| Rev |
Age |
Author |
Path |
Log message |
Diff |
| 1283 |
2023-05-18 21:50:11 |
daniel-marschall |
/trunk/ |
makeAuthKey and validateAuthKey can now be used to make temporary keys with limited lifetime.
makeAuthKey and makeSecret now accept array inputs |
|
| 1282 |
2023-05-18 00:23:38 |
daniel-marschall |
/trunk/ |
Plugins can no longer access the SERVER_SECRET base configuration settings through OIDplusBaseConfig. Instead, makeAuthKey and makeSecret must be used. The bundled plugins are already updated. |
|
| 1130 |
2023-03-26 00:38:14 |
daniel-marschall |
/trunk/ |
Another large bunch of type-safety changes |
|
| 1117 |
2023-03-24 01:13:28 |
daniel-marschall |
/trunk/ |
|
|
| 1116 |
2023-03-23 23:09:25 |
daniel-marschall |
/trunk/ |
BIG CHANGE: All methods have received a PHPdoc comment and a lot of parameter and return types have been added (as far as PHP 7.0 allows)
!!! PLEASE NOTE THAT THE NEW VERSION OF OIDPLUS IS NOT COMPATIBLE WITH OLD THIRD PARTY PLUGINS (EXCEPT THE ONES THAT ARE BUNDLED WITH OIDPLUS)
!!! IF YOU HAVE THIRD PARTY PLUGINS INSTALLED (OR WRITTEN YOURSELF), THEN YOU *WILL* RECEIVE ERROR MESSAGES AFTER THE UPDATE
!!! AND NEED TO CHANGE THE METHOD SIGNATURES IN THESE PLUGINS TO MAKE THEM WORK AGAIN. (We can help you with this task if you need help!)
Please note that due to the amount of changes, there could have been a few bugs introduced; please send all bug reports via GitHub or email
and if you have the possibility, it is recommended to test the version of a test system before applying the update on a productive system.
Thank you very much! |
|
| 1086 |
2023-02-26 01:12:29 |
daniel-marschall |
/trunk/ |
Avoid calling *.class.php files directly to avoid PHP errors (Github Issue #4) |
|
| 1050 |
2022-12-21 01:13:04 |
daniel-marschall |
/trunk/ |
Huge change in internal code structure!
All OIDplus classes are now in the class namespace "ViaThinkSoft\OIDplus".
!!! WARNING:
!!! All plugins MUST put their classes in a namespace and the constant "INSIDE_OIDPLUS" must not be used anymore.
!!! If you have a third-party plugin installed which is NOT bundled with OIDplus, you MUST update it.
!!! Recommendation: Remove the plugin first, then update OIDplus, then ask the author to change the plugin.
!!! If you have not installed any third-party plugins, then it is safe to update now. |
|
| 847 |
2022-05-27 20:36:06 |
daniel-marschall |
/trunk/includes/ |
BUGFIX: No login sessions could be created using PHP 7.0 (Bug introduced in SVN Rev 711) |
|
| 826 |
2022-04-09 12:03:36 |
daniel-marschall |
/trunk/includes/classes/ |
Fixed wrong hash_pbkdf2 length (has problems with OpenSSL supplement) |
|
| 801 |
2022-03-24 16:15:23 |
daniel-marschall |
/trunk/ |
Changed OIDplus::webpath() method to include canonical paths |
|
| 730 |
2022-01-23 22:10:52 |
daniel-marschall |
/trunk/ |
"ImplementsFeature" is now available for all PHP classes of OIDplus, not just Plugin classes.
Therefore, OID-WHOIS can now also receive WHOIS attributes from Objects (not just the Object Plugin) or the OIDplusRA class. |
|
| 716 |
2021-12-27 17:31:12 |
daniel-marschall |
/trunk/ |
Fixed update failure of version 698 => 699
Revision log (software update check) is now compressed using GZip |
|
| 711 |
2021-12-26 18:33:19 |
daniel-marschall |
/trunk/ |
Auth keys (internally used for email verification etc.) now use HMAC instead of normal hash
Added new base config setting RA_PASSWORD_PEPPER_ALGO (dangerous! Only for experts!)
OIDplusSessionHandler.class.php: Improved internal encryption!
ATTENTION
!!! If you are updating from the TAR.GZ distibution channel, then the update *will* temporarily
!!! FAIL with the error message "Authentication failed". Once the error appears, close your
!!! browser window and delete the cookies, then log-in again, and continue the update process.
!!! (The error happens because of the update of the internal session encryption procedure) |
|
| 592 |
2021-05-23 22:53:31 |
daniel-marschall |
/trunk/ |
(Nearly) reached PHPStan level 5 |
|
| 585 |
2021-05-23 17:36:08 |
daniel-marschall |
/trunk/ |
Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway) |
|
| 571 |
2021-05-15 21:17:51 |
daniel-marschall |
/trunk/ |
OIDplusConfigInterface renamed to OIDplusGetterSetterInterface
Improved OIDplus class autoloader (supports namespaces) |
|
| 569 |
2021-05-15 16:00:35 |
daniel-marschall |
/trunk/ |
OOP |
|
| 566 |
2021-05-14 16:07:03 |
daniel-marschall |
/trunk/ |
Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible |
|
| 563 |
2021-05-09 20:32:36 |
daniel-marschall |
/trunk/ |
OAuth plugins display warning if SameSite policy is "Strict". A different approach follows later. (BUG#0000213) |
|
| 557 |
2021-04-25 22:06:14 |
daniel-marschall |
/trunk/ |
Cookie SAMESITE policy can now be configured in the base configuration file.
New clas "OIDplusCookieUtils".
In shebang, using "env php" instead of "/usr/bin/php". |
|