Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2016-09-13 | Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵ | Dylan William Hardison | 5 | -82/+36 | |
local symlink to data/ directory | |||||
2016-09-12 | Revert "Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to ↵ | Dylan William Hardison | 5 | -36/+82 | |
bmo/master + local symlink to data/ directory" This reverts commit e6bf4cacb10f86077fe898349485f5c7ab9fb4b6. | |||||
2016-09-12 | Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵ | Dylan William Hardison | 5 | -82/+36 | |
local symlink to data/ directory | |||||
2016-05-03 | Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and ↵ | Dylan Hardison | 1 | -9/+6 | |
data disclosure vulnerability for insecure accounts | |||||
2015-09-01 | Bug 1197073 - add support for 2fa using totp (eg. google authenticator) | Byron Jones | 1 | -1/+11 | |
2015-08-25 | Bug 1197699 - always store the ip address in the logincookies table | Byron Jones | 1 | -1/+1 | |
2015-08-24 | Bug 1192687 - add the ability for users to view and revoke existing sessions | Dylan William Hardison | 1 | -1/+10 | |
2015-08-11 | Bug 1184332 - Add Restricted API calls for MozReview | Dylan William Hardison | 1 | -0/+13 | |
2015-04-24 | Bug 1157395: CSRF in log in form | David Lawrence | 1 | -5/+38 | |
2015-03-09 | Bug 1140966: backport bug 1139257 to bmo (allow cookie+api-token GET REST ↵ | Byron Jones | 1 | -8/+18 | |
requests) | |||||
2015-01-29 | Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api ↵ | David Lawrence | 2 | -1/+68 | |
keys for authentication | |||||
2014-11-14 | Bug 1097813: backport upstream bug 1001462 to bmo/4.2 to fix issue with ↵ | David Lawrence | 1 | -0/+2 | |
using tokens with webservice rest api | |||||
2014-11-04 | Bug 1093622: Backout bug 1090427 for causing: authenticated calls from bzapi ↵ | Byron Jones | 1 | -37/+4 | |
are failing: 'Untrusted Authentication Request' | |||||
2014-11-04 | Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for ↵ | David Lawrence | 1 | -4/+37 | |
login forms | |||||
2013-10-25 | Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵ | Dave Lawrence | 1 | -7/+10 | |
invalid cookies/tokens are used with webservices | |||||
2013-10-17 | merged with bugzilla/4.2 | Dave Lawrence | 1 | -3/+3 | |
2013-10-16 | Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵ | Dave Lawrence | 1 | -3/+3 | |
total entropy and allowing easier brute force r=LpSolit,a=sgreen | |||||
2013-09-27 | Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵ | Dave Lawrence | 1 | -13/+8 | |
should throw errors, not be silently ignored | |||||
2013-09-26 | Bug 917669 - invalid or expired authentication tokens and cookies should ↵ | Dave Lawrence | 1 | -8/+13 | |
throw errors, not be silently ignored | |||||
2013-08-29 | Bug 909634 - backport upstream bug 893195 to bmo/4.2 for token auth support ↵ | Dave Lawrence | 1 | -14/+54 | |
in webservices | |||||
2011-11-18 | Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵ | Gervase Markham | 1 | -2/+8 | |
returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423 | |||||
2011-04-28 | Bug 423612 - Allow editing extern_id for users from the admin interface | Jochen Wiedmann | 2 | -0/+7 | |
r=mkanat, a=mkanat | |||||
2010-04-22 | Bug 550732: Allow read-only JSON-RPC methods to be called with GET | Max Kanat-Alexander | 3 | -0/+7 | |
r=dkl, a=mkanat | |||||
2010-03-24 | Bug 553770: Make the JSON-RPC WebService throw a proper error when you don't | Max Kanat-Alexander | 1 | -4/+2 | |
provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat | |||||
2009-12-31 | Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies | mkanat%bugzilla.org | 1 | -1/+1 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-12-31 | Bug 385606: Logincookies are recreated at each HTTP request when using the ↵ | lpsolit%gmail.com | 1 | -0/+1 | |
'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat | |||||
2009-11-24 | Bug 430014: Re-write the code hooks system so that it uses modules instead ↵ | mkanat%bugzilla.org | 1 | -1/+1 | |
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat | |||||
2009-11-09 | Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵ | mkanat%bugzilla.org | 1 | -5/+3 | |
and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-10-19 | Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric ↵ | lpsolit%gmail.com | 1 | -17/+8 | |
Buclin <LpSolit@gmail.com> r/a=mkanat | |||||
2009-10-09 | Bug 514913: Eliminate ssl="authenticated sessions" | mkanat%bugzilla.org | 1 | -11/+0 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-04-17 | Bug 488467: Verify and Login auth methods were being called in a random ↵ | mkanat%bugzilla.org | 1 | -1/+1 | |
order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2008-10-05 | Partial backout of bug 183665. It's responsible for bug 457719 | lpsolit%gmail.com | 1 | -1/+1 | |
2008-08-18 | Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵ | dkl%redhat.com | 1 | -3/+8 | |
protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat | |||||
2008-08-07 | Bug 438435: Need code hooks for authentication | mkanat%bugzilla.org | 1 | -4/+12 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat | |||||
2008-07-29 | Backing out these patches as they cause a regression. More information | dkl%redhat.com | 1 | -3/+5 | |
in the respective bug reports. Bug 428659 â Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2008-07-10 | Bug 428659 â Setting SSL param to 'authenticated sessions' only ↵ | dkl%redhat.com | 1 | -5/+3 | |
protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat | |||||
2007-11-15 | Bug 183665: Accessing post_bug.cgi directly gives a weird error message and ↵ | lpsolit%gmail.com | 1 | -1/+1 | |
should redirect to enter_bug.cgi instead - Patch by Matt Tasker <mtasker@gmail.com> (based on the original patch from victory <spam@bmo2007.rsz.jp>) r/a=LpSolit | |||||
2006-08-20 | Bug 224577: Bugzilla could use a web services interface. | wurblzap%gmail.com | 1 | -0/+7 | |
Patch by Marc Schumann <wurblzap@gmail.com>; r=mkanat; a=myk | |||||
2006-07-06 | Bug 340967: The login form appears twice when trying to add an attachment ↵ | lpsolit%gmail.com | 1 | -0/+15 | |
(due to two consecutive calls to Bugzilla->login) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk | |||||
2006-07-04 | Bug 338375: Use Bugzilla->params everywhere instead of Param(). | mkanat%bugzilla.org | 2 | -2/+0 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2006-07-04 | Bug 342869: Use Bugzilla->params everywhere except templates | mkanat%bugzilla.org | 2 | -5/+7 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave | |||||
2006-06-19 | Spelling in code comments patch: 'cokie' -> 'cookie'; patch by Vlad Dascalu ↵ | vladd%bugzilla.org | 1 | -1/+1 | |
<vladd@bugzilla.org>. | |||||
2006-06-03 | Bug 340104: Move Bugzilla::Auth::get_netaddr() in Util.pm - Patch by ↵ | lpsolit%gmail.com | 1 | -2/+1 | |
Frédéric Buclin <LpSolit@gmail.com> r/a=justdave | |||||
2006-06-01 | Bug 339858: Remove useless module dependencies in Bugzilla::Auth::* - Patch ↵ | lpsolit%gmail.com | 3 | -3/+1 | |
by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave | |||||
2006-05-12 | Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN block | mkanat%bugzilla.org | 8 | -655/+297 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk | |||||
2006-03-03 | Patch for bug 161369: Strip trailing whitespace from login usernames; patch ↵ | jocuri%softhome.net | 1 | -1/+1 | |
by Paul <pdemarco@zoominternet.net>, r=vladd, a=justdave. | |||||
2006-02-22 | Bug 327355: Email preferences are not set correctly when the user account is ↵ | lpsolit%gmail.com | 1 | -101/+63 | |
created by Env.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=joel a=justdave | |||||
2006-01-10 | Bug 322620: Logging in with 'Remember my Login' deselected gives: Use of ↵ | lpsolit%gmail.com | 1 | -0/+1 | |
uninitialized value in string eq at Bugzilla/Auth/Login/WWW/CGI.pm line 83 - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave | |||||
2006-01-06 | Bug 322244: Cookies are incorrectly detainted when logging out - Patch by ↵ | lpsolit%gmail.com | 1 | -1/+1 | |
Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave | |||||
2006-01-03 | Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵ | lpsolit%gmail.com | 1 | -4/+6 | |
logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave |