bba #634 Detection of HTTPS not working with nginx (iTop always considering the current connection as being secure) 
SVN:trunk[2617]
 2013-03-13 13:57:51 +00:00
Romain Quetiez
721faa7e1e Updated copyright (2012) and license (LGPL changed to AGPL) 
SVN:trunk[2333]
 2012-10-23 21:41:36 +00:00
Romain Quetiez
c9d5743c4a Config: use app_icon_url to change the hyperlink used when clicking on the main icon 
SVN:trunk[2289]
 2012-10-18 10:17:49 +00:00
Denis Flaven
3c46ac9011 Added the ability to display a custom welcome/disclaimer message at the bottom of the login form. 
SVN:trunk[1806]
 2012-01-24 15:20:47 +00:00
Denis Flaven
ea1193b90f Fix for Trac#519 - change password bug ! 
SVN:trunk[1805]
 2012-01-24 15:11:20 +00:00
Denis Flaven
780fb6dc27 Fixed absolute/relative path issues in the JS and href places 
SVN:trunk[1763]
 2012-01-12 16:58:26 +00:00
Romain Quetiez
6a9ea25b27 Setup based on either compiled modules or xml datamodel files (or both). 
SetupWebPage is an alias for ModuleDiscovery and the module files should be updated progressively to invoke ModuleDiscovery::AddModule() instead.
The implementation of the module still assumes they are in the directory 'modules'... this has to be changed later to ensure the distinction between the source modules and the executed modules

SVN:trunk[1758]
 2012-01-11 15:04:15 +00:00
Denis Flaven
f29d673ffb Added self-registering / user synchronization extensibility 
SVN:trunk[1756]
 2012-01-11 11:17:08 +00:00
Denis Flaven
cf65b58981 Make sure that the path/href base is correct to display the page (images, CSS...) 
SVN:trunk[1755]
 2012-01-09 08:57:48 +00:00
Denis Flaven
8231420c44 - New way to handle sessions compatible with multiple environments 
SVN:trunk[1710]
 2011-12-08 15:37:48 +00:00