AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,514 Commits 2 Branches 0 Tags 86 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Joe Nahmias bd7f3d219d bump symfony to 5.4.21 
adapt to the new EventDispatcher API
  - Symfony\Component\EventDispatcher => Symfony\Contracts\EventDispatcher
  - dispatch() arguments swap
  - execute() must return int
 2023-07-01 20:41:08 -07:00
irdc 4b76bc5b32
Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data 
* Use a HMAC to sign and validate CSRF tokens, instead of generating random
ones and storing them in the session data. Reduces number of writes to
sessions table and fixes kanboard issue #4942.
* Added missing CSRF check for starting/stopping subtask timers.

Co-authored-by: Willemijn Coene <willemijn@irdc.nl>
 2022-09-17 17:23:41 -07:00
Frédéric Guillot 233fd1a8a1 Authorize only API tokens when 2FA is enabled 2019-02-01 15:40:35 -08:00
Frédéric Guillot 9ddefa979a Add CSRF check for task and project files upload 2018-01-29 15:56:30 -08:00
Frédéric Guillot ccd177ada6 Store PHP sessions in the database 2017-12-12 15:04:28 -08:00
Frederic Guillot 6d814566fb Render QR code for TwoFactor authentication without Google Chart API 2017-03-09 21:24:04 -05:00
Frederic Guillot fedf4ea2de
Custom project roles inherit from project members 2016-09-08 20:44:03 -04:00
Frederic Guillot a7f3e3bec5 PHPdoc cleanup 2016-03-04 21:11:12 -05:00
Frederic Guillot ad8fcf035a Add new API procedures for groups, roles and project permissions 2016-01-22 21:23:12 -05:00
Frederic Guillot ddb73063a7 Return the highest role for a project when a user is member of multiple groups 2016-01-18 21:20:35 -05:00
Frederic Guillot e62779e267 Improve 2FA 2016-01-05 20:31:15 -05:00
Frederic Guillot 8f6c064cd7 Add debug log for session invalidation 2015-12-06 14:55:45 -05:00
Frederic Guillot d0e809a32c Add new method to flush session variables 2015-12-06 08:23:53 -05:00
Frederic Guillot 73ce90ac56 Remove unused use statements 2015-12-05 21:34:26 -05:00
Frederic Guillot e9fedf3e5c Rewrite of the authentication and authorization system 2015-12-05 20:31:27 -05:00
Frederic Guillot 91bdf6aaf3 Add generic authorization class 2015-11-27 16:24:21 -05:00
Frederic Guillot 4358708f1b Use PHP7 function random_bytes() to generate tokens if available 2015-11-15 16:31:26 -05:00
Frederic Guillot a675271ad7 Rewrite of session management 2015-11-15 12:50:33 -05:00
Frederic Guillot 6756ef2301 Move token generation to Security namespace 2015-10-25 15:05:19 -04:00