| Rev |
Age |
Author |
Path |
Log message |
Diff |
| 1301 |
2023-06-01 00:04:36 |
daniel-marschall |
/trunk/ |
Simplified OIDplusAuthContentStore* classes |
|
| 1300 |
2023-05-30 01:04:00 |
daniel-marschall |
/trunk/ |
|
|
| 1283 |
2023-05-18 21:50:11 |
daniel-marschall |
/trunk/ |
makeAuthKey and validateAuthKey can now be used to make temporary keys with limited lifetime.
makeAuthKey and makeSecret now accept array inputs |
|
| 1282 |
2023-05-18 00:23:38 |
daniel-marschall |
/trunk/ |
Plugins can no longer access the SERVER_SECRET base configuration settings through OIDplusBaseConfig. Instead, makeAuthKey and makeSecret must be used. The bundled plugins are already updated. |
|
| 1267 |
2023-05-14 02:47:49 |
daniel-marschall |
/trunk/ |
Introduced new version of Logger Maskcodes
!!! Attention! If you have installed foreign plugins (not bundled with OIDplus), you MUST update their logging maskcodes;
!!! if you are the developer of the plugin, please run dev/logger/verify_maskcodes.phps to verify the plugins
!!! A documentation of the new maskcodes can be found in doc/developer_notes/logger_maskcodes.md |
|
| 1265 |
2023-05-13 01:26:05 |
daniel-marschall |
/trunk/ |
NEW FEATURE: REST API (Framework Beta Stage; endpoints are not implemented yet) |
|
| 1199 |
2023-04-11 15:02:59 |
daniel-marschall |
/trunk/ |
Log method: Added functionality to add arguments like in _L() |
|
| 1186 |
2023-04-08 20:32:34 |
daniel-marschall |
/trunk/ |
Methods in OIDplusAuthUtils, OIDplusGui, OIDplusMailUtils, OIDplusMenuUtils are now not static anymore |
|
| 1130 |
2023-03-26 00:38:14 |
daniel-marschall |
/trunk/ |
Another large bunch of type-safety changes |
|
| 1116 |
2023-03-23 23:09:25 |
daniel-marschall |
/trunk/ |
BIG CHANGE: All methods have received a PHPdoc comment and a lot of parameter and return types have been added (as far as PHP 7.0 allows)
!!! PLEASE NOTE THAT THE NEW VERSION OF OIDPLUS IS NOT COMPATIBLE WITH OLD THIRD PARTY PLUGINS (EXCEPT THE ONES THAT ARE BUNDLED WITH OIDPLUS)
!!! IF YOU HAVE THIRD PARTY PLUGINS INSTALLED (OR WRITTEN YOURSELF), THEN YOU *WILL* RECEIVE ERROR MESSAGES AFTER THE UPDATE
!!! AND NEED TO CHANGE THE METHOD SIGNATURES IN THESE PLUGINS TO MAKE THEM WORK AGAIN. (We can help you with this task if you need help!)
Please note that due to the amount of changes, there could have been a few bugs introduced; please send all bug reports via GitHub or email
and if you have the possibility, it is recommended to test the version of a test system before applying the update on a productive system.
Thank you very much! |
|
| 1107 |
2023-03-01 13:26:17 |
daniel-marschall |
/trunk/ |
|
|
| 1106 |
2023-03-01 02:22:19 |
daniel-marschall |
/trunk/includes/classes/ |
|
|
| 1099 |
2023-02-27 12:52:20 |
daniel-marschall |
/trunk/ |
RA Auth plugins can now be only-hash or only-verify |
|
| 1098 |
2023-02-27 12:02:09 |
daniel-marschall |
/trunk/ |
Added more arguments to random_bytes_ex() to force CSRNG |
|
| 1096 |
2023-02-27 09:52:19 |
daniel-marschall |
/trunk/ |
|
|
| 1088 |
2023-02-26 19:00:05 |
daniel-marschall |
/trunk/ |
Added Argon2 auth plugin (only RAs).
Config: Auth plugin setting can (and should) be empty, which means that OIDplus automatically chooses the best auth plugin.
RA Auth plugins: Added available() function to OIDplusAuthPlugin.
Removed "A3#" prefix from password hashes created by plugin A3_bcrypt. |
|
| 1086 |
2023-02-26 01:12:29 |
daniel-marschall |
/trunk/ |
Avoid calling *.class.php files directly to avoid PHP errors (Github Issue #4) |
|
| 1050 |
2022-12-21 01:13:04 |
daniel-marschall |
/trunk/ |
Huge change in internal code structure!
All OIDplus classes are now in the class namespace "ViaThinkSoft\OIDplus".
!!! WARNING:
!!! All plugins MUST put their classes in a namespace and the constant "INSIDE_OIDPLUS" must not be used anymore.
!!! If you have a third-party plugin installed which is NOT bundled with OIDplus, you MUST update it.
!!! Recommendation: Remove the plugin first, then update OIDplus, then ask the author to change the plugin.
!!! If you have not installed any third-party plugins, then it is safe to update now. |
|
| 866 |
2022-06-19 20:21:58 |
daniel-marschall |
/trunk/ |
CSRF token debug |
|
| 849 |
2022-05-28 21:29:05 |
daniel-marschall |
/trunk/ |
|
|
| 730 |
2022-01-23 22:10:52 |
daniel-marschall |
/trunk/ |
"ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class. |
|
| 712 |
2021-12-26 18:44:52 |
daniel-marschall |
/trunk/includes/classes/ |
|
|
| 711 |
2021-12-26 18:33:19 |
daniel-marschall |
/trunk/ |
Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!
ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure) |
|
| 622 |
2021-06-11 00:37:28 |
daniel-marschall |
/trunk/ |
Change to JWT key of HS512 (if no PKI is available) |
|
| 621 |
2021-06-11 00:27:12 |
daniel-marschall |
/trunk/ |
ViaThinkSoft repos switched from SVN to Packagist/GitHub |
|
| 617 |
2021-06-02 00:03:52 |
daniel-marschall |
/trunk/ |
Added new high-security feature RA Password Pepper (use with extreme caution! Existing passwords will become invalid)
RA password generation: BCrypt "cost" parameter can now be configured. |
|
| 609 |
2021-05-29 23:09:04 |
daniel-marschall |
/trunk/ |
The administrator account can now have more than one valid password.
webwhois.php is now disabled if the WHOIS plugin is disabled |
|
| 592 |
2021-05-23 22:53:31 |
daniel-marschall |
/trunk/ |
(Nearly) reached PHPStan level 5 |
|
| 590 |
2021-05-23 18:45:00 |
daniel-marschall |
/trunk/ |
PHPStan Level 3 reached |
|
| 585 |
2021-05-23 17:36:08 |
daniel-marschall |
/trunk/ |
Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway) |
|
| 583 |
2021-05-22 11:32:35 |
daniel-marschall |
/trunk/ |
Added JWT TTL (time to live) config value |
|
| 579 |
2021-05-17 17:51:20 |
daniel-marschall |
/trunk/ |
Login "remember me" feature (using JWT authentication) |
|
| 578 |
2021-05-17 01:27:25 |
daniel-marschall |
/trunk/ |
JWT authentication security improvements |
|
| 577 |
2021-05-16 21:28:47 |
daniel-marschall |
/trunk/ |
JWT cosmetics |
|
| 576 |
2021-05-16 20:24:19 |
daniel-marschall |
/trunk/ |
Small improvements to JWT authentication. Renamed "NBF" to "Blacklisted" to avoid confusion |
|
| 574 |
2021-05-16 03:04:22 |
daniel-marschall |
/trunk/ |
NEW: JWT tokens of Automated AJAX calls can now be blacklisted
REMOVED: Automated AJAX calls using "batch_username" arguments |
|
| 572 |
2021-05-15 21:50:39 |
daniel-marschall |
/trunk/ |
Added possibility to disable JWT token authentication in the base configuration |
|
| 570 |
2021-05-15 17:00:51 |
daniel-marschall |
/trunk/ |
Security: JWTs are now signed using RSA if OpenSSL is available.
Security: If not, then the key of JWT (which is the server secret) is processed via PBKDF2 |
|
| 567 |
2021-05-14 16:56:56 |
daniel-marschall |
/trunk/includes/classes/ |
Removed: Session handler cannot be accessed outside the authentification utilities anymore |
|
| 566 |
2021-05-14 16:07:03 |
daniel-marschall |
/trunk/ |
Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible |
|