aboutsummaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth
Commit message (Collapse)AuthorAgeFilesLines
* Bug 1071317: Remove unused variablesFrédéric Buclin2014-09-291-1/+0
| | | | r=gerv a=sgreen
* Bug 1009013 - Require a user to change their password if they log in and ↵Simon Green2014-09-111-4/+13
| | | | | | their current password does not meet the password complexity rules r=glob, a=sgreen
* Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modulesFrédéric Buclin2014-08-1312-0/+15
| | | | r=dkl a=sgreen
* Bug 1044701: "Uninitialized value $token_type" when passing an invalid ↵David Lawrence2014-07-311-1/+4
| | | | | | Bugzilla_api_token value r=sgreen,a=glob
* Bug 726696 - All authenticated WebServices methods should require ↵Simon Green2014-07-272-1/+65
| | | | | | username/pass, token or a valid API key for authentication r=dkl, a=sgreen
* Bug 1009017: users are unable to log in if their password needs to beByron Jones2014-05-201-1/+3
| | | | | | re-encrypted and their password does not match the current complexity rule r=dkl, a=glob
* Bug 1001497: User.login incorrectly returns id = 0 when the login or ↵Frédéric Buclin2014-04-251-1/+1
| | | | | | password is missing r=dkl a=justdave
* Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protectionFrédéric Buclin2014-04-172-4/+41
| | | | r=dkl a=justdave
* Bug 987205: Bugzilla crashes because it tries to import a non-exported ↵Frédéric Buclin2014-04-143-4/+3
| | | | | | login_token() subroutine from Bugzilla::Auth::Login::Cookie r=dkl a=justdave
* Bug 947823: Replace gender-specific pronouns with gender-neutral pronounsCharlie Somerville2014-02-271-1/+1
| | | | r=gerv a=justdave
* Bug 956233: enable USE_MEMCACHE on most objectsByron Jones2014-01-312-0/+2
| | | | r=dkl, a=glob
* Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵Frédéric Buclin2013-12-211-3/+4
| | | | | | using a non-cookie based authentication method r=dkl a=justdave
* Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence2013-10-161-3/+3
| | | | | | total entropy and allowing easier brute force r=LpSolit,a=sgreen
* Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence2013-09-261-8/+13
| | | | | | throw errors, not be silently ignored r/a=glob
* Bug 893195 - Allow token based authentication for webservicesDave Lawrence2013-08-263-23/+79
| | | | r=glob,a=sgreen
* Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without ↵Reed Loden2012-12-311-1/+12
| | | | | | breaking compat with old hashes [r=LpSolit a=LpSolit]
* Bug 787668: Use |use parent| instead of |use base|Matt Selsky2012-12-015-5/+5
| | | | r/a=LpSolit
* Bug 816747 - Add dummy POD for unPODded methods.Marc Schumann2012-11-301-0/+8
| | | | r/a=LpSolit
* Bug 787529: Use |use 5.10.1| everywhereFrédéric Buclin2012-09-0111-0/+28
| | | | r=wicked a=LpSolit
* Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can ↵Reed Loden2012-08-301-0/+2
| | | | | | lead to LDAP injection r/a=LpSolit
* Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin2012-01-1111-225/+55
| | | | | | add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
* Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵Gervase Markham2011-11-181-2/+8
| | | | | returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423
* Bug 653713: editusers.cgi crashes when editing a user profileJochen Wiedmann2011-05-061-1/+4
| | | | r/a=mkanat
* Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann2011-04-275-0/+30
| | | | r=mkanat, a=mkanat
* Bug 604522: t/012throwables.t doesn't catch new user errors correctlyFrédéric Buclin2010-10-151-2/+2
| | | | r/a=mkanat
* Bug 575947: Users with passwords length less than 6 characters can't login ↵Frédéric Buclin2010-10-141-0/+6
| | | | | | after migration from 3.4.x or older to 3.6 or newer r/a=mkanat
* Bug 602165: Change sql_interval to sql_date_math, in preparation forMax Kanat-Alexander2010-10-071-2/+3
| | | | MS-SQL and SQLite support.
* Bug 550732: Allow read-only JSON-RPC methods to be called with GETMax Kanat-Alexander2010-04-224-0/+16
| | | | r=dkl, a=mkanat
* Bug 553770: Make the JSON-RPC WebService throw a proper error when you don'tMax Kanat-Alexander2010-03-231-4/+2
| | | | | | provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat
* Fix the data in the bzr repo to match the data in the CVS repo.Max Kanat-Alexander2010-02-011-0/+0
| | | | | | | During the CVS imports into Bzr, there were some inconsistencies introduced (mostly that files that were deleted in CVS weren't being deleted in Bzr). So this checkin makes the bzr repo actually consistent with the CVS repo, including fixing permissions of files.
* Bug 467992: Login fails if the user's LDAP account is denied search in LDAP ↵lpsolit%gmail.com2010-01-051-5/+28
| | | | - Patch by Adam Batkin <adam@batkin.net> r/a=mkanat
* Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxiesmkanat%bugzilla.org2009-12-312-2/+2
| | | | Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
* Bug 385606: Logincookies are recreated at each HTTP request when using the ↵lpsolit%gmail.com2009-12-311-0/+1
| | | | 'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
* Bug 355283: Lock out a user account on a particular IP for 30 minutes if ↵mkanat%bugzilla.org2009-12-131-16/+30
| | | | | | they fail to log in 5 times from that IP. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 430014: Re-write the code hooks system so that it uses modules instead ↵mkanat%bugzilla.org2009-11-242-2/+2
| | | | | | of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat
* Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵mkanat%bugzilla.org2009-11-092-8/+7
| | | | | | and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
* Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric ↵lpsolit%gmail.com2009-10-182-26/+14
| | | | Buclin <LpSolit@gmail.com> r/a=mkanat
* Bug 514913: Eliminate ssl="authenticated sessions"mkanat%bugzilla.org2009-10-092-16/+3
| | | | Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
* Bug 488467: Verify and Login auth methods were being called in a random ↵mkanat%bugzilla.org2009-04-172-2/+2
| | | | | | order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi.mkanat%bugzilla.org2009-03-011-0/+1
| | | | Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 134022: PERFORMANCE: deleting old login cookies locks login checksmkanat%bugzilla.org2009-01-201-0/+9
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
* Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed ↵mkanat%bugzilla.org2009-01-021-0/+10
| | | | | | passwords in the database Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
* Bug 455584 - Use bz_crypt everywhere instead of the crypt() functiondkl%redhat.com2008-10-231-6/+1
| | | | Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit
* Bug 460770: Incorrect regexp when parsing the list of LDAP servers - Patch ↵lpsolit%gmail.com2008-10-201-1/+1
| | | | by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
* Partial backout of bug 183665. It's responsible for bug 457719lpsolit%gmail.com2008-10-051-1/+1
|
* Bug 453767 - Passwords containing wide characters causes system errordkl%redhat.com2008-09-121-0/+5
| | | | Patch by David Lawrence <dkl@redhat.com> - a/r=mkanat
* Bug 449984: Login cookies should be created as SSL-only on installations ↵lpsolit%gmail.com2008-08-271-15/+18
| | | | that require SSL - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
* Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" ↵reed%reedloden.com2008-08-231-3/+6
| | | | [p=reed r+a=mkanat]
* Bug 428659 – Setting SSL param to 'authenticated sessions' only ↵dkl%redhat.com2008-08-181-3/+8
| | | | | | | protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
* Bug 438435: Need code hooks for authenticationmkanat%bugzilla.org2008-08-072-8/+24
| | | | Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat