summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Login
AgeCommit message (Collapse)AuthorFilesLines
2016-09-13Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵Dylan William Hardison5-82/+36
local symlink to data/ directory
2016-09-12Revert "Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to ↵Dylan William Hardison5-36/+82
bmo/master + local symlink to data/ directory" This reverts commit e6bf4cacb10f86077fe898349485f5c7ab9fb4b6.
2016-09-12Bug 1283930 - Add Makefile.PL & local/lib/perl5 support to bmo/master + ↵Dylan William Hardison5-82/+36
local symlink to data/ directory
2016-05-03Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and ↵Dylan Hardison1-9/+6
data disclosure vulnerability for insecure accounts
2015-09-01Bug 1197073 - add support for 2fa using totp (eg. google authenticator)Byron Jones1-1/+11
2015-08-25Bug 1197699 - always store the ip address in the logincookies tableByron Jones1-1/+1
2015-08-24Bug 1192687 - add the ability for users to view and revoke existing sessionsDylan William Hardison1-1/+10
2015-08-11Bug 1184332 - Add Restricted API calls for MozReviewDylan William Hardison1-0/+13
2015-04-24Bug 1157395: CSRF in log in formDavid Lawrence1-5/+38
2015-03-09Bug 1140966: backport bug 1139257 to bmo (allow cookie+api-token GET REST ↵Byron Jones1-8/+18
requests)
2015-01-29Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api ↵David Lawrence2-1/+68
keys for authentication
2014-11-14Bug 1097813: backport upstream bug 1001462 to bmo/4.2 to fix issue with ↵David Lawrence1-0/+2
using tokens with webservice rest api
2014-11-04Bug 1093622: Backout bug 1090427 for causing: authenticated calls from bzapi ↵Byron Jones1-37/+4
are failing: 'Untrusted Authentication Request'
2014-11-04Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for ↵David Lawrence1-4/+37
login forms
2013-10-25Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵Dave Lawrence1-7/+10
invalid cookies/tokens are used with webservices
2013-10-17merged with bugzilla/4.2Dave Lawrence1-3/+3
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-09-27Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵Dave Lawrence1-13/+8
should throw errors, not be silently ignored
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence1-8/+13
throw errors, not be silently ignored
2013-08-29Bug 909634 - backport upstream bug 893195 to bmo/4.2 for token auth support ↵Dave Lawrence1-14/+54
in webservices
2011-11-18Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵Gervase Markham1-2/+8
returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423
2011-04-28Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann2-0/+7
r=mkanat, a=mkanat
2010-04-22Bug 550732: Allow read-only JSON-RPC methods to be called with GETMax Kanat-Alexander3-0/+7
r=dkl, a=mkanat
2010-03-24Bug 553770: Make the JSON-RPC WebService throw a proper error when you don'tMax Kanat-Alexander1-4/+2
provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat
2009-12-31Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxiesmkanat%bugzilla.org1-1/+1
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-12-31Bug 385606: Logincookies are recreated at each HTTP request when using the ↵lpsolit%gmail.com1-0/+1
'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-11-24Bug 430014: Re-write the code hooks system so that it uses modules instead ↵mkanat%bugzilla.org1-1/+1
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat
2009-11-09Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵mkanat%bugzilla.org1-5/+3
and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-10-19Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric ↵lpsolit%gmail.com1-17/+8
Buclin <LpSolit@gmail.com> r/a=mkanat
2009-10-09Bug 514913: Eliminate ssl="authenticated sessions"mkanat%bugzilla.org1-11/+0
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-04-17Bug 488467: Verify and Login auth methods were being called in a random ↵mkanat%bugzilla.org1-1/+1
order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2008-10-05Partial backout of bug 183665. It's responsible for bug 457719lpsolit%gmail.com1-1/+1
2008-08-18Bug 428659 – Setting SSL param to 'authenticated sessions' only ↵dkl%redhat.com1-3/+8
protects logins and param doesn't protect WebService calls at all Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat
2008-08-07Bug 438435: Need code hooks for authenticationmkanat%bugzilla.org1-4/+12
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2008-07-29Backing out these patches as they cause a regression. More informationdkl%redhat.com1-3/+5
in the respective bug reports. Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat Bug 445104: ssl redirects come with a 200 OK HTTP code on mod_perl Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2008-07-10Bug 428659 – Setting SSL param to 'authenticated sessions' only ↵dkl%redhat.com1-5/+3
protects logins and param doesn't protect WebService calls at all Patch by Dave Lawrence <dkl@redhat.com> - r/a=mkanat
2007-11-15Bug 183665: Accessing post_bug.cgi directly gives a weird error message and ↵lpsolit%gmail.com1-1/+1
should redirect to enter_bug.cgi instead - Patch by Matt Tasker <mtasker@gmail.com> (based on the original patch from victory <spam@bmo2007.rsz.jp>) r/a=LpSolit
2006-08-20Bug 224577: Bugzilla could use a web services interface.wurblzap%gmail.com1-0/+7
Patch by Marc Schumann <wurblzap@gmail.com>; r=mkanat; a=myk
2006-07-06Bug 340967: The login form appears twice when trying to add an attachment ↵lpsolit%gmail.com1-0/+15
(due to two consecutive calls to Bugzilla->login) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
2006-07-04Bug 338375: Use Bugzilla->params everywhere instead of Param().mkanat%bugzilla.org2-2/+0
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-07-04Bug 342869: Use Bugzilla->params everywhere except templatesmkanat%bugzilla.org2-5/+7
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=justdave
2006-06-19Spelling in code comments patch: 'cokie' -> 'cookie'; patch by Vlad Dascalu ↵vladd%bugzilla.org1-1/+1
<vladd@bugzilla.org>.
2006-06-03Bug 340104: Move Bugzilla::Auth::get_netaddr() in Util.pm - Patch by ↵lpsolit%gmail.com1-2/+1
Frédéric Buclin <LpSolit@gmail.com> r/a=justdave
2006-06-01Bug 339858: Remove useless module dependencies in Bugzilla::Auth::* - Patch ↵lpsolit%gmail.com3-3/+1
by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=justdave
2006-05-12Bug 300410: Bugzilla::Auth needs to be restructured to not require a BEGIN blockmkanat%bugzilla.org8-655/+297
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=myk
2006-03-03Patch for bug 161369: Strip trailing whitespace from login usernames; patch ↵jocuri%softhome.net1-1/+1
by Paul <pdemarco@zoominternet.net>, r=vladd, a=justdave.
2006-02-22Bug 327355: Email preferences are not set correctly when the user account is ↵lpsolit%gmail.com1-101/+63
created by Env.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=joel a=justdave
2006-01-10Bug 322620: Logging in with 'Remember my Login' deselected gives: Use of ↵lpsolit%gmail.com1-0/+1
uninitialized value in string eq at Bugzilla/Auth/Login/WWW/CGI.pm line 83 - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
2006-01-06Bug 322244: Cookies are incorrectly detainted when logging out - Patch by ↵lpsolit%gmail.com1-1/+1
Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=LpSolit a=justdave
2006-01-03Bug 119524: SECURITY: predictable sessionid (Use a token instead of ↵lpsolit%gmail.com1-4/+6
logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave