irdc
4b76bc5b32
Use a HMAC to sign and validate CSRF tokens, instead of generating random ones and storing them in the session data
...
* Use a HMAC to sign and validate CSRF tokens, instead of generating random
ones and storing them in the session data. Reduces number of writes to
sessions table and fixes kanboard issue #4942 .
* Added missing CSRF check for starting/stopping subtask timers.
Co-authored-by: Willemijn Coene <willemijn@irdc.nl >
2022-09-17 17:23:41 -07:00
Frédéric Guillot
f5bb55bdb8
PHP 8 Compatibility
2022-02-05 11:49:03 -08:00
Timo
64397f45fa
Kanboard now requires PHP >= 7.2 since other versions are deprecated
2020-01-14 12:02:31 -08:00
Frédéric Guillot
928f80d569
Update unit tests
2019-01-30 22:25:57 -08:00
Frédéric Guillot
ccd177ada6
Store PHP sessions in the database
2017-12-12 15:04:28 -08:00
Frederic Guillot
fedf4ea2de
Custom project roles inherit from project members
2016-09-08 20:44:03 -04:00
Frederic Guillot
ddb73063a7
Return the highest role for a project when a user is member of multiple groups
2016-01-18 21:20:35 -05:00
Frederic Guillot
e9fedf3e5c
Rewrite of the authentication and authorization system
2015-12-05 20:31:27 -05:00
Frederic Guillot
91bdf6aaf3
Add generic authorization class
2015-11-27 16:24:21 -05:00
Frederic Guillot
6756ef2301
Move token generation to Security namespace
2015-10-25 15:05:19 -04:00
