snipe
|
ee4f355e49
|
Changed logging to debug
Signed-off-by: snipe <snipe@snipe.net>
|
2022-07-05 17:58:45 -07:00 |
|
snipe
|
a5b857c753
|
Return error if token is incorrect
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 19:30:51 -07:00 |
|
snipe
|
a31bca1798
|
Check that the user is activated before letting them reset their password
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 18:48:02 -07:00 |
|
snipe
|
7f8fc7add9
|
Make SAML debugging less noisy
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 17:57:17 -07:00 |
|
snipe
|
f4f400ed87
|
Handle workflow better for invalid users
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 16:13:43 -07:00 |
|
snipe
|
a49ccf0863
|
Removed unused rules
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 16:13:26 -07:00 |
|
snipe
|
300879847f
|
Added a few comments to make it clearer what’s happening
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 14:33:10 -07:00 |
|
snipe
|
21875100b6
|
Fixed missing password.token string and checked for user existing before trying to reset
Signed-off-by: snipe <snipe@snipe.net>
|
2022-06-21 14:15:38 -07:00 |
|
Brady Wetherington
|
b4a0d33ba8
|
Reduce logging further; we know the main error condition now
|
2022-05-17 19:57:42 -07:00 |
|
Brady Wetherington
|
6c86a28d18
|
Pass the password along directly instead of retrieving it from the Input or Request
|
2022-05-16 10:58:27 -07:00 |
|
Johnson Yi
|
4401dab8d6
|
fix saml slo for logout
|
2022-05-14 11:59:34 +00:00 |
|
Brady Wetherington
|
0ddb0f2c81
|
Switch the barcode backend to SVG, and fix the two-factor middleware
|
2022-05-13 14:22:27 -07:00 |
|
snipe
|
780222d372
|
Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Auth/LoginController.php
# resources/views/users/print.blade.php
|
2022-05-10 17:26:26 -07:00 |
|
snipe
|
4fccf4ddc4
|
Few more log lines
Signed-off-by: snipe <snipe@snipe.net>
|
2022-05-10 12:27:42 -07:00 |
|
snipe
|
f4e737eaf3
|
More SAML debugging
Signed-off-by: snipe <snipe@snipe.net>
|
2022-05-10 12:14:22 -07:00 |
|
snipe
|
f572eaa421
|
Added debugging for SAML login
Signed-off-by: snipe <snipe@snipe.net>
|
2022-05-10 12:07:07 -07:00 |
|
snipe
|
784bf4d784
|
Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# .github/ISSUE_TEMPLATE/feature_request.yml
# app/Http/Controllers/CustomFieldsetsController.php
# app/Http/Controllers/ReportsController.php
# config/version.php
# package-lock.json
# package.json
# public/css/dist/all.css
# public/css/dist/bootstrap-table.css
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/views/users/print.blade.php
# webpack.mix.js
|
2022-05-06 01:52:43 -07:00 |
|
snipe
|
b20921cb62
|
Removed duplicate session regenerate
Signed-off-by: snipe <snipe@snipe.net>
|
2022-05-05 21:35:05 -07:00 |
|
Johnson Yi
|
92fe1287ea
|
Do not saml login automatically after normal logout
|
2022-04-29 15:35:08 +00:00 |
|
snipe
|
b876d0abb0
|
Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# .env.example
# app/Http/Controllers/Auth/LoginController.php
# app/Http/Kernel.php
# app/Http/Transformers/ActionlogsTransformer.php
# app/Importer/AssetImporter.php
# app/Models/Accessory.php
# app/Models/Consumable.php
# app/Presenters/AccessoryPresenter.php
# app/Presenters/ComponentPresenter.php
# app/Presenters/ConsumablePresenter.php
# app/Providers/AuthServiceProvider.php
# composer.json
# composer.lock
# config/app.php
# config/cors.php
# config/version.php
# package-lock.json
# public/js/build/app.js
# public/js/build/app.js.LICENSE.txt
# public/js/dist/all.js
# public/mix-manifest.json
# resources/views/accessories/view.blade.php
# resources/views/consumables/view.blade.php
# resources/views/settings/saml.blade.php
# routes/api.php
|
2022-03-03 21:59:38 -08:00 |
|
snipe
|
42fcd29200
|
Fixed #10436 on master, applies #10449
Signed-off-by: snipe <snipe@snipe.net>
|
2022-02-22 21:06:54 -08:00 |
|
snipe
|
dd5f812d88
|
Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# .all-contributorsrc
# README.md
# app/Console/Commands/FixDoubleEscape.php
# app/Console/Commands/LdapSync.php
# app/Exceptions/Handler.php
# app/Http/Controllers/Api/AssetMaintenancesController.php
# app/Http/Controllers/Api/AssetModelsController.php
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Api/CategoriesController.php
# app/Http/Controllers/Api/CompaniesController.php
# app/Http/Controllers/Api/DepartmentsController.php
# app/Http/Controllers/Api/LicensesController.php
# app/Http/Controllers/Api/LocationsController.php
# app/Http/Controllers/Api/ManufacturersController.php
# app/Http/Controllers/Api/SettingsController.php
# app/Http/Controllers/Api/SuppliersController.php
# app/Http/Controllers/AssetModelsController.php
# app/Http/Controllers/Auth/LoginController.php
# app/Http/Controllers/CustomFieldsController.php
# app/Http/Controllers/SettingsController.php
# app/Models/Loggable.php
# app/Providers/AuthServiceProvider.php
# config/version.php
# database/migrations/2014_11_04_231416_update_group_field_for_reporting.php
# database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php
# package-lock.json
# package.json
# public/js/build/app.js
# public/js/dist/all.js
# public/mix-manifest.json
# resources/assets/js/components/forms/asset-models/fieldset-default-values.vue
# resources/views/hardware/view.blade.php
|
2022-02-20 13:29:12 -08:00 |
|
snipe
|
4f89dfee49
|
Merge pull request #10679 from snipe/fixes/timing_attack_mitigation_for_forgot_password
Added usleep random to forgotten password method to mitigate timing attacks
|
2022-02-16 11:17:00 -07:00 |
|
snipe
|
f878e0ad66
|
Fixes 2FA cookie -> user issue
Signed-off-by: snipe <snipe@snipe.net>
|
2022-02-15 18:29:23 -08:00 |
|
snipe
|
178e440951
|
Added usleep :(
Signed-off-by: snipe <snipe@snipe.net>
|
2022-02-15 18:09:58 -08:00 |
|
Alex Janes
|
edef640d35
|
Merge branch 'develop' into features/lock_logins_to_saml
|
2022-01-11 09:05:14 -05:00 |
|
Alex Janes
|
a68ec8bb57
|
Update LoginController.php
Updated if statements to match convention exactly.
|
2021-12-17 18:52:42 -05:00 |
|
Alex Janes
|
d99db5c63b
|
bug fix and formatting fix
|
2021-12-16 19:04:37 -05:00 |
|
Alex Janes
|
6898119891
|
Replaced env() with config() to check environment variables
Made the app.php description for 'REQUIRE_SAML' a bit more... descriptive.
|
2021-12-16 16:56:39 -05:00 |
|
Alex Janes
|
a6116a1b15
|
If SAML required, don't accept login form post.
|
2021-12-16 14:33:25 -05:00 |
|
Alex Janes
|
3c8d70c5fb
|
Add option to environment to require SAML for a more secure installation.
|
2021-12-16 11:44:07 -05:00 |
|
Brady Wetherington
|
864cc4f8d5
|
Fix FIXME's by downgrading them to TODO's :)
|
2021-11-10 11:37:10 -08:00 |
|
Brady Wetherington
|
a58c5ce27f
|
Better documentation, disable AdLdap2-based "Add domain" setting
|
2021-11-08 17:11:47 -08:00 |
|
Brady Wetherington
|
b0417e5bd7
|
Finish pulling out the AdLdap2-based LDAP remnants that were still in the system
|
2021-11-03 15:22:06 -07:00 |
|
Steven Daniele
|
efc644c960
|
support apache REDIRECT_* for remote user login
|
2021-10-28 14:23:38 -04:00 |
|
snipe
|
aa8f1378c9
|
Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# README.md
# app/Http/Controllers/Accessories/AccessoriesController.php
# app/Http/Controllers/Api/AssetMaintenancesController.php
# app/Http/Controllers/Api/AssetModelsController.php
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Api/UsersController.php
# app/Http/Controllers/AssetMaintenancesController.php
# app/Http/Controllers/Assets/AssetFilesController.php
# app/Http/Controllers/Assets/AssetsController.php
# app/Http/Controllers/Assets/BulkAssetsController.php
# app/Http/Controllers/Components/ComponentsController.php
# app/Http/Controllers/Consumables/ConsumablesController.php
# app/Http/Controllers/Licenses/LicenseFilesController.php
# app/Http/Controllers/Licenses/LicensesController.php
# app/Http/Controllers/Users/UserFilesController.php
# app/Http/Transformers/AssetsTransformer.php
# app/Http/Transformers/LicensesTransformer.php
# app/Importer/UserImporter.php
# app/Models/Asset.php
# config/app.php
# config/version.php
# package-lock.json
# public/js/build/app.js
# public/js/dist/all.js
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/lang/en/admin/users/message.php
# resources/lang/is/button.php
# resources/lang/ja/admin/kits/general.php
# resources/lang/ro/admin/users/general.php
# resources/lang/zh-HK/admin/depreciations/general.php
# resources/lang/zh-HK/admin/models/general.php
# resources/views/hardware/qr-view.blade.php
# resources/views/hardware/view.blade.php
# resources/views/partials/bootstrap-table.blade.php
# resources/views/users/view.blade.php
# routes/web.php
# routes/web/hardware.php
# routes/web/models.php
# routes/web/users.php
|
2021-10-20 17:26:41 -07:00 |
|
snipe
|
5d94b99035
|
Switched to 5 in one minute
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 15:53:32 -07:00 |
|
snipe
|
0674ef5a3d
|
Fixed number to 1 (for minutes)
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 15:43:32 -07:00 |
|
snipe
|
702791210e
|
Throttle password reset requests to 5 every 60 seconds
Signed-off-by: snipe <snipe@snipe.net>
|
2021-10-08 14:26:30 -07:00 |
|
snipe
|
e27065fe16
|
Merge branch 'develop-v6-integration' into develop-v6-rc1
Signed-off-by: snipe <snipe@snipe.net>
# Conflicts:
# .all-contributorsrc
# README.md
# app/Console/Commands/ResetDemoSettings.php
# app/Helpers/Helper.php
# app/Http/Controllers/Api/AccessoriesController.php
# app/Http/Controllers/Api/AssetsController.php
# app/Http/Controllers/Api/CategoriesController.php
# app/Http/Controllers/Api/ComponentsController.php
# app/Http/Controllers/Api/ConsumablesController.php
# app/Http/Controllers/Api/LocationsController.php
# app/Http/Controllers/Api/StatuslabelsController.php
# app/Http/Controllers/Api/SuppliersController.php
# app/Http/Controllers/AssetMaintenancesController.php
# app/Http/Controllers/Auth/ForgotPasswordController.php
# app/Http/Controllers/DepreciationsController.php
# app/Http/Controllers/ReportsController.php
# app/Http/Controllers/SettingsController.php
# app/Http/Requests/ImageUploadRequest.php
# app/Http/Transformers/ActionlogsTransformer.php
# app/Http/Transformers/DepreciationsTransformer.php
# app/Listeners/CheckoutableListener.php
# app/Models/Accessory.php
# app/Models/Asset.php
# app/Models/Company.php
# app/Models/Ldap.php
# app/Models/User.php
# app/Presenters/AssetPresenter.php
# app/Presenters/CategoryPresenter.php
# composer.json
# composer.lock
# config/version.php
# database/factories/AssetModelFactory.php
# database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php
# database/seeds/AssetModelSeeder.php
# package-lock.json
# public/css/build/AdminLTE.css
# public/css/build/app.css
# public/css/build/overrides.css
# public/css/dist/all.css
# public/css/dist/bootstrap-table.css
# public/css/dist/skins/skin-black-dark.css
# public/css/dist/skins/skin-black-dark.min.css
# public/css/dist/skins/skin-black.css
# public/css/dist/skins/skin-black.min.css
# public/css/dist/skins/skin-blue-dark.css
# public/css/dist/skins/skin-blue-dark.min.css
# public/css/dist/skins/skin-blue.css
# public/css/dist/skins/skin-blue.min.css
# public/css/dist/skins/skin-contrast.css
# public/css/dist/skins/skin-contrast.min.css
# public/css/dist/skins/skin-green-dark.css
# public/css/dist/skins/skin-green-dark.min.css
# public/css/dist/skins/skin-green.css
# public/css/dist/skins/skin-green.min.css
# public/css/dist/skins/skin-orange-dark.css
# public/css/dist/skins/skin-orange-dark.min.css
# public/css/dist/skins/skin-orange.css
# public/css/dist/skins/skin-orange.min.css
# public/css/dist/skins/skin-purple-dark.css
# public/css/dist/skins/skin-purple-dark.min.css
# public/css/dist/skins/skin-purple.css
# public/css/dist/skins/skin-purple.min.css
# public/css/dist/skins/skin-red-dark.css
# public/css/dist/skins/skin-red-dark.min.css
# public/css/dist/skins/skin-red.css
# public/css/dist/skins/skin-red.min.css
# public/css/dist/skins/skin-yellow-dark.css
# public/css/dist/skins/skin-yellow-dark.min.css
# public/css/dist/skins/skin-yellow.css
# public/css/dist/skins/skin-yellow.min.css
# public/js/build/app.js
# public/js/build/vendor.js
# public/js/dist/all.js
# public/js/dist/bootstrap-table.js
# public/mix-manifest.json
# resources/assets/js/vue.js
# resources/lang/af/validation.php
# resources/lang/ar/admin/settings/general.php
# resources/lang/ar/validation.php
# resources/lang/bg/admin/settings/general.php
# resources/lang/bg/validation.php
# resources/lang/cs/admin/settings/general.php
# resources/lang/cs/validation.php
# resources/lang/cy/help.php
# resources/lang/cy/validation.php
# resources/lang/da/admin/settings/general.php
# resources/lang/da/validation.php
# resources/lang/de/admin/settings/general.php
# resources/lang/de/validation.php
# resources/lang/el/validation.php
# resources/lang/en-GB/admin/settings/general.php
# resources/lang/en-GB/validation.php
# resources/lang/en-ID/admin/hardware/table.php
# resources/lang/en-ID/admin/settings/general.php
# resources/lang/en-ID/validation.php
# resources/lang/es-CO/admin/settings/general.php
# resources/lang/es-CO/auth/message.php
# resources/lang/es-CO/button.php
# resources/lang/es-CO/help.php
# resources/lang/es-CO/validation.php
# resources/lang/es-ES/admin/settings/general.php
# resources/lang/es-ES/auth/message.php
# resources/lang/es-ES/button.php
# resources/lang/es-ES/help.php
# resources/lang/es-ES/validation.php
# resources/lang/es-MX/admin/settings/general.php
# resources/lang/es-MX/validation.php
# resources/lang/es-VE/admin/settings/general.php
# resources/lang/es-VE/auth/message.php
# resources/lang/es-VE/button.php
# resources/lang/es-VE/help.php
# resources/lang/es-VE/validation.php
# resources/lang/et/validation.php
# resources/lang/fa/validation.php
# resources/lang/fi/admin/settings/general.php
# resources/lang/fi/validation.php
# resources/lang/fil/validation.php
# resources/lang/fr/admin/settings/general.php
# resources/lang/fr/validation.php
# resources/lang/ga-IE/validation.php
# resources/lang/he/admin/settings/general.php
# resources/lang/he/general.php
# resources/lang/he/validation.php
# resources/lang/hr/validation.php
# resources/lang/hu/validation.php
# resources/lang/id/validation.php
# resources/lang/is/admin/categories/general.php
# resources/lang/is/admin/companies/message.php
# resources/lang/is/admin/companies/table.php
# resources/lang/is/admin/components/general.php
# resources/lang/is/admin/components/table.php
# resources/lang/is/admin/consumables/table.php
# resources/lang/is/admin/depreciations/general.php
# resources/lang/is/admin/depreciations/message.php
# resources/lang/is/admin/hardware/form.php
# resources/lang/is/admin/hardware/general.php
# resources/lang/is/admin/hardware/message.php
# resources/lang/is/admin/hardware/table.php
# resources/lang/is/admin/kits/general.php
# resources/lang/is/admin/licenses/form.php
# resources/lang/is/admin/licenses/general.php
# resources/lang/is/admin/locations/table.php
# resources/lang/is/admin/manufacturers/table.php
# resources/lang/is/admin/reports/message.php
# resources/lang/is/admin/settings/general.php
# resources/lang/is/admin/settings/message.php
# resources/lang/is/admin/statuslabels/message.php
# resources/lang/is/admin/suppliers/message.php
# resources/lang/is/admin/suppliers/table.php
# resources/lang/is/admin/users/table.php
# resources/lang/is/mail.php
# resources/lang/is/validation.php
# resources/lang/it/admin/settings/general.php
# resources/lang/it/validation.php
# resources/lang/iu/validation.php
# resources/lang/ja/mail.php
# resources/lang/ja/validation.php
# resources/lang/ko/validation.php
# resources/lang/lt/validation.php
# resources/lang/lv/validation.php
# resources/lang/mi/validation.php
# resources/lang/mk/validation.php
# resources/lang/ml-IN/validation.php
# resources/lang/mn/validation.php
# resources/lang/ms/validation.php
# resources/lang/nl/admin/settings/general.php
# resources/lang/nl/validation.php
# resources/lang/no/validation.php
# resources/lang/pl/admin/settings/general.php
# resources/lang/pl/validation.php
# resources/lang/pt-BR/admin/settings/general.php
# resources/lang/pt-BR/mail.php
# resources/lang/pt-BR/validation.php
# resources/lang/pt-PT/validation.php
# resources/lang/ro/validation.php
# resources/lang/ru/validation.php
# resources/lang/sl/validation.php
# resources/lang/sr-CS/admin/settings/general.php
# resources/lang/sr-CS/validation.php
# resources/lang/sv-SE/admin/settings/general.php
# resources/lang/sv-SE/auth/message.php
# resources/lang/sv-SE/button.php
# resources/lang/sv-SE/mail.php
# resources/lang/sv-SE/validation.php
# resources/lang/ta/validation.php
# resources/lang/th/validation.php
# resources/lang/tl/validation.php
# resources/lang/tr/mail.php
# resources/lang/tr/validation.php
# resources/lang/uk/admin/accessories/table.php
# resources/lang/uk/admin/asset_maintenances/message.php
# resources/lang/uk/admin/asset_maintenances/table.php
# resources/lang/uk/validation.php
# resources/lang/ur-PK/validation.php
# resources/lang/vi/admin/settings/general.php
# resources/lang/vi/validation.php
# resources/lang/zh-CN/admin/settings/general.php
# resources/lang/zh-CN/validation.php
# resources/lang/zh-HK/validation.php
# resources/lang/zh-TW/validation.php
# resources/lang/zu/validation.php
# resources/views/partials/bootstrap-table.blade.php
# resources/views/partials/forms/edit/company-select.blade.php
# routes/api.php
|
2021-09-21 23:46:50 -07:00 |
|
Ivan Nieto Vivanco
|
27cdfbc579
|
Edit the log message
|
2021-07-29 16:14:52 -05:00 |
|
Ivan Nieto Vivanco
|
405545cd88
|
Add exception handling in the ForgotPasswordController
|
2021-07-29 16:02:45 -05:00 |
|
Laravel Shift
|
934afa036f
|
Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.
You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.
[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
|
2021-06-10 20:15:52 +00:00 |
|
kcoyo
|
cee6f0d579
|
Update LoginController.php
Fixed #9607 - Sessions expire for SAML/RemoteUser/LDAP
|
2021-05-25 16:37:34 -07:00 |
|
Brady Wetherington
|
72a813f23d
|
This fixes the controller signature error people are getting with LDAP logins (#9466)
|
2021-04-21 10:23:32 -07:00 |
|
Brady Wetherington
|
2a28f5e66c
|
(Maybe?) Fixes the problem where we always need LDAP enabled (#9321)
* I *think* this fixes the problem where we need LDAP even if we aren't using it?
* Pull the LdapAd dependency out of the AuthController constructor
|
2021-04-20 14:53:47 -07:00 |
|
snipe
|
86fef3f40a
|
Set SAML errors to warning instead of error
Signed-off-by: snipe <snipe@snipe.net>
|
2021-03-17 22:30:26 -07:00 |
|
johnson-yi
|
763e17f491
|
Added saml custom setting retrieveParametersFromServer to enable fixing SLO issues with Azure AD (#9187)
|
2021-02-23 11:05:22 -08:00 |
|
Giuseppe Iannello
|
5edbb4b229
|
Support Google Cloud IAP (#8768)
Following up on 7c2da81700 ,
this extends the logic, adding support for Google Cloud IAP.
|
2021-02-03 11:59:55 -08:00 |
|
Ivan Nieto
|
79549dbfb9
|
Use the correct env variables in config/auth.php file. (#9048)
|
2021-01-26 12:04:41 -08:00 |
|