c21c22e1ba
Add option to disable UpdateManager after backend login ( #4266 )
...
Credit to @Samuell1. Fixes #3471 .
2019-07-19 14:50:42 -06:00
884042952f
Block off SW running in backend and reduce lookups ( #4385 )
...
Credit to @ayumihamsaki. Related #4384
2019-06-25 17:15:11 +03:00
a1e6849a71
Implemented easy impersonation of backend users controlled by the backend.impersonate_users permission
2019-05-09 10:36:46 -06:00
c5bc804d73
Remove redundant header_remove() call
...
The response is returned directly to the route so this is not needed, it was likely added as an artefact of a previous implementation
Refs #3773
Refs #3746
2019-03-29 06:02:06 +11:00
3363b219f6
Delay backend controller middleware until after request is processed ( #4190 )
...
Credit to @bennothommo. Fixes #4183 .
2019-03-21 01:19:28 -06:00
dd53206a82
Service Workers Invalid security token and Clear Site Data HTTP Header ( #4088 )
...
If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage.
I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend.
For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/
Fixes #4076 , fixes #3707 .
2019-03-01 16:22:18 -06:00
8b6f11e6ac
Extract child instructions
2018-08-15 19:25:42 +02:00
a3d7a028b4
Replace is_null with "=== null" comparison
2018-08-15 18:54:46 +02:00
dc16902fca
Don't block backend connection when a plugin migration triggers exception ( #3188 )
2017-10-21 10:11:11 -06:00
9cadea9b19
Code doc improvements
2017-07-27 17:35:14 +10:00
e3a567cb78
Enable configuration of backend login session persistence ( #2924 )
...
Thanks to @ChVuagniaux. Fixes #2394
2017-06-22 14:34:16 -06:00
31457bd2ee
Cleanup
2016-01-15 10:20:57 +01:00
12972cd086
Lax the validation rules on login, email + pass
2015-12-19 09:53:17 +11:00
676a4d00bc
Minimum password length should be 4 characters
...
Because the minimum password length on User model is 4
https://github.com/octobercms/october/blob/master/modules/backend/models/User.php#L26-L27
2015-09-27 02:28:12 +07:00
0a6e14f4d2
Popup control now supports several sizes via `data-size` attribute: giant, huge, large, small, tiny.
...
Fixes various bugs in RC version
2015-02-11 14:36:00 +11:00
b1b700368f
Radical reorg of some classes
2015-01-28 11:49:54 +11:00
eb8f4ec1a8
Removed generic permission "Manage settings", these should be more granular to the tool
...
Fixes #831 - Fixes dashboard redirect, add "Manage mail settings" permission
Fixes bug in Settings permissions, they now work!
2015-01-18 13:16:18 +11:00
5e3ee40edf
Fixes #521 - Redirect to next available menu item when Dashboard access is denied
2014-11-09 13:06:07 +11:00
c32ba4cbad
Minor code clean
2014-11-04 17:41:48 +11:00
c83797231d
Subsequent expressions are on a new line (see developer guide > PSR exceptions)
2014-11-01 12:00:45 +11:00
92aa3fc18d
Updating backend/controllers
2014-10-10 23:26:57 +02:00
5c46dbec32
Plugins are now updated according to their dependency definitions
2014-10-04 15:59:43 +10:00
b80502addb
Log access attempt after versions are applied
2014-08-06 20:19:22 +10:00
fb788c9c0a
Make request and access log work
2014-07-30 17:33:26 +10:00
3617a7fea8
Important! All references to *Email* have been changed to *Mail*
...
(This change might hurt a little, sorry!)
2014-07-04 19:14:15 +10:00
71a5dd67ab
Welcome to the world, October :-)
2014-05-14 23:24:20 +10:00
Samuell
Ayumi Hamasaki
Luke Towers
Samuel Georges
Ben Thomson
Ayumi Hamasaki
Nathan van der Werf
Christophe Vuagniaux
Pásztor Gábor
Mulia Arifandi Nasution
Stefan Talen