 dflaven
|
7aa7552c8c
#923: prevent XSS injection in forgot password page.
|
11 years ago |
|
dflaven
|
c3424e0e4f
Make the Basic Authentication (login_mode=basic) work with non-ASCII characters (in the username as well as in the password), though this may depend on the browser...
|
11 years ago |
 romainq
|
80bac465b4
Fixed regression introduced with "forgot password": button to reset the user password labelled as "Send now!"
|
11 years ago |
|
romainq
|
ec9c11a5c8
The login web page must NOT be cached by the web browsers
|
11 years ago |
|
romainq
|
5fb42b0290
Internal: failed authentication to return error 401 instead of prompting the end-user (to be exploited by the ajax calls)
|
11 years ago |
|
romainq
|
030f809391
Cosmetics on the login web page
|
11 years ago |
|
romainq
|
d61e857b5d
New feature: Forgot password -> email to reset (possibly disabled in the config file)
|
11 years ago |
|
romainq
|
99037986ae
Compiler: added brand management
|
11 years ago |
|
dflaven
|
69a0bc3ee7
#732: Change password: exit after building the page in case of wrong "old" password
|
12 years ago |
|
dflaven
|
904df7b800
Support non scalar posted parameters...
|
12 years ago |
|
dflaven
|
1869fd0fea
Preserve POSted parameters on the login web page (useful when the session expires)
|
12 years ago |
|
romainq
|
a2d6746d60
#634 Detection of HTTPS not working with nginx (iTop always considering the current connection as being secure)
|
12 years ago |
|
romainq
|
eafa11ecfe
Updated copyright (2012) and license (LGPL changed to AGPL)
|
12 years ago |
|
romainq
|
d0bb4288d2
Config: use app_icon_url to change the hyperlink used when clicking on the main icon
|
12 years ago |
|
dflaven
|
59fb31a6e1
Added the ability to display a custom welcome/disclaimer message at the bottom of the login form.
|
13 years ago |
|
dflaven
|
8efc46c91e
Fix for Trac#519 - change password bug !
|
13 years ago |
|
dflaven
|
648af437b5
Fixed absolute/relative path issues in the JS and href places
|
13 years ago |
|
romainq
|
8b6fec98fb
Setup based on either compiled modules or xml datamodel files (or both).
|
13 years ago |
|
dflaven
|
eff5aff0a6
Added self-registering / user synchronization extensibility
|
13 years ago |
|
dflaven
|
f14d813aac
Make sure that the path/href base is correct to display the page (images, CSS...)
|
13 years ago |
|
dflaven
|
db2209624a
- New way to handle sessions compatible with multiple environments
|
13 years ago |
|
dflaven
|
ac08cc566e
Use the default language when creating a new user from CAS
|
13 years ago |
|
dflaven
|
c07df38add
Support patterns for the definition of casMemberOf groups.
|
13 years ago |
|
dflaven
|
5f089842e6
Automatic synchro of CAS users
|
13 years ago |
|
romainq
|
9e4db3f3b0
#484 Fixed issue with IIS ("Wrong password" at first prompt)
|
13 years ago |
|
dflaven
|
32a4ceba39
More fixes for Trac#446: XSS vulnerabilities with vectors containing double quotes
|
13 years ago |
|
romainq
|
8dba345e7d
#446 XSS vector on the login web page
|
13 years ago |
|
dflaven
|
253a2ee596
Fixed Trac#446: XSS vulnerabilities... to be tested !
|
14 years ago |
|
dflaven
|
8c96ea3aa5
CAS authentication improvements:
|
14 years ago |
|
dflaven
|
ec174a7ab8
Use absolute URLs as much as possible to be independent from the page being executed...
|
14 years ago |
