composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,780 Commits 151 Branches 134 Tags
4fccf5c8158d656a544ce53880cff7ab44d0e44c
Commit Graph

65 Commits

Author SHA1 Message Date
Denis Flaven
4fccf5c815 Add the ability to supply a default "from" email address for the "forgot password" feature, instead of using the same address as for the "to". 
SVN:trunk[3213]
 2014-06-16 15:14:40 +00:00
Romain Quetiez
d07ca49e53 #636 and #861 Set the focus on User Name in iTop Login Form 
SVN:trunk[3197]
 2014-06-05 09:48:59 +00:00
Denis Flaven
e2e6861b03 Properly handle external and basic authentication methods for REST web services. 
SVN:trunk[3170]
 2014-05-23 13:53:20 +00:00
Denis Flaven
678f982024 #923: prevent XSS injection in forgot password page. 
SVN:trunk[3139]
 2014-05-06 08:26:54 +00:00
Denis Flaven
d36a03bfc3 Make the Basic Authentication (login_mode=basic) work with non-ASCII characters (in the username as well as in the password), though this may depend on the browser... 
SVN:trunk[3084]
 2014-02-19 17:34:53 +00:00
Romain Quetiez
f83bb7fa90 Fixed regression introduced with "forgot password": button to reset the user password labelled as "Send now!" 
SVN:trunk[2965]
 2013-10-29 13:13:58 +00:00
Romain Quetiez
7017bbf88b The login web page must NOT be cached by the web browsers 
SVN:trunk[2880]
 2013-10-08 08:28:25 +00:00
Romain Quetiez
6f8be14711 Internal: failed authentication to return error 401 instead of prompting the end-user (to be exploited by the ajax calls) 
SVN:trunk[2871]
 2013-10-02 09:30:14 +00:00
Romain Quetiez
955beb70e4 Cosmetics on the login web page 
SVN:trunk[2857]
 2013-09-24 12:43:44 +00:00
Romain Quetiez
fde3808cdf New feature: Forgot password -> email to reset (possibly disabled in the config file) 
SVN:trunk[2855]
 2013-09-24 09:15:52 +00:00
Romain Quetiez
607236a7cb Compiler: added brand management 
SVN:trunk[2838]
 2013-08-29 08:35:44 +00:00
Denis Flaven
3060462edc #732: Change password: exit after building the page in case of wrong "old" password 
SVN:trunk[2756]
 2013-05-22 08:43:48 +00:00
Denis Flaven
9afe28be20 Support non scalar posted parameters... 
SVN:trunk[2749]
 2013-05-16 15:45:57 +00:00
Denis Flaven
667f258ec2 Preserve POSted parameters on the login web page (useful when the session expires) 
SVN:trunk[2659]
 2013-03-28 09:59:49 +00:00
Romain Quetiez
b38dea4bba #634 Detection of HTTPS not working with nginx (iTop always considering the current connection as being secure) 
SVN:trunk[2617]
 2013-03-13 13:57:51 +00:00
Romain Quetiez
721faa7e1e Updated copyright (2012) and license (LGPL changed to AGPL) 
SVN:trunk[2333]
 2012-10-23 21:41:36 +00:00
Romain Quetiez
c9d5743c4a Config: use app_icon_url to change the hyperlink used when clicking on the main icon 
SVN:trunk[2289]
 2012-10-18 10:17:49 +00:00
Denis Flaven
3c46ac9011 Added the ability to display a custom welcome/disclaimer message at the bottom of the login form. 
SVN:trunk[1806]
 2012-01-24 15:20:47 +00:00
Denis Flaven
ea1193b90f Fix for Trac#519 - change password bug ! 
SVN:trunk[1805]
 2012-01-24 15:11:20 +00:00
Denis Flaven
780fb6dc27 Fixed absolute/relative path issues in the JS and href places 
SVN:trunk[1763]
 2012-01-12 16:58:26 +00:00
Romain Quetiez
6a9ea25b27 Setup based on either compiled modules or xml datamodel files (or both). 
SetupWebPage is an alias for ModuleDiscovery and the module files should be updated progressively to invoke ModuleDiscovery::AddModule() instead.
The implementation of the module still assumes they are in the directory 'modules'... this has to be changed later to ensure the distinction between the source modules and the executed modules

SVN:trunk[1758]
 2012-01-11 15:04:15 +00:00
Denis Flaven
f29d673ffb Added self-registering / user synchronization extensibility 
SVN:trunk[1756]
 2012-01-11 11:17:08 +00:00
Denis Flaven
cf65b58981 Make sure that the path/href base is correct to display the page (images, CSS...) 
SVN:trunk[1755]
 2012-01-09 08:57:48 +00:00
Denis Flaven
8231420c44 - New way to handle sessions compatible with multiple environments 
SVN:trunk[1710]
 2011-12-08 15:37:48 +00:00
Denis Flaven
f17f4e1f78 Use the default language when creating a new user from CAS 
SVN:trunk[1697]
 2011-11-29 15:54:53 +00:00
Denis Flaven
a94ccb9091 Support patterns for the definition of casMemberOf groups. 
SVN:trunk[1695]
 2011-11-29 15:31:04 +00:00
Denis Flaven
cbafb5f1d1 Automatic synchro of CAS users 
SVN:trunk[1625]
 2011-10-03 13:54:58 +00:00
Romain Quetiez
a3a94cccbb #484 Fixed issue with IIS ("Wrong password" at first prompt) 
SVN:trunk[1609]
 2011-09-28 12:55:15 +00:00
Denis Flaven
c4db9cd84e More fixes for Trac#446: XSS vulnerabilities with vectors containing double quotes 
SVN:trunk[1563]
 2011-09-08 13:21:32 +00:00
Romain Quetiez
06e9bd0c25 #446 XSS vector on the login web page 
SVN:trunk[1561]
 2011-09-08 10:28:14 +00:00
Denis Flaven
6859326646 Fixed Trac#446: XSS vulnerabilities... to be tested ! 
Also fixed the display/download links on documents that were both doing exactly the same thing !

SVN:trunk[1443]
 2011-08-11 10:17:03 +00:00
Denis Flaven
ff89c4d424 CAS authentication improvements: 
- Check if the user is part of a group (memberOf)
- Fixed the use of the 'redirect_service' when logging-out

SVN:trunk[1384]
 2011-07-28 17:39:49 +00:00
Denis Flaven
ecca1aa070 Use absolute URLs as much as possible to be independent from the page being executed... 
SVN:trunk[1365]
 2011-07-26 13:22:45 +00:00
Denis Flaven
3ab670e8c2 Implemented two new options for CAS: 
- logout_redirect_service
- memberOf

SVN:trunk[1362]
 2011-07-26 09:42:46 +00:00
Romain Quetiez
c4b7497770 #423 Fixed issues with application root URL = f(mode CLI, modules, web server techno, etc.) 
SVN:trunk[1304]
 2011-06-28 10:30:03 +00:00
Denis Flaven
733953ac99 CAS integration: added support of JA-SIG Central Authentication Service (CAS) with log-off support, using phpCAS API. 
SVN:trunk[1280]
 2011-06-10 14:51:17 +00:00
Denis Flaven
d48fd1a12e First prototype (not yet tested) of CAS integration. 
SVN:trunk[1276]
 2011-06-08 13:34:43 +00:00
Denis Flaven
5ad7ea1b7b Fixed Trac #365: Give the user some feedback when the password was successfully changed/set. Note that iTop does not check that the new password is different from the old one. 
SVN:trunk[1147]
 2011-03-24 17:34:00 +00:00
Denis Flaven
2d65325f6f New configuration setting (and new class of Log objects) to keep track of the application's usage: an entry in the log is added each time a user connects to the application. (This feature is disabled by default) 
SVN:trunk[1073]
 2011-02-07 15:55:39 +00:00
Denis Flaven
fde336d8dd Cosmetics: make the login & change password form look the same on all browsers. 
SVN:trunk[1053]
 2011-01-18 09:07:46 +00:00
Denis Flaven
6338775506 Split the usage of the iTop logo: one logo to be displayed internally (once logged) one externally (login/logoff). 
SVN:trunk[1021]
 2010-12-08 09:43:56 +00:00
Romain Quetiez
cde184e2a3 Allow a module to provide a handler to override application settings: OnMetaModelStarted() 
SVN:trunk[1010]
 2010-12-06 09:14:20 +00:00
Romain Quetiez
d8bb6a45b2 REVIEWED THE FILE INCLUSION POLICY 
- includes are relative to the application root folder, aka APPROOT
- changed the config file, while preserving the compatibility with older installs

SVN:trunk[962]
 2010-11-22 17:53:52 +00:00
Romain Quetiez
248cdcea8c #286 Issue with HTTPS - reviewed the fix implemented in [896] 
SVN:trunk[931]
 2010-10-28 12:55:51 +00:00
Denis Flaven
006453678b Fixed Trac#300: each iTop instance now uses its own name for the cookie storing the session ID. Therefore several instances can coexist independently on the same server. 
SVN:trunk[913]
 2010-10-22 06:09:51 +00:00
Denis Flaven
f120e21e00 Code cleanup: proper usage of the ReadParam function. 
SVN:trunk[814]
 2010-09-10 14:11:30 +00:00
Denis Flaven
463e7b5413 - Enhancement (Trac#189) first version of a (simple) End-Users portal. 
- Fix for the appUserPreferences class

SVN:trunk[806]
 2010-09-10 10:10:57 +00:00
Romain Quetiez
5070dd2abe #260 Restrict some pages to administrators 
SVN:trunk[800]
 2010-09-09 05:44:18 +00:00
Denis Flaven
4c789e8fbb - Fixed bug #102: regression introduced with the encoding of passwords: users were no longer able to change their own password... 
SVN:trunk[778]
 2010-09-06 11:36:11 +00:00
Denis Flaven
73458617bf - Integrated fix for patch #188 - ForceHttps = SecureConnectionRequired 
SVN:trunk[670]
 2010-08-10 16:53:28 +00:00