TPS/birzha
TPS
/
birzha
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,292 Commits 1 Branch 0 Tags 64 MiB
Commit Graph

31 Commits

Author SHA1 Message Date
merdan ccc9586078 composer update 2021-12-03 12:48:58 +00:00
Ben Thomson 555ab61f23
Add app.trustedHosts config and force host checks on password reset (#5423) 
Add app.trustedHosts config and force host checks on backend password reset.

Related: f29865ae3d
 2021-01-04 12:35:47 -06:00
Samuel Georges 9d120ad66b Add header and cookie support to ResponseMaker 2019-11-02 18:57:32 +11:00
Samuel Georges 92bd8360b9 Fixes issue where behaviors are not booting 2019-11-02 16:30:33 +11:00
Samuel Georges f73d8e6d49 Removes double middleware layer 
For some reason it was decided to allow October controllers to support Laravel middleware, this has been reverted because it is a convoluted solution that doesn't respect the original architecture. There are other ways to handle middleware requirements

The original use case appeared to be to simply allow backend controllers to inject headers. This is something easily solvable whilst keeping the simple and original workflow
 2019-11-02 16:16:32 +11:00
Samuell c21c22e1ba Add option to disable UpdateManager after backend login (#4266) 
Credit to @Samuell1. Fixes #3471.
 2019-07-19 14:50:42 -06:00
Ayumi Hamasaki 884042952f Block off SW running in backend and reduce lookups (#4385) 
Credit to @ayumihamsaki. Related #4384
 2019-06-25 17:15:11 +03:00
Luke Towers a1e6849a71 Implemented easy impersonation of backend users controlled by the backend.impersonate_users permission 2019-05-09 10:36:46 -06:00
Samuel Georges c5bc804d73 Remove redundant header_remove() call 
The response is returned directly to the route so this is not needed, it was likely added as an artefact of a previous implementation

Refs #3773
Refs #3746
 2019-03-29 06:02:06 +11:00
Ben Thomson 3363b219f6 Delay backend controller middleware until after request is processed (#4190) 
Credit to @bennothommo. Fixes #4183.
 2019-03-21 01:19:28 -06:00
Ayumi Hamasaki dd53206a82 Service Workers Invalid security token and Clear Site Data HTTP Header (#4088) 
If a website has a Service Worker installed it would load and register before a User tries to login to the backend causing a "Invalid security token" message. This PR unregisters any installed Service Worker when a User opens the backend Signin webpage.

I have also added the NEW Security Headers to add Protection to October's Cache and Cookies. This includes two new Middleware that first clears any bad cached data before a User tries to login and the second Middleware will clear all the sensitive User Data when a User signs out of the Backend.

For more info on the new Security Header 'Clear Site Data' you can see the spec found here: https://www.w3.org/TR/clear-site-data/

Fixes #4076, fixes #3707.
 2019-03-01 16:22:18 -06:00
Nathan van der Werf 8b6f11e6ac Extract child instructions 2018-08-15 19:25:42 +02:00
Nathan van der Werf a3d7a028b4 Replace is_null with "=== null" comparison 2018-08-15 18:54:46 +02:00
Christophe Vuagniaux dc16902fca Don't block backend connection when a plugin migration triggers exception (#3188) 2017-10-21 10:11:11 -06:00
Samuel Georges 9cadea9b19 Code doc improvements 2017-07-27 17:35:14 +10:00
Christophe Vuagniaux e3a567cb78 Enable configuration of backend login session persistence (#2924) 
Thanks to @ChVuagniaux. Fixes #2394
 2017-06-22 14:34:16 -06:00
Pásztor Gábor 31457bd2ee Cleanup 2016-01-15 10:20:57 +01:00
Samuel Georges 12972cd086 Lax the validation rules on login, email + pass 2015-12-19 09:53:17 +11:00
Mulia Arifandi Nasution 676a4d00bc Minimum password length should be 4 characters 
Because the minimum password length on User model is 4
https://github.com/octobercms/october/blob/master/modules/backend/models/User.php#L26-L27
 2015-09-27 02:28:12 +07:00
Samuel Georges 0a6e14f4d2 Popup control now supports several sizes via `data-size` attribute: giant, huge, large, small, tiny. 
Fixes various bugs in RC version
 2015-02-11 14:36:00 +11:00
Samuel Georges b1b700368f Radical reorg of some classes 2015-01-28 11:49:54 +11:00
Samuel Georges eb8f4ec1a8 Removed generic permission "Manage settings", these should be more granular to the tool 
Fixes #831 - Fixes dashboard redirect, add "Manage mail settings" permission
Fixes bug in Settings permissions, they now work!
 2015-01-18 13:16:18 +11:00
Sam Georges 5e3ee40edf Fixes #521 - Redirect to next available menu item when Dashboard access is denied 2014-11-09 13:06:07 +11:00
Sam Georges c32ba4cbad Minor code clean 2014-11-04 17:41:48 +11:00
Sam Georges c83797231d Subsequent expressions are on a new line (see developer guide > PSR exceptions) 2014-11-01 12:00:45 +11:00
Stefan Talen 92aa3fc18d Updating backend/controllers 2014-10-10 23:26:57 +02:00
Sam Georges 5c46dbec32 Plugins are now updated according to their dependency definitions 2014-10-04 15:59:43 +10:00
Sam Georges b80502addb Log access attempt after versions are applied 2014-08-06 20:19:22 +10:00
Sam Georges fb788c9c0a Make request and access log work 2014-07-30 17:33:26 +10:00
Sam Georges 3617a7fea8 Important! All references to *Email* have been changed to *Mail* 
(This change might hurt a little, sorry!)
 2014-07-04 19:14:15 +10:00
Sam Georges 71a5dd67ab Welcome to the world, October :-) 2014-05-14 23:24:20 +10:00