Commit graph

99 commits

Author SHA1 Message Date
snipe aed769c0be Honor active status for forgotten password request forms 2018-08-14 20:05:57 -07:00
snipe ae6abdddad Check the user is active before displaying password reset
This would only come into play if an inactive user already received a password reset email and then the system was upgraded to prevent those emails from being sent to inactive users
2018-08-14 19:04:47 -07:00
snipe 05b2b8fb59 Tweaked code/language for password reset 2018-08-14 18:09:33 -07:00
snipe 25097bce31 Only allow activated users to reset their password 2018-08-14 18:04:27 -07:00
snipe 0100c56046 Only allow password reset if user is active 2018-08-14 17:46:29 -07:00
snipe 7bb50a61a7 Applying @dmeltzer’s changes from afc8ac5e72 2018-07-24 21:13:02 -07:00
snipe d45e90e358 One more fix for #5893 2018-07-19 14:45:28 -07:00
snipe a0c0b7b1eb Fixed #5893 - activated typo 2018-07-19 10:22:08 -07:00
snipe bcd988bb81 Merge branch 'develop' of https://github.com/DeusMaximus/snipe-it into develop
# Conflicts:
#	app/Http/Controllers/Auth/LoginController.php
2018-07-17 01:11:15 -07:00
snipe bf761946da Fix activated check for login 2018-07-16 23:48:46 -07:00
DeusMaximus 7c2da81700
Fix REMOTE_USER Header with IIS and AD
Remove DOMAIN\ portion of DOMAIN\user when using Windows Authentication and IIS with REMOTE_USER.
2018-07-17 14:03:19 +10:00
David Kaatz a43b31400f Authentication via REMOTE_USER (#5142)
* Added authentication via Remote User

* - Removed nullable from remote_user settings fileds and used just default values instead
- Removed german translations
- Removed 401 error page and replaced usage with 403 error page as 401 was actual a duplicate of 403
- Replaced usage of $_SERVER['REMOTE_USER'] with Laravels API Request::server('REMOVE_USER')

* - Fixed request usage
2018-03-13 20:07:52 -07:00
snipe d2e2c1c05f Stub and 404 registration routes 2017-12-19 22:14:51 -08:00
snipe 8a7abba427 Slash url 2017-10-02 17:21:18 -07:00
snipe 9df648b428 Fix Session path 2017-10-02 17:19:22 -07:00
snipe 59225701b5 Redirect to previous after login 2017-10-02 16:00:42 -07:00
snipe fc96fa756e Fix redirect default on password reset 2017-09-27 16:23:21 -07:00
snipe ea9a502152 Added empty regsitration controller
When using the default Laravel auth routes, it expects a registration controller, even though we don’t have a concept of registration. This blank controller just prevents route caching from throwing errors.
2017-09-27 16:23:01 -07:00
snipe 14f3868b46 Update all controllers to use laravel 5 return view method 2017-06-09 16:44:03 -07:00
snipe 51fccbdda4 Added last login to user menu 2017-03-03 18:28:13 -08:00
snipe d19cc9d9c1 Added legacy redirector 2017-02-02 18:14:25 -08:00
snipe d9d048f90d Fixed #2303 - redirect correctly after login 2017-01-12 07:09:44 -08:00
snipe 51ceaedfaf Small phpcbf cleanup 2016-12-29 14:02:18 -08:00
snipe 0cf5ad120b Removed todo 2016-12-22 21:09:01 -08:00
snipe 68ac4abe2c Updated throttling override for 5.3 2016-12-14 06:30:51 -08:00
snipe 433adb1dcb Updated traits and method names for 5.3 2016-12-14 05:06:51 -08:00
snipe 5cd7e84d98 Renamed Password controllers to new 5.3 versions 2016-12-14 05:06:15 -08:00
snipe 65db55908a Rename to AuthController to LoginController 2016-12-14 04:30:56 -08:00
snipe 7ccef51a4f Removed some dumb comments 2016-12-01 02:25:53 -08:00
snipe 4c418bf622 Remove unused $request variable 2016-12-01 02:13:00 -08:00
snipe 16cfdbaa93 Redirect the lost password success back to login 2016-12-01 02:04:43 -08:00
snipe 3f8f6ad981 Fixes #2995 - adds max login attempts/duration as .env option 2016-12-01 02:04:15 -08:00
snipe 68b9ffb908 Only allow login via LDAP if the user was already imported or created via LDAP 2016-12-01 00:29:45 -08:00
snipe 6c366eb112 Fixes potential login issue if password syncing is set to true 2016-11-30 20:39:43 -08:00
snipe b854689d3d Urlencode username in case it has spaces 2016-11-11 20:09:22 -08:00
snipe 4747a4c03f Added urlencode to site name 2016-10-31 22:34:57 -07:00
Frank 10ea5daabd Harden PragmaRX secret to 32 bytes (#2859)
This is needed at all but that extra security is always good.
2016-10-31 11:20:31 -07:00
snipe cea255995c Fixes #106 - adds Google Authenticator support (#2842)
* refactor to clean up LDAP login, and make the login method easier to handle.

* Login refactor cleanup

* Google 2FA package

* Adds Google Authenticator two-factor

* Removed unused blade

* Added optin setting in profile

* Removed dumb comments

* Made lock_passwords check more consistent

* Additional two factor strings

* Lock passwords check

* Display feature disabled text if in demo mode

* Two factor admin reset options

* Translation strings
2016-10-29 05:50:55 -07:00
Andrés Núñez 40f00665b3 Translate emails (#2652)
* commit temporal

* final translation commit -- added email translations

* final translation commit -- removed file for spanish translations

* final translation commit -- removed file for spanish translations

* added missing translations

* method overrided and config files back to default

* config files back to default

* config files back to default
2016-09-26 14:13:07 -07:00
snipe 1d3255a00b Allow admin to turn LDAP password sync off.
This is added to handle customers/users with a security policy that prohibits third-parties or external databases from storing LDAP passwords.
2016-08-04 14:29:28 -07:00
snipe 92175eb700 Few more LDAP/AD tweaks 2016-07-14 23:49:32 -07:00
snipe 4233c781ac Reworked LDAP login. Fixes #2218
LDAP no longer fails completely when the connection settings are wrong, or when app key is messed up. Rather than auth as the admin user and search, we auth as the user themselves. Admin auth is only for LDAP sync now.

This should mean much fewer problems with donked LDAP settings and login.
2016-07-13 05:50:24 -07:00
snipe c8351ae01b Reverting back to or die 2016-07-11 18:25:29 -07:00
snipe 4e38f96f97 Switched or and and to || and && for code quality 2016-07-10 20:55:44 -07:00
snipe a9f060e768 Removed extraneous comments 2016-07-09 18:19:19 -07:00
snipe ba01b20ad4 Use updated redirect() reference 2016-04-28 21:06:41 -07:00
snipe a62859dc6d Updated docblocks 2016-04-07 13:21:09 -07:00
snipe 90d4a8b2e3 Cleanup namespaces a bit 2016-03-25 19:26:22 -07:00
snipe fe00b0e401 Version 3 - hold onto your butts 2016-03-25 01:18:05 -07:00