AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,454 Commits 6 Branches 15 Tags 166 MiB
Commit Graph

131 Commits

Author SHA1 Message Date
wrongecho 4458c87463 Initial implementation of whitelabelling 2024-09-05 10:31:18 +01:00
wrongecho 3f772f5a2f Bugfix: credentials 
Fix an edge-case bug causing the user_encryption_session_key session cookie to not be set due to error output (when display PHP errors in browser is enabled). This means login credentials are still encrypted but cannot be decrypted properly by other users.
Prevent users creating new credentials if they do not have the correct cookie set.
 2024-08-19 19:56:12 +01:00
Marcus Hill 3dcd04a724 2FA 
- Set the 2FA number input field to only accept 6 characters max
- Revoke existing remember-me tokens when 2FA is re-enabled
 2024-06-09 12:57:42 +01:00
Marcus Hill cabc7e8c8b Set 2FA Remember-me cookie expiry to number of days the token should be valid for 
Currently, the token is only valid for 2 days (86400 seconds = 24 hrs, multiplied by 2). This PR adjusts the cookie expiry date to the number of days configured that tokens are cleared after. This should help ensure users are not prompted for 2FA every few days, even if they've set a longer interval.
 2024-05-17 23:26:22 +01:00
Hugo Sampaio 5280620c6d
Update login.php If standard 2024-05-04 19:25:10 -03:00
Hugo Sampaio bab66bf769 updated 
fixed domain url from config to prevent open redirect issue and encoded uri
 2024-05-03 09:34:50 -03:00
Hugo Sampaio b8c529c2ec Enable URL Recovery from logout 2024-04-27 09:30:41 -03:00
johnnyq 888552724a Set Timezone in all places and it needs to be set in and sperated it into a seperate include 2024-04-17 12:53:11 -04:00
johnnyq 064b37f87e Quick Fix 2024-04-04 19:54:33 -04:00
johnnyq 4824ae8ef8 Make Remmeber Me Token Configurable and default to 3 2024-04-04 19:52:44 -04:00
Marcus Hill d94b9ce7bb Login related tidying 
- Feature: Show users their remember-me tokens and allow them to be revoked
- Log when a user generates a remember-me token during sign in
- General refactoring and tidying up
 2024-03-30 23:19:50 +00:00
Marcus Hill 6432ee0486 BUGFIX: Login with and actually decrypt the master encryption key 2024-02-23 21:20:03 +00:00
o-psi 5d620d041a Fix user role and other definitions 2024-02-22 12:15:15 -06:00
o-psi c2cf0bb448 Change remember me tokens to a many:many table to allow for multiple devices to be remembered. 2024-02-22 17:45:09 +00:00
johnnyq 14cb4bb09a set the remember me token from 14 Days to 2 Days or 48 Hours 2024-02-19 15:00:32 -05:00
johnnyq 01b717615e Added favicon condition everywhere 2024-02-03 13:18:20 -05:00
johnnyq 9ce280d80d Fix Redirect to non-existent page after login when force MFA is enabled 2024-01-24 15:46:30 -05:00
johnnyq 92ccd7de14 Update/Fix Mail Functions in POST/contact.php and event.php - sanitize POST vars instead the whole mail subject and body which prevents having a mixed of confusing redundant escaped and unescaped vars also fixed scheduling calendar events was not working to send an email out 2024-01-20 19:08:51 -05:00
johnnyq e8a53cbd6a Update new mail queue function to use the proper mail from name and mail from email 2023-12-21 01:37:21 -05:00
o-psi 98f731b4d4 Remove any "Send Single Email" declarations except in mail queue. 
All emails go through the mail queue, using the addToMailQueue() function.
 2023-12-19 23:02:05 +00:00
johnnyq 41ba04b881 Spacing Tidy 2023-11-21 17:37:30 -05:00
johnnyq 90bb9499d5 Moved Remember Me to the Enter MFA Screen Only 2023-11-21 17:36:45 -05:00
johnnyq f18bb340bf Keep the Remember Me checkbox selected upon inital submit 2023-11-20 21:18:35 -05:00
johnnyq 0d6c58f1d0 Added Remember Me option by checking this you wont have to enter your MFA for up to 14 days on the device 2023-11-20 20:49:33 -05:00
johnnyq 3781026c79 Commented Out Remember me as it is not feature complete yet 2023-11-17 14:21:41 -05:00
johnnyq 3f2f405596 Allow Manual Input of Trip Destination or select from client locations, Added Remember me checkbox for future implementation 2023-11-06 19:37:48 -05:00
o-psi 53c11edc8c Update constructs to not have parenthesis. 2023-10-20 15:25:52 -05:00
johnnyq 1ccaa936ac Removed number type on 2FA input field replaced with text and inputmode='numeric' pattern='[0-9]*' 2023-09-22 12:43:18 -04:00
johnnyq 0bc10a30e8 Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP 2023-09-21 12:00:46 -04:00
johnnyq d31127c137 set current code to an intval since its a number only 2023-09-20 14:58:05 -04:00
johnnyq 40d34bb71d Set 2FA Field on login to a number field so it only shows the numbers on a mobile phone 2023-09-20 14:53:07 -04:00
johnnyq 5938925a35 Added an error if accessing ITFlow by HTTP:// and is set to true 2023-09-20 14:51:29 -04:00
johnnyq 747b7de143 Feature: Force MFA Part 3 - Enforce MFA by redirecting users to their user_profile to setup MFA if Force MFA is checked, next up is to lock them there until 2FA is set 2023-09-06 00:08:21 -04:00
johnnyq 1ed4eeaafc Remove extra bottom margin below error msg on client login 2023-08-20 15:43:39 -04:00
johnnyq 1d0e2ad758 Removed some of the right and left padding to allow for larger login messages 2023-08-20 15:27:43 -04:00
johnnyq 0d497163fe Feature: Login Message now complete can be set in settings > security 2023-08-18 15:35:31 -04:00
johnnyq fda0d203ed Feature: Added Start Page functionality 2023-08-16 13:23:30 -04:00
Marcus Hill a966bf0282 Adjust content security policy 2023-06-17 16:13:02 +01:00
Marcus Hill 95cd0ebdc8 Adjust CSP 2023-06-17 16:01:15 +01:00
Marcus Hill 57dab27169 Login page enhancements 
- Default to secure cookies (in case var is not defined in config.php)
- Enable content security policy
- Return HTTP 401 response code for invalid username/password combinations
 2023-06-17 15:09:01 +01:00
johnnyq 25f85486d4 Client Portal can now be enabled or disabled in settings > Modules > Enable Client Portal, it is enabled by default 2023-06-14 19:07:39 -04:00
Marcus Hill 1175cc4ade Enable login key code (see #680) 2023-06-03 21:04:43 +01:00
Marcus Hill 5d6d7e389e Add database structure for 'login key' protection concept 2023-05-13 21:49:09 +01:00
johnnyq 37fb696e63 Replace the remaining php files with nullable_htmlentites() 2023-05-11 18:27:48 -04:00
johnnyq 48fe49cf77 BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes 2023-03-11 16:16:46 -05:00
johnnyq f7552cd25a Finished up santizeInput Conv and UI updates 2023-02-23 16:09:37 -05:00
johnnyq 8a91ae0e46 More updating with new sanitize function and more logging and alerting cont 2023-02-16 22:26:38 -05:00
Marcus Hill 5bb4296f14 Adjust core files to 4 spaces 2023-02-12 14:40:10 +00:00
Marcus Hill c219324bb8 General cleanup/formatting 2023-02-09 11:42:57 +00:00
Marcus Hill b36719eb99 General cleanup/tidying 2023-02-09 11:32:40 +00:00