| Rev |
Age |
Author |
Path |
Log message |
Diff |
| 1099 |
2023-02-27 12:52:20 |
daniel-marschall |
/trunk/ |
RA Auth plugins can now be only-hash or only-verify |
|
| 1098 |
2023-02-27 12:02:09 |
daniel-marschall |
/trunk/ |
Added more arguments to random_bytes_ex() to force CSRNG |
|
| 1096 |
2023-02-27 09:52:19 |
daniel-marschall |
/trunk/ |
|
|
| 1088 |
2023-02-26 19:00:05 |
daniel-marschall |
/trunk/ |
Added Argon2 auth plugin (only RAs).
Config: Auth plugin setting can (and should) be empty, which means that OIDplus automatically chooses the best auth plugin.
RA Auth plugins: Added available() function to OIDplusAuthPlugin.
Removed "A3#" prefix from password hashes created by plugin A3_bcrypt. |
|
| 1086 |
2023-02-26 01:12:29 |
daniel-marschall |
/trunk/ |
Avoid calling *.class.php files directly to avoid PHP errors (Github Issue #4) |
|
| 1050 |
2022-12-21 01:13:04 |
daniel-marschall |
/trunk/ |
Huge change in internal code structure!
All OIDplus classes are now in the class namespace "ViaThinkSoft\OIDplus".
!!! WARNING:
!!! All plugins MUST put their classes in a namespace and the constant "INSIDE_OIDPLUS" must not be used anymore.
!!! If you have a third-party plugin installed which is NOT bundled with OIDplus, you MUST update it.
!!! Recommendation: Remove the plugin first, then update OIDplus, then ask the author to change the plugin.
!!! If you have not installed any third-party plugins, then it is safe to update now. |
|
| 866 |
2022-06-19 20:21:58 |
daniel-marschall |
/trunk/ |
CSRF token debug |
|
| 849 |
2022-05-28 21:29:05 |
daniel-marschall |
/trunk/ |
|
|
| 730 |
2022-01-23 22:10:52 |
daniel-marschall |
/trunk/ |
"ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class. |
|
| 712 |
2021-12-26 18:44:52 |
daniel-marschall |
/trunk/includes/classes/ |
|
|
| 711 |
2021-12-26 18:33:19 |
daniel-marschall |
/trunk/ |
Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!
ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure) |
|
| 622 |
2021-06-11 00:37:28 |
daniel-marschall |
/trunk/ |
Change to JWT key of HS512 (if no PKI is available) |
|
| 621 |
2021-06-11 00:27:12 |
daniel-marschall |
/trunk/ |
ViaThinkSoft repos switched from SVN to Packagist/GitHub |
|
| 617 |
2021-06-02 00:03:52 |
daniel-marschall |
/trunk/ |
Added new high-security feature RA Password Pepper (use with extreme caution! Existing passwords will become invalid)
RA password generation: BCrypt "cost" parameter can now be configured. |
|
| 609 |
2021-05-29 23:09:04 |
daniel-marschall |
/trunk/ |
The administrator account can now have more than one valid password.
webwhois.php is now disabled if the WHOIS plugin is disabled |
|
| 592 |
2021-05-23 22:53:31 |
daniel-marschall |
/trunk/ |
(Nearly) reached PHPStan level 5 |
|
| 590 |
2021-05-23 18:45:00 |
daniel-marschall |
/trunk/ |
PHPStan Level 3 reached |
|
| 585 |
2021-05-23 17:36:08 |
daniel-marschall |
/trunk/ |
Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway) |
|
| 583 |
2021-05-22 11:32:35 |
daniel-marschall |
/trunk/ |
Added JWT TTL (time to live) config value |
|
| 579 |
2021-05-17 17:51:20 |
daniel-marschall |
/trunk/ |
Login "remember me" feature (using JWT authentication) |
|