Subversion Repositories oidplus

Rev

Go to most recent revision | Show changed files | Details | Compare with Previous | Blame | RSS feed

Filtering Options

Rev Age Author Path Log message Diff
585 2021-05-23 17:36:08 daniel-marschall /trunk/ Very large refactoring of login methods; JWT methods encapsulated
"Remember me" (JWT cookie) and regular logins (PHP session) cannot be mixed anymore (which didn't work anyway)		  
582 2021-05-17 22:41:55 daniel-marschall /trunk/plugins/ Automated AJAX calls: Added Python example  
577 2021-05-16 21:28:47 daniel-marschall /trunk/ JWT cosmetics  
576 2021-05-16 20:24:19 daniel-marschall /trunk/ Small improvements to JWT authentication. Renamed "NBF" to "Blacklisted" to avoid confusion  
575 2021-05-16 11:55:28 daniel-marschall /trunk/ Security fix  
574 2021-05-16 03:04:22 daniel-marschall /trunk/ NEW: JWT tokens of Automated AJAX calls can now be blacklisted
REMOVED: Automated AJAX calls using "batch_username" arguments		  
573 2021-05-15 22:22:16 daniel-marschall /trunk/  
572 2021-05-15 21:50:39 daniel-marschall /trunk/ Added possibility to disable JWT token authentication in the base configuration  
570 2021-05-15 17:00:51 daniel-marschall /trunk/ Security: JWTs are now signed using RSA if OpenSSL is available.
Security: If not, then the key of JWT (which is the server secret) is processed via PBKDF2		  
568 2021-05-15 12:40:35 daniel-marschall /trunk/plugins/ Automated AJAX: Updated examples to JWT token  
566 2021-05-14 16:07:03 daniel-marschall /trunk/ Automated AJAX requests are now protected via a JWT, which is signed and doesn't contain the user's password anymore. The old method (username+password+antiBruteforceUnlockKey) is still accepted for backwards compatibility.
REMOVED: OIDplusSessionHandler->simulate
Created new class "OIDplusAuthContentStore" to make "OIDplusAuthUtils" more flexible		  
559 2021-04-26 13:21:18 daniel-marschall /trunk/plugins/ "Please log in" error messages now automatically select the correct RA/admin in the linked log in form  
549 2021-04-21 18:00:35 daniel-marschall /trunk/ JavaScript functions of plugins are now put into "namespaces" to avoid name conflicts between plugins
Changed "OIDplus::authUtils()::" to "OIDplus::authUtils()->" everywhere		  
511 2021-01-18 01:13:07 daniel-marschall /trunk/ Security: Added "INSIDE_OIDPLUS" constant to include files to avoid generating error messages when an include file is accessed directly
Updated copyright notices to 2021		  
496 2020-12-12 20:29:51 daniel-marschall /trunk/ Large refactoring of path functions.
DEPRECATED: OIDplus::basePath() becomes OIDplus::localpath()
DEPRECATED: OIDplus::getSystemUrl(X) becomes OIDplus::webpath(null, X)
OIDplus::webpath(X) becomes OIDplus::webpath(X, true)		  
426 2020-10-03 18:19:34 daniel-marschall /trunk/  
425 2020-10-02 23:29:51 daniel-marschall /trunk/plugins/ Automated AJAX calls: Added VBScript (WSH) example  
424 2020-10-02 22:22:14 daniel-marschall /trunk/ New security feature: CSRF Tokens.
ATTENTION TO PLUGIN DEVELOPERS: You need to add "csrf_token:csrf_token" to your JavaScript's AJAX request fields!		  
392 2020-09-15 19:59:14 daniel-marschall /trunk/ Removed md5() and sha1() from security-relevant areas [although the security impact was VERY small]  
360 2020-08-23 00:28:31 daniel-marschall /trunk/ LARGE UPDATE: Made everything multilingual; Translation to German!  

←Prev12Next→

Show All