Commit Graph

24 Commits

Author SHA1 Message Date
nupplaPhil 96555a7385
Refactor "Authentication" class with four main methods:
- withSession() - for auto authentication with Session/Cookie variables
- withOpenId() - for authentication with an OpenID account
- withPassword() - for authentication with Password
- setForUser() - for setting the user auth context of the current session

Refactor "Session" class - contains now "native" Session Management methods
2019-12-05 23:02:51 +01:00
nupplaPhil 18a3d18ba6
Move Authentication methods to class "Authentication" 2019-12-05 23:02:50 +01:00
Hypolite Petovan 146646c4d4 Replace deprecated calls to defaults() by ?? and ?: in src/ 2019-10-16 08:38:52 -04:00
Hypolite Petovan 001c9ed259 Fix typo in Core\Authentication 2019-10-11 19:57:04 -04:00
dew-git 811cdcdfcb Fix security vulnerbilities.
Fix possible length extension attack, predicable generators, timing attacks on hash comparision and improved formatting.
2019-10-10 15:21:41 -08:00
Philipp Holzer 290dd2ab39
moved rest of BaseURL 2019-08-15 17:36:07 +02:00
Philipp Holzer 734b63adba
Fixed wrong "BaseUrl" class (=> "BaseURL") 2019-08-15 17:23:35 +02:00
Hypolite Petovan 4ec4a04e49 Remove mod/ping from 2fa exception list
- Prevent asynchronous calls to redirect to /2fa in case of missing valid 2fa session
2019-07-23 20:03:08 -04:00
Hypolite Petovan bf82736522 Exclude /api and /proxy from 2fa check 2019-05-15 08:56:02 -04:00
Hypolite Petovan d7e9b91181 Add two-factor authentication
- Add 2FA login interception in Session::setAuthenticatedForUser
- Add 2fa session variable holding the last auth code
2019-05-13 01:52:01 -04:00
Hypolite Petovan 6071fe81b4 Move Authentication::setAuthenticatedSessionForUser to Session::setAuthenticatedForUser 2019-05-13 01:51:59 -04:00
Philipp Holzer 318a3ca785
Create own base URL class which holds the whole base url business logic 2019-04-09 08:31:16 +02:00
Hypolite Petovan 3282ce5389 Fix PHPDoc comments project-wide 2019-01-21 10:35:51 -05:00
Hypolite Petovan 55e54bb950 Replace deprecated Addon::callHooks with Hook::callAll
- Update documentation
2019-01-21 09:50:56 -05:00
Hypolite Petovan 458981f75c Replace x() by isset(), !empty() or defaults()
- Remove extraneous parentheses around empty() calls
- Remove duplicate calls to intval(), count() or strlen() after empty()
- Replace ternary operators outputting binary value with empty() return value
- Rewrite defaults() without x()
2018-11-30 09:06:22 -05:00
Philipp Holzer 8ad721988b
Refactoring identities to Model\User::identities 2018-11-08 00:38:55 +01:00
Adam Magness 50da89d861 Logger Levels
update logger levels in calls
2018-10-30 09:58:45 -04:00
Adam Magness 14fde5dc9b Log function
implement log() function.
2018-10-30 09:57:14 -04:00
Hypolite Petovan e511790d62 Move NULL_DATE from boot.php to DBA::NULL_DATETIME
- Add DBA::NULL_DATE constant
2018-10-22 16:50:55 -04:00
Philipp Holzer 3edad1591e
replaced $return_url to $return_path to make it more clear that it is a relative path to the Friendica baseurl 2018-10-22 22:13:37 +02:00
Philipp Holzer d00ddc01af
Split goaway to System::externalRedirectTo() and App->internalRedirect() 2018-10-22 22:13:35 +02:00
Jonny Tischbein f3fc1f36ca Renaming functions + moving functions from security to Model/Item and BaseModule + fix multiline comments 2018-10-17 21:30:41 +02:00
Jonny Tischbein ce2b1f5715 Rename function Authentication::authenticate_success to Authentication::success 2018-10-17 18:45:32 +02:00
Jonny Tischbein 05be2db725 Move include/security tp /src/Core/Authentication and /src/Util/Security 2018-10-17 14:19:58 +02:00