From 608c48309084e4048d8226c3f7e363b240248040 Mon Sep 17 00:00:00 2001 From: Mark Weiman Date: Fri, 20 Jan 2017 01:16:39 -0500 Subject: Add user set timezones Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman Signed-off-by: Lukas Fleischer --- upgrading/4.5.0.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 upgrading/4.5.0.txt (limited to 'upgrading') diff --git a/upgrading/4.5.0.txt b/upgrading/4.5.0.txt new file mode 100644 index 00000000..6c4ce807 --- /dev/null +++ b/upgrading/4.5.0.txt @@ -0,0 +1,5 @@ +1. Add Timezone column to Users: + +--- +ALTER TABLE Users ADD COLUMN Timezone VARCHAR(32) NOT NULL DEFAULT 'UTC'; +--- \ No newline at end of file -- cgit v1.2.3-24-g4f1b From f8916d7e9bda129a57143d769f7eb1f596614c80 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 25 Jan 2017 08:22:54 +0100 Subject: git-serve: Save last SSH login date and IP address In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer --- upgrading/4.5.0.txt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'upgrading') diff --git a/upgrading/4.5.0.txt b/upgrading/4.5.0.txt index 6c4ce807..5cf0888c 100644 --- a/upgrading/4.5.0.txt +++ b/upgrading/4.5.0.txt @@ -2,4 +2,12 @@ --- ALTER TABLE Users ADD COLUMN Timezone VARCHAR(32) NOT NULL DEFAULT 'UTC'; ---- \ No newline at end of file +--- + +2. Add LastSSHLogin and LastSSHLoginIPAddress columns to the Users table: + +--- +ALTER TABLE Users + ADD COLUMN LastSSHLogin BIGINT UNSIGNED NOT NULL DEFAULT 0, + ADD COLUMN LastSSHLoginIPAddress VARCHAR(45) NULL DEFAULT NULL; +--- -- cgit v1.2.3-24-g4f1b From 70db022aa8287c57a2ee03328ae893ba8b83b192 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Wed, 25 Jan 2017 08:37:48 +0100 Subject: Store banned IP addresses as plain text Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer --- upgrading/4.5.0.txt | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'upgrading') diff --git a/upgrading/4.5.0.txt b/upgrading/4.5.0.txt index 5cf0888c..fb0a2993 100644 --- a/upgrading/4.5.0.txt +++ b/upgrading/4.5.0.txt @@ -11,3 +11,10 @@ ALTER TABLE Users ADD COLUMN LastSSHLogin BIGINT UNSIGNED NOT NULL DEFAULT 0, ADD COLUMN LastSSHLoginIPAddress VARCHAR(45) NULL DEFAULT NULL; --- + +3. Convert the IPAddress column of the Bans table to VARCHAR(45). If the table + contains any active bans, convert them accordingly: + +---- +ALTER TABLE Bans MODIFY IPAddress VARCHAR(45) NULL DEFAULT NULL; +---- -- cgit v1.2.3-24-g4f1b From 29a48708bb7c3e00e80275a6b898f557f63dff69 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 24 Feb 2017 19:52:28 +0100 Subject: Use bcrypt to hash passwords Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer --- upgrading/4.5.0.txt | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'upgrading') diff --git a/upgrading/4.5.0.txt b/upgrading/4.5.0.txt index fb0a2993..37b2b810 100644 --- a/upgrading/4.5.0.txt +++ b/upgrading/4.5.0.txt @@ -18,3 +18,9 @@ ALTER TABLE Users ---- ALTER TABLE Bans MODIFY IPAddress VARCHAR(45) NULL DEFAULT NULL; ---- + +4. Resize the Passwd column of the Users table: + +--- +ALTER TABLE Users MODIFY Passwd VARCHAR(255) NOT NULL; +--- -- cgit v1.2.3-24-g4f1b