Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-10-29 17:26:23 +01:00
Code Issues Packages Projects Releases Activity
19,046 Commits 35 Branches 222 Tags
7e350f1585d51a754fde2bc6d0646e23870b898e
Commit Graph

134 Commits

Author SHA1 Message Date
Marius Balteanu
283a7ed07a Mark accounts#register with Cache-Control: no-store (#42998). 
Patch by Holger Just (user:hjust).

git-svn-id: https://svn.redmine.org/redmine/trunk@23947 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2025-09-07 06:21:11 +00:00
Marius Balteanu
66021a5be2 Reverts r23943 due to wrong commit message (#42998). 
git-svn-id: https://svn.redmine.org/redmine/trunk@23946 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2025-09-07 06:20:12 +00:00
Marius Balteanu
ddc61d80d7 Mark sensitive repository forms with Cache-Control: no-store (#42998). 
Patch by Holger Just (user:hjust).

git-svn-id: https://svn.redmine.org/redmine/trunk@23943 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2025-09-07 06:16:09 +00:00
Marius Balteanu
2d1f1684a1 Explicitly don't cache sensitive 2FA actions (#43083). 
Patch by Felix Schäfer (user:felix).

git-svn-id: https://svn.redmine.org/redmine/trunk@23917 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2025-08-13 05:58:49 +00:00
Marius Balteanu
d79fe0df9a Adds @Cache-Control: no-store@ header to login, lost password, change password and sudo pages (#42998). 
Patch by Go MAEDA (user:maeda).

git-svn-id: https://svn.redmine.org/redmine/trunk@23908 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2025-08-10 13:23:14 +00:00
Marius Balteanu
38d950df55 Remove current year from source file copyright headers and update year in footer to 2024 (#40043). 
git-svn-id: https://svn.redmine.org/redmine/trunk@22746 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2024-02-26 22:55:54 +00:00
Go MAEDA
c94296720d Remove "Unknown user" notification on password request with non-existent email address (#6254). 
Patch by Go MAEDA.


git-svn-id: https://svn.redmine.org/redmine/trunk@22100 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2023-02-07 03:53:27 +00:00
Go MAEDA
3942177f49 Fix RuboCop offense Performance/BlockGivenWithExplicitBlock (#38146). 
git-svn-id: https://svn.redmine.org/redmine/trunk@22027 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2023-01-11 13:20:52 +00:00
Go MAEDA
92bd67c279 Update copyright year to 2023 (#38141). 
git-svn-id: https://svn.redmine.org/redmine/trunk@22013 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2023-01-01 06:19:35 +00:00
Go MAEDA
3686b77eb6 Update copyright year in source files to 2022 (#36379). 
git-svn-id: http://svn.redmine.org/redmine/trunk@21342 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2022-01-02 05:29:10 +00:00
Go MAEDA
9955844da1 Drop OpenID support (#35755). 
Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21312 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2021-12-14 00:09:53 +00:00
Go MAEDA
099b160d11 Add SameSite=Lax to cookies to fix warnings in web browsers (#35226). 
Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21009 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2021-05-27 08:31:15 +00:00
Go MAEDA
f9e937f85a Users without two-factor authentication enabled cannot sign out when two-factor authentication is required (#35087). 
Patch by Go MAEDA.


git-svn-id: http://svn.redmine.org/redmine/trunk@20949 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2021-04-16 02:27:18 +00:00
Go MAEDA
3e36b5c452 Update copyright year in source files to 2021 (#33069). 
git-svn-id: http://svn.redmine.org/redmine/trunk@20846 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2021-03-25 06:58:56 +00:00
Go MAEDA
1dcebf8ce0 Changes User.try_to_login to catch and log AuthSourceExceptions, and introduces User.try_to_login! replicating the original behavior (#34071). 
Patch by Jens Krämer.


git-svn-id: http://svn.redmine.org/redmine/trunk@20547 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-12-02 13:56:15 +00:00
Toshi MARUYAMA
a82bf2c42a fix source indent of AccountController 
git-svn-id: http://svn.redmine.org/redmine/trunk@20087 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-09-26 15:02:34 +00:00
Go MAEDA
8900eb6eb5 Backup codes for 2fa auth (#1237). 
Patch by Felix Schäfer.


git-svn-id: http://svn.redmine.org/redmine/trunk@19990 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-08-29 06:51:21 +00:00
Go MAEDA
560bca344a Adds two factor authentication support (#1237). 
Patch by Felix Schäfer.


git-svn-id: http://svn.redmine.org/redmine/trunk@19988 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-08-29 06:21:50 +00:00
Toshi MARUYAMA
ad97b5afec remove spaces inside {} of AccountController 
git-svn-id: http://svn.redmine.org/redmine/trunk@19902 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-07-15 16:36:31 +00:00
Go MAEDA
907e0173e4 Update copyright year in source files to 2020 (#33069). 
git-svn-id: http://svn.redmine.org/redmine/trunk@19553 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2020-03-03 00:24:10 +00:00
Go MAEDA
4082069c75 Update copyright year. 
git-svn-id: http://svn.redmine.org/redmine/trunk@18198 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2019-05-25 07:36:06 +00:00
Go MAEDA
07b3087fda Enable frozen_string_literal for some files under app and lib directory (#26561). 
git-svn-id: http://svn.redmine.org/redmine/trunk@17977 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2019-03-16 09:37:35 +00:00
Go MAEDA
5861160ffc Add "frozen_string_literal: false" for all files (#26561). 
This will be changed to true in the future.


git-svn-id: http://svn.redmine.org/redmine/trunk@17947 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2019-03-15 01:32:57 +00:00
Go MAEDA
57a4fedd34 Handles the case when an expired token is in the users session (#29781). 
Patch by Jens Krämer.


git-svn-id: http://svn.redmine.org/redmine/trunk@17601 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2018-10-28 05:59:11 +00:00
Jean-Philippe Lang
0c78056a69 Send emails asynchronously (#26791). 
Custom async_* delivery methods are removed in favor of ActiveJob (Async by default).

git-svn-id: http://svn.redmine.org/redmine/trunk@17588 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2018-10-10 17:13:09 +00:00
Jean-Philippe Lang
0e362e84ab Security notification on password recovery is empty (#28302). 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@17269 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2018-04-07 07:49:43 +00:00
Go MAEDA
01085249ab Fix: Strip whitespace from email addresses on lost password page (#27754). 
Patch by Felix Schäfer.


git-svn-id: http://svn.redmine.org/redmine/trunk@17078 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-12-08 08:27:27 +00:00
Jean-Philippe Lang
7fd04e1f8d Update copyright. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16685 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-06-25 08:40:31 +00:00
Jean-Philippe Lang
0bf1e4ee2d Render register page on all non-POST requests to account#register (#25653). 
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16555 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-13 09:32:53 +00:00
Jean-Philippe Lang
fee959675d Only perform login action on explicit POST (#25653). 
Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16554 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-05-13 09:32:09 +00:00
Jean-Philippe Lang
b9ee00a8c8 Adds methods to User model to handle tokens. 
git-svn-id: http://svn.redmine.org/redmine/trunk@16474 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-04 17:15:07 +00:00
Toshi MARUYAMA
6139e0033a spelling fixes (#25495) 
git-svn-id: http://svn.redmine.org/redmine/trunk@16445 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-04-02 03:34:44 +00:00
Jean-Philippe Lang
89daf0f16a Password reset should count as a password change for User#must_change_passwd (#25253). 
Patch by Felix Schäfer.

git-svn-id: http://svn.redmine.org/redmine/trunk@16374 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-03-05 09:16:16 +00:00
Jean-Philippe Lang
9e1723c537 Redirect with token in session (#24416). 
git-svn-id: http://svn.redmine.org/redmine/trunk@16287 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2017-01-29 08:58:40 +00:00
Jean-Philippe Lang
124a459d55 Use the main menu for project related actions that support cross-project display. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15983 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-11-19 10:30:02 +00:00
Jean-Philippe Lang
43d8ab8288 Use safe_attributes for user preferences. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15688 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-17 06:43:12 +00:00
Jean-Philippe Lang
c55dd52b07 Handle admin and login with safe_attributes. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15663 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-14 11:56:39 +00:00
Jean-Philippe Lang
2457f5914d Use .skip_before_action instead of .skip_before_filter. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15656 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-07-14 07:29:04 +00:00
Jean-Philippe Lang
a47eab8868 Let the mailer set the email content (#21421). 
git-svn-id: http://svn.redmine.org/redmine/trunk@15267 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-20 07:35:08 +00:00
Jean-Philippe Lang
cda9c63d9c Updates copyright for 2016. 
git-svn-id: http://svn.redmine.org/redmine/trunk@15238 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-03-13 10:30:10 +00:00
Jean-Philippe Lang
5d70fce6ce Security notifications when password or email adress is changed (#21421). 
Patch by Jan Schulz-Hofen.

git-svn-id: http://svn.redmine.org/redmine/trunk@15145 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-02-05 07:33:24 +00:00
Jean-Philippe Lang
668570b6a2 Typo: s/creditentials/credentials/ (#21861). 
Patch by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@15132 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2016-01-30 15:22:11 +00:00
Jean-Philippe Lang
f4c3700702 Adds the "Hide my email address" option on the registration form (#21500). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14976 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-12-13 15:39:09 +00:00
Jean-Philippe Lang
703d8a4782 Use config.relative_url_root as the default path for session and autologin cookies (#21169). 
Patch by Daniel Ritz.

git-svn-id: http://svn.redmine.org/redmine/trunk@14876 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-11-14 10:04:08 +00:00
Jean-Philippe Lang
8369b6b133 Set autologin cookie as secure by default when using https (#20935). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14648 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-07 19:43:12 +00:00
Jean-Philippe Lang
16cc9ec06a Activate sudo mode after password based login (#20589). 
Patch by Jens Krämer.

git-svn-id: http://svn.redmine.org/redmine/trunk@14635 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-10-01 17:07:06 +00:00
Toshi MARUYAMA
918a412fd4 use String#casecmp for case insensitive comparison (#20369) 
Contributed by Go MAEDA.

git-svn-id: http://svn.redmine.org/redmine/trunk@14484 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-08-12 12:54:06 +00:00
Jean-Philippe Lang
2a7795ab52 Escape flash messages (#19117). 
git-svn-id: http://svn.redmine.org/redmine/trunk@14016 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-02-17 17:47:36 +00:00
Jean-Philippe Lang
a3a8fee8ad Send password reset email to the email used in lost password form (#4244). 
git-svn-id: http://svn.redmine.org/redmine/trunk@13888 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-17 14:51:29 +00:00
Jean-Philippe Lang
000124f44f Copyright update. 
git-svn-id: http://svn.redmine.org/redmine/trunk@13872 e93f8b46-1217-0410-a6f0-8f06a7374b81
 2015-01-11 09:09:50 +00:00