summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth
AgeCommit message (Collapse)AuthorFilesLines
2016-05-03Bug 1268989 - Inefficient check of "Bugzilla_api_token" might lead to ↵Dylan William Hardison1-9/+6
CSRF/data disclosure vulnerability in Bugzilla's REST API r=dkl
2016-04-27Bug 218917 - Allow the login name to be different from the email addressFrédéric Buclin3-31/+37
Original patch by Gervase Markham r=gerv a=dkl
2016-02-29Bug 1136137: Require Perl 5.14Frédéric Buclin12-12/+12
r=dkl
2015-09-15Bug 1185241: Logging out when or after impersonating a user doesn't delete ↵Frédéric Buclin1-1/+1
cookies from the logincookies table correctly r=dkl
2015-09-06Bug 1194987: Editing your email address and make it point to a non-existent ↵Frédéric Buclin1-3/+6
email address makes Bugzilla stop working r=gerv a=sgreen
2015-08-13Bug 1185240: Logging out while impersonating a user should also delete the ↵Frédéric Buclin1-0/+4
sudo token r=dkl a=sgreen
2015-03-09Bug 1139257: allow cookie+api-token GET REST requestsByron Jones1-8/+18
r=dkl,a=glob
2014-09-29Bug 1071317: Remove unused variablesFrédéric Buclin1-1/+0
r=gerv a=sgreen
2014-09-11Bug 1009013 - Require a user to change their password if they log in and ↵Simon Green1-4/+13
their current password does not meet the password complexity rules r=glob, a=sgreen
2014-08-13Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modulesFrédéric Buclin12-0/+15
r=dkl a=sgreen
2014-07-31Bug 1044701: "Uninitialized value $token_type" when passing an invalid ↵David Lawrence1-1/+4
Bugzilla_api_token value r=sgreen,a=glob
2014-07-27Bug 726696 - All authenticated WebServices methods should require ↵Simon Green2-1/+65
username/pass, token or a valid API key for authentication r=dkl, a=sgreen
2014-05-20Bug 1009017: users are unable to log in if their password needs to beByron Jones1-1/+3
re-encrypted and their password does not match the current complexity rule r=dkl, a=glob
2014-04-25Bug 1001497: User.login incorrectly returns id = 0 when the login or ↵Frédéric Buclin1-1/+1
password is missing r=dkl a=justdave
2014-04-17Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protectionFrédéric Buclin2-4/+41
r=dkl a=justdave
2014-04-14Bug 987205: Bugzilla crashes because it tries to import a non-exported ↵Frédéric Buclin3-4/+3
login_token() subroutine from Bugzilla::Auth::Login::Cookie r=dkl a=justdave
2014-02-27Bug 947823: Replace gender-specific pronouns with gender-neutral pronounsCharlie Somerville1-1/+1
r=gerv a=justdave
2014-01-31Bug 956233: enable USE_MEMCACHE on most objectsByron Jones2-0/+2
r=dkl, a=glob
2013-12-21Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and ↵Frédéric Buclin1-3/+4
using a non-cookie based authentication method r=dkl a=justdave
2013-10-16Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing ↵Dave Lawrence1-3/+3
total entropy and allowing easier brute force r=LpSolit,a=sgreen
2013-09-26Bug 917669 - invalid or expired authentication tokens and cookies should ↵Dave Lawrence1-8/+13
throw errors, not be silently ignored r/a=glob
2013-08-27Bug 893195 - Allow token based authentication for webservicesDave Lawrence3-23/+79
r=glob,a=sgreen
2012-12-31Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without ↵Reed Loden1-1/+12
breaking compat with old hashes [r=LpSolit a=LpSolit]
2012-12-01Bug 787668: Use |use parent| instead of |use base|Matt Selsky5-5/+5
r/a=LpSolit
2012-11-30Bug 816747 - Add dummy POD for unPODded methods.Marc Schumann1-0/+8
r/a=LpSolit
2012-09-01Bug 787529: Use |use 5.10.1| everywhereFrédéric Buclin11-0/+28
r=wicked a=LpSolit
2012-08-30Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can ↵Reed Loden1-0/+2
lead to LDAP injection r/a=LpSolit
2012-01-11Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and ↵Frédéric Buclin11-225/+55
add it to files which miss one r=kiko r=mkanat r=mrbball a=LpSolit
2011-11-18Make Login/Stack.pm refuse to continue down the stack if an Auth method ↵Gervase Markham1-2/+8
returns an explicit failure. r=dkl, a=mkanat. https://bugzilla.mozilla.org/show_bug.cgi?id=698423
2011-05-06Bug 653713: editusers.cgi crashes when editing a user profileJochen Wiedmann1-1/+4
r/a=mkanat
2011-04-28Bug 423612 - Allow editing extern_id for users from the admin interfaceJochen Wiedmann5-0/+30
r=mkanat, a=mkanat
2010-10-15Bug 604522: t/012throwables.t doesn't catch new user errors correctlyFrédéric Buclin1-2/+2
r/a=mkanat
2010-10-14Bug 575947: Users with passwords length less than 6 characters can't login ↵Frédéric Buclin1-0/+6
after migration from 3.4.x or older to 3.6 or newer r/a=mkanat
2010-10-07Bug 602165: Change sql_interval to sql_date_math, in preparation forMax Kanat-Alexander1-2/+3
MS-SQL and SQLite support.
2010-04-22Bug 550732: Allow read-only JSON-RPC methods to be called with GETMax Kanat-Alexander4-0/+16
r=dkl, a=mkanat
2010-03-24Bug 553770: Make the JSON-RPC WebService throw a proper error when you don'tMax Kanat-Alexander1-4/+2
provide login credentials on a LOGIN_REQUIRED page. (Before this, it was attempting to display the HTML login page to JSON-RPC clients.) r=dkl, a=mkanat
2010-02-01Fix the data in the bzr repo to match the data in the CVS repo.Max Kanat-Alexander1-0/+0
During the CVS imports into Bzr, there were some inconsistencies introduced (mostly that files that were deleted in CVS weren't being deleted in Bzr). So this checkin makes the bzr repo actually consistent with the CVS repo, including fixing permissions of files.
2010-01-05Bug 467992: Login fails if the user's LDAP account is denied search in LDAP ↵lpsolit%gmail.com1-5/+28
- Patch by Adam Batkin <adam@batkin.net> r/a=mkanat
2009-12-31Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxiesmkanat%bugzilla.org2-2/+2
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-12-31Bug 385606: Logincookies are recreated at each HTTP request when using the ↵lpsolit%gmail.com1-0/+1
'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat
2009-12-13Bug 355283: Lock out a user account on a particular IP for 30 minutes if ↵mkanat%bugzilla.org1-16/+30
they fail to log in 5 times from that IP. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-11-24Bug 430014: Re-write the code hooks system so that it uses modules instead ↵mkanat%bugzilla.org2-2/+2
of individual .pl files Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat
2009-11-09Bug 525734: Allow WebService clients to authenticate using Bugzilla_login ↵mkanat%bugzilla.org2-8/+7
and Bugzilla_password Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-10-19Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric ↵lpsolit%gmail.com2-26/+14
Buclin <LpSolit@gmail.com> r/a=mkanat
2009-10-09Bug 514913: Eliminate ssl="authenticated sessions"mkanat%bugzilla.org2-16/+3
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat
2009-04-17Bug 488467: Verify and Login auth methods were being called in a random ↵mkanat%bugzilla.org2-2/+2
order, causing sudo sessions to frequently not need the user to re-enter their password. Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-03-02Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi.mkanat%bugzilla.org1-0/+1
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2009-01-20Bug 134022: PERFORMANCE: deleting old login cookies locks login checksmkanat%bugzilla.org1-0/+9
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat
2009-01-02Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed ↵mkanat%bugzilla.org1-0/+10
passwords in the database Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit
2008-10-23Bug 455584 - Use bz_crypt everywhere instead of the crypt() functiondkl%redhat.com1-6/+1
Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit