snipe-it

mirror of https://github.com/snipe/snipe-it.git synced 2024-11-12 16:44:08 -08:00

Author	SHA1	Message	Date
snipe	9594596b8a	Fixed another hard-coded string Signed-off-by: snipe <snipe@snipe.net>	2024-06-20 15:22:27 +01:00
snipe	df1cef59d5	Fixes path for redirect response Signed-off-by: snipe <snipe@snipe.net>	2024-05-29 18:01:40 +01:00
snipe	fb233c0aa4	Cleaned up facade names and references Signed-off-by: snipe <snipe@snipe.net>	2024-05-29 12:38:15 +01:00
Brady Wetherington	81b8243e1d	Enforce SAML assertion ID uniqueness and notValidOnOrAfter attribute	2024-01-25 19:53:24 +00:00
snipe	45d9119733	Removed debugging/comments Signed-off-by: snipe <snipe@snipe.net>	2023-11-22 22:32:34 +00:00
snipe	8481768c3d	Save quietly for login methods Signed-off-by: snipe <snipe@snipe.net>	2023-11-22 21:42:21 +00:00
snipe	b54e7dc3ee	Fixed #13336 - Save unhashed password if no password provided Signed-off-by: snipe <snipe@snipe.net>	2023-07-19 17:44:40 +01:00
snipe	29c2ff56ec	Merge pull request #12188 from snipe/fixes/decrease_logging_for_saml_when_not_enabled Removed extra logging case that was very noisy	2022-12-15 11:26:49 -08:00
snipe	c3a6874b16	Add throttle for password reset form Signed-off-by: snipe <snipe@snipe.net>	2022-12-06 20:42:40 -08:00
snipe	1fe0bfe17e	Removed extra logging case that was very noisy Signed-off-by: snipe <snipe@snipe.net>	2022-11-28 19:27:42 -08:00
Ivan Nieto Vivanco	3aff97ace1	Remove the previous user hashed password	2022-09-06 18:43:35 -05:00
snipe	af7ccf3beb	Handle logout route names Signed-off-by: snipe <snipe@snipe.net>	2022-08-01 16:17:40 -07:00
snipe	ee4f355e49	Changed logging to debug Signed-off-by: snipe <snipe@snipe.net>	2022-07-05 17:58:45 -07:00
snipe	a5b857c753	Return error if token is incorrect Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 19:30:51 -07:00
snipe	a31bca1798	Check that the user is activated before letting them reset their password Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 18:48:02 -07:00
snipe	7f8fc7add9	Make SAML debugging less noisy Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 17:57:17 -07:00
snipe	f4f400ed87	Handle workflow better for invalid users Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 16:13:43 -07:00
snipe	a49ccf0863	Removed unused rules Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 16:13:26 -07:00
snipe	300879847f	Added a few comments to make it clearer what’s happening Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 14:33:10 -07:00
snipe	21875100b6	Fixed missing password.token string and checked for user existing before trying to reset Signed-off-by: snipe <snipe@snipe.net>	2022-06-21 14:15:38 -07:00
Brady Wetherington	b4a0d33ba8	Reduce logging further; we know the main error condition now	2022-05-17 19:57:42 -07:00
Brady Wetherington	6c86a28d18	Pass the password along directly instead of retrieving it from the Input or Request	2022-05-16 10:58:27 -07:00
Johnson Yi	4401dab8d6	fix saml slo for logout	2022-05-14 11:59:34 +00:00
Brady Wetherington	0ddb0f2c81	Switch the barcode backend to SVG, and fix the two-factor middleware	2022-05-13 14:22:27 -07:00
snipe	780222d372	Merge remote-tracking branch 'origin/master' into develop Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Auth/LoginController.php # resources/views/users/print.blade.php	2022-05-10 17:26:26 -07:00
snipe	4fccf4ddc4	Few more log lines Signed-off-by: snipe <snipe@snipe.net>	2022-05-10 12:27:42 -07:00
snipe	f4e737eaf3	More SAML debugging Signed-off-by: snipe <snipe@snipe.net>	2022-05-10 12:14:22 -07:00
snipe	f572eaa421	Added debugging for SAML login Signed-off-by: snipe <snipe@snipe.net>	2022-05-10 12:07:07 -07:00
snipe	784bf4d784	Merge remote-tracking branch 'origin/master' into develop Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .github/ISSUE_TEMPLATE/feature_request.yml # app/Http/Controllers/CustomFieldsetsController.php # app/Http/Controllers/ReportsController.php # config/version.php # package-lock.json # package.json # public/css/dist/all.css # public/css/dist/bootstrap-table.css # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/views/users/print.blade.php # webpack.mix.js	2022-05-06 01:52:43 -07:00
snipe	b20921cb62	Removed duplicate session regenerate Signed-off-by: snipe <snipe@snipe.net>	2022-05-05 21:35:05 -07:00
Johnson Yi	92fe1287ea	Do not saml login automatically after normal logout	2022-04-29 15:35:08 +00:00
snipe	b876d0abb0	Merge remote-tracking branch 'origin/master' into develop Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .env.example # app/Http/Controllers/Auth/LoginController.php # app/Http/Kernel.php # app/Http/Transformers/ActionlogsTransformer.php # app/Importer/AssetImporter.php # app/Models/Accessory.php # app/Models/Consumable.php # app/Presenters/AccessoryPresenter.php # app/Presenters/ComponentPresenter.php # app/Presenters/ConsumablePresenter.php # app/Providers/AuthServiceProvider.php # composer.json # composer.lock # config/app.php # config/cors.php # config/version.php # package-lock.json # public/js/build/app.js # public/js/build/app.js.LICENSE.txt # public/js/dist/all.js # public/mix-manifest.json # resources/views/accessories/view.blade.php # resources/views/consumables/view.blade.php # resources/views/settings/saml.blade.php # routes/api.php	2022-03-03 21:59:38 -08:00
snipe	42fcd29200	Fixed #10436 on master, applies #10449 Signed-off-by: snipe <snipe@snipe.net>	2022-02-22 21:06:54 -08:00
snipe	dd5f812d88	Merge remote-tracking branch 'origin/master' into develop Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .all-contributorsrc # README.md # app/Console/Commands/FixDoubleEscape.php # app/Console/Commands/LdapSync.php # app/Exceptions/Handler.php # app/Http/Controllers/Api/AssetMaintenancesController.php # app/Http/Controllers/Api/AssetModelsController.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Api/CategoriesController.php # app/Http/Controllers/Api/CompaniesController.php # app/Http/Controllers/Api/DepartmentsController.php # app/Http/Controllers/Api/LicensesController.php # app/Http/Controllers/Api/LocationsController.php # app/Http/Controllers/Api/ManufacturersController.php # app/Http/Controllers/Api/SettingsController.php # app/Http/Controllers/Api/SuppliersController.php # app/Http/Controllers/AssetModelsController.php # app/Http/Controllers/Auth/LoginController.php # app/Http/Controllers/CustomFieldsController.php # app/Http/Controllers/SettingsController.php # app/Models/Loggable.php # app/Providers/AuthServiceProvider.php # config/version.php # database/migrations/2014_11_04_231416_update_group_field_for_reporting.php # database/migrations/2015_11_08_222305_add_ldap_fields_to_settings.php # package-lock.json # package.json # public/js/build/app.js # public/js/dist/all.js # public/mix-manifest.json # resources/assets/js/components/forms/asset-models/fieldset-default-values.vue # resources/views/hardware/view.blade.php	2022-02-20 13:29:12 -08:00
snipe	4f89dfee49	Merge pull request #10679 from snipe/fixes/timing_attack_mitigation_for_forgot_password Added usleep random to forgotten password method to mitigate timing attacks	2022-02-16 11:17:00 -07:00
snipe	f878e0ad66	Fixes 2FA cookie -> user issue Signed-off-by: snipe <snipe@snipe.net>	2022-02-15 18:29:23 -08:00
snipe	178e440951	Added usleep :( Signed-off-by: snipe <snipe@snipe.net>	2022-02-15 18:09:58 -08:00
Alex Janes	edef640d35	Merge branch 'develop' into features/lock_logins_to_saml	2022-01-11 09:05:14 -05:00
Alex Janes	a68ec8bb57	Update LoginController.php Updated if statements to match convention exactly.	2021-12-17 18:52:42 -05:00
Alex Janes	d99db5c63b	bug fix and formatting fix	2021-12-16 19:04:37 -05:00
Alex Janes	6898119891	Replaced env() with config() to check environment variables Made the app.php description for 'REQUIRE_SAML' a bit more... descriptive.	2021-12-16 16:56:39 -05:00
Alex Janes	a6116a1b15	If SAML required, don't accept login form post.	2021-12-16 14:33:25 -05:00
Alex Janes	3c8d70c5fb	Add option to environment to require SAML for a more secure installation.	2021-12-16 11:44:07 -05:00
Brady Wetherington	864cc4f8d5	Fix FIXME's by downgrading them to TODO's :)	2021-11-10 11:37:10 -08:00
Brady Wetherington	a58c5ce27f	Better documentation, disable AdLdap2-based "Add domain" setting	2021-11-08 17:11:47 -08:00
Brady Wetherington	b0417e5bd7	Finish pulling out the AdLdap2-based LDAP remnants that were still in the system	2021-11-03 15:22:06 -07:00
Steven Daniele	efc644c960	support apache REDIRECT_* for remote user login	2021-10-28 14:23:38 -04:00
snipe	aa8f1378c9	Merge remote-tracking branch 'origin/master' into develop Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # README.md # app/Http/Controllers/Accessories/AccessoriesController.php # app/Http/Controllers/Api/AssetMaintenancesController.php # app/Http/Controllers/Api/AssetModelsController.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Api/UsersController.php # app/Http/Controllers/AssetMaintenancesController.php # app/Http/Controllers/Assets/AssetFilesController.php # app/Http/Controllers/Assets/AssetsController.php # app/Http/Controllers/Assets/BulkAssetsController.php # app/Http/Controllers/Components/ComponentsController.php # app/Http/Controllers/Consumables/ConsumablesController.php # app/Http/Controllers/Licenses/LicenseFilesController.php # app/Http/Controllers/Licenses/LicensesController.php # app/Http/Controllers/Users/UserFilesController.php # app/Http/Transformers/AssetsTransformer.php # app/Http/Transformers/LicensesTransformer.php # app/Importer/UserImporter.php # app/Models/Asset.php # config/app.php # config/version.php # package-lock.json # public/js/build/app.js # public/js/dist/all.js # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/lang/en/admin/users/message.php # resources/lang/is/button.php # resources/lang/ja/admin/kits/general.php # resources/lang/ro/admin/users/general.php # resources/lang/zh-HK/admin/depreciations/general.php # resources/lang/zh-HK/admin/models/general.php # resources/views/hardware/qr-view.blade.php # resources/views/hardware/view.blade.php # resources/views/partials/bootstrap-table.blade.php # resources/views/users/view.blade.php # routes/web.php # routes/web/hardware.php # routes/web/models.php # routes/web/users.php	2021-10-20 17:26:41 -07:00
snipe	5d94b99035	Switched to 5 in one minute Signed-off-by: snipe <snipe@snipe.net>	2021-10-08 15:53:32 -07:00
snipe	0674ef5a3d	Fixed number to 1 (for minutes) Signed-off-by: snipe <snipe@snipe.net>	2021-10-08 15:43:32 -07:00

1 2 3 4

154 commits