Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2016-05-19 | Bug 1262039 - typo in error message "Failed to retreive components..." | David Lawrence | 1 | -1/+1 | |
2016-05-03 | Bug 1269236 - Incorrect checking of API tokens possibly leads to CSRF and ↵ | Dylan Hardison | 1 | -9/+6 | |
data disclosure vulnerability for insecure accounts | |||||
2016-03-15 | Bug 1229834 - extend information we [audit] log to the syslog | Dylan Hardison | 1 | -0/+10 | |
2015-11-05 | Bug 1196743 - Fix information disclosure vulnerability that allows attacker ↵ | Dylan Hardison | 1 | -0/+2 | |
to obtain victim's GitHub OAuth return code | |||||
2015-09-01 | Bug 1197073 - add support for 2fa using totp (eg. google authenticator) | Byron Jones | 2 | -1/+22 | |
2015-08-25 | Bug 1197699 - always store the ip address in the logincookies table | Byron Jones | 2 | -12/+8 | |
2015-08-24 | Bug 1192687 - add the ability for users to view and revoke existing sessions | Dylan William Hardison | 1 | -1/+10 | |
2015-08-11 | Bug 1184332 - Add Restricted API calls for MozReview | Dylan William Hardison | 1 | -0/+13 | |
2015-04-24 | Bug 1157395: CSRF in log in form | David Lawrence | 1 | -5/+38 | |
2015-03-26 | Bug 1147550: Minimum password length handler not trusted by password change | Byron Jones | 1 | -4/+13 | |
2015-03-09 | Bug 1140966: backport bug 1139257 to bmo (allow cookie+api-token GET REST ↵ | Byron Jones | 1 | -8/+18 | |
requests) | |||||
2015-01-29 | Bug 1045145: backport upstream bug 726696 to bmo/4.2 to allow use of api ↵ | David Lawrence | 2 | -1/+68 | |
keys for authentication | |||||
2014-11-14 | Bug 1097813: backport upstream bug 1001462 to bmo/4.2 to fix issue with ↵ | David Lawrence | 3 | -3/+4 | |
using tokens with webservice rest api | |||||
2014-11-04 | Bug 1093622: Backout bug 1090427 for causing: authenticated calls from bzapi ↵ | Byron Jones | 1 | -37/+4 | |
are failing: 'Untrusted Authentication Request' | |||||
2014-11-04 | Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for ↵ | David Lawrence | 1 | -4/+37 | |
login forms | |||||
2014-05-20 | Bug 1009017: users are unable to log in if their password needs to be ↵ | Byron Jones | 1 | -1/+3 | |
re-encrypted and their password does not match the current complexity rule | |||||
2014-03-04 | Bug 966180: backport bug 956233 to bmo (enable USE_MEMCACHE on most objects) | Byron Jones | 2 | -2/+7 | |
2013-12-31 | merged with bugzilla/4.2 | Dave Lawrence | 1 | -1/+2 | |
2013-12-21 | Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵ | Frédéric Buclin | 1 | -1/+1 | |
using a non-cookie based authentication method r=dkl a=justdave | |||||
2013-10-25 | Bug 921523 - backport upstream bug 917669 to bmo/4.2 to throw error when ↵ | Dave Lawrence | 1 | -7/+10 | |
invalid cookies/tokens are used with webservices | |||||
2013-10-17 | merged with bugzilla/4.2 | Dave Lawrence | 1 | -3/+3 | |
2013-10-16 | Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵ | Dave Lawrence | 1 | -3/+3 | |
total entropy and allowing easier brute force r=LpSolit,a=sgreen | |||||
2013-09-27 | Revert Bug 917669 - invalid or expired authentication tokens and cookies ↵ | Dave Lawrence | 1 | -13/+8 | |
should throw errors, not be silently ignored | |||||
2013-09-26 | Bug 917669 - invalid or expired authentication tokens and cookies should ↵ | Dave Lawrence | 1 | -8/+13 | |
throw errors, not be silently ignored | |||||
2013-08-29 | Bug 909634 - backport upstream bug 893195 to bmo/4.2 for token auth support ↵ | Dave Lawrence | 3 | -23/+79 | |
in webservices | |||||
2012-08-30 | Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can ↵ | Reed Loden | 1 | -0/+2 | |
lead to LDAP injection r/a=LpSolit | |||||
2011-11-18 | Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵ | Gervase Markham | 1 | -2/+8 | |
returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423 | |||||
2011-05-06 | Bug 653713: editusers.cgi crashes when editing a user profile | Jochen Wiedmann | 1 | -1/+4 | |
r/a=mkanat | |||||
2011-04-28 | Bug 423612 - Allow editing extern_id for users from the admin interface | Jochen Wiedmann | 5 | -0/+30 | |
r=mkanat, a=mkanat | |||||
2010-10-15 | Bug 604522: t/012throwables.t doesn't catch new user errors correctly | Frédéric Buclin | 1 | -2/+2 | |
r/a=mkanat | |||||
2010-10-14 | Bug 575947: Users with passwords length less than 6 characters can't login ↵ | Frédéric Buclin | 1 | -0/+6 | |
after migration from 3.4.x or older to 3.6 or newer r/a=mkanat | |||||
2010-10-07 | Bug 602165: Change sql_interval to sql_date_math, in preparation for | Max Kanat-Alexander | 1 | -2/+3 | |
MS-SQL and SQLite support. | |||||
2010-04-22 | Bug 550732: Allow read-only JSON-RPC methods to be called with GET | Max Kanat-Alexander | 4 | -0/+16 | |
r=dkl, a=mkanat | |||||
2010-03-24 | Bug 553770: Make the JSON-RPC WebService throw a proper error when you don't | Max Kanat-Alexander | 1 | -4/+2 | |
provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat | |||||
2010-02-01 | Fix the data in the bzr repo to match the data in the CVS repo. | Max Kanat-Alexander | 1 | -0/+0 | |
During the CVS imports into Bzr, there were some inconsistencies introduced (mostly that files that were deleted in CVS weren't being deleted in Bzr). So this checkin makes the bzr repo actually consistent with the CVS repo, including fixing permissions of files. | |||||
2010-01-05 | Bug 467992: Login fails if the user's LDAP account is denied search in LDAP ↵ | lpsolit%gmail.com | 1 | -5/+28 | |
- Patch by Adam Batkin <adam@batkin.net> r/a=mkanat | |||||
2009-12-31 | Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies | mkanat%bugzilla.org | 2 | -2/+2 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-12-31 | Bug 385606: Logincookies are recreated at each HTTP request when using the ↵ | lpsolit%gmail.com | 1 | -0/+1 | |
'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat | |||||
2009-12-13 | Bug 355283: Lock out a user account on a particular IP for 30 minutes if ↵ | mkanat%bugzilla.org | 1 | -16/+30 | |
they fail to log in 5 times from that IP. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2009-11-24 | Bug 430014: Re-write the code hooks system so that it uses modules instead ↵ | mkanat%bugzilla.org | 2 | -2/+2 | |
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat | |||||
2009-11-09 | Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵ | mkanat%bugzilla.org | 2 | -8/+7 | |
and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-10-19 | Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric ↵ | lpsolit%gmail.com | 2 | -26/+14 | |
Buclin <LpSolit@gmail.com> r/a=mkanat | |||||
2009-10-09 | Bug 514913: Eliminate ssl="authenticated sessions" | mkanat%bugzilla.org | 2 | -16/+3 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat | |||||
2009-04-17 | Bug 488467: Verify and Login auth methods were being called in a random ↵ | mkanat%bugzilla.org | 2 | -2/+2 | |
order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2009-03-02 | Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi. | mkanat%bugzilla.org | 1 | -0/+1 | |
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2009-01-20 | Bug 134022: PERFORMANCE: deleting old login cookies locks login checks | mkanat%bugzilla.org | 1 | -0/+9 | |
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat | |||||
2009-01-02 | Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed ↵ | mkanat%bugzilla.org | 1 | -0/+10 | |
passwords in the database Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit | |||||
2008-10-23 | Bug 455584 - Use bz_crypt everywhere instead of the crypt() function | dkl%redhat.com | 1 | -6/+1 | |
Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit | |||||
2008-10-21 | Bug 460770: Incorrect regexp when parsing the list of LDAP servers - Patch ↵ | lpsolit%gmail.com | 1 | -1/+1 | |
by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat | |||||
2008-10-05 | Partial backout of bug 183665. It's responsible for bug 457719 | lpsolit%gmail.com | 1 | -1/+1 | |