MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
646 Commits 10 Branches 43 Tags 12 MiB
Commit Graph

62 Commits

Author SHA1 Message Date
Luc Didry 470b262a22 Merge branch 'auth_header' into 'development' 
Ajout de vérification sur auth_headers dans le controlleur Files

See merge request fiat-tux/hat-softwares/lufi!100
 2022-04-04 05:58:23 +00:00
mildis cf85571f05 Ajout de verification sur auth_headers dans le controlleur Files 
auth_headers n etait pas verifie sur l upload, le download et d autres methodes.
Cela pourrait permettre des les appeler meme sans etre authentifie.

L appel initiel a Files/files n est pas verifie pour auth_headers car la redirection vers login n est pas utile.
En effet, c est un composant externe qui configure le header d authentification, il ne faut pas renvoyer vers une page de login interne.
 2022-04-03 10:31:54 +02:00
Luc Didry 3cb87757c9
🔀 Merge branch 'mildis/lufi-auth_header' into development 2022-03-19 18:20:52 +01:00
Luc Didry 3962188200
🔒 Detect schemeless URL in mail (#254) 2021-11-03 10:03:24 +01:00
Luc Didry ff9b320347
🔒 Fix unauthorized manipulations of invitations (#254) 2021-11-03 09:15:39 +01:00
mildis 9348367213 allow define custom logout uri 
Fixes #234
 2020-12-02 16:15:18 +01:00
mildis 537764508d Add support for header authentication 2020-12-02 09:02:39 +01:00
Luc Didry 379df04588
🐛Fix #229 — Invitation, error 500 when guest send file with special character 2020-11-25 16:03:25 +01:00
Luc Didry 8d6f1032f0
— Add support for Swift object storage 
- Swift support
- script to upload the existing files to Swift
 2020-06-02 21:28:02 +02:00
Luc Didry 17600fd679
Fix #174 — Show latest tag and commit of the instance 
It’s showed in about page and config API endpoint
 2020-06-02 21:27:43 +02:00
Luc Didry 53342a31ba
Fix #183 — Add config API endpoint 2020-04-24 18:39:00 +02:00
Luc Didry 3e3e84d6f4
🐛Fix #159 — Problem with badly detected URLs in mail sending 2019-10-08 00:47:47 +02:00
Luc Didry be0b3c7b2c
🐛Fix #161 — Translate dates in invitations 
Many thanks to https://framagit.org/RainX who reported the bug and
provided the fix 🙂
 2019-09-29 16:51:23 +02:00
Luc Didry c8533d0417
🌐 Fix english sentences 2019-08-03 17:29:23 +02:00
Luc Didry e9fabba2db
🐜 Fix bad name used for a setting in code 2019-08-01 19:50:39 +02:00
Luc Didry 2f8758c865
🐜 Prevent to store a invitation file twice in DB / have it twice in mail 2019-08-01 19:50:37 +02:00
Luc Didry 8b68d7e821
Fix #150✉️ Implement invitations to other people when using LDAP auth 2019-08-01 19:50:36 +02:00
Luc Didry d9928e61c1
🗜️ New Zip UI + 🐜 fix bug in upload cancellation 2019-08-01 19:50:10 +02:00
Luc Didry b35c0d126b
Use Mojolicious::Plugin::FiatTux::GrantAccess 0.06 2019-08-01 19:50:09 +02:00
Luc Didry 0700ea7375
Fix #130 — Allow to individually download files from zip 2019-08-01 19:50:08 +02:00
Luc Didry 40dc29d573
Add downloads count to stats 2019-08-01 19:49:38 +02:00
Luc Didry 357361e406
Use configured prefix in base_url for mail. 2019-07-30 19:51:14 +02:00
mildis 13ed3cf3ab Do no force path while sending email. 
Preserve custom prefix.

Close #134
 2019-03-28 09:58:43 +01:00
Luc Didry cd0c4fea4e
Fix warning in change lang endpoint 2018-10-28 21:52:21 +01:00
Luc Didry 9fb59173fc
Fix #129 — Add constraints on mail sending to prevent spam sending 2018-10-28 14:41:29 +01:00
Luc Didry c64d26a292
Fix header injection and open redirects from referrer header 2018-10-26 17:34:50 +02:00
Luc Didry 72404aaf99
Fix header injection from lang code 2018-10-26 17:26:14 +02:00
Luc Didry da7cb658df
Add CSRF token challenge on logout 2018-10-26 16:03:21 +02:00
Luc Didry 548f838e60
Add CSRF token challenge on login 2018-10-26 14:53:06 +02:00
Luc Didry e41b08601d
Add a test suite 2018-10-24 21:56:37 +02:00
Luc Didry 6958b7fc0a
Use a recurrent task to provision shorts 2018-10-24 16:04:10 +02:00
Luc Didry 986e7793db
Allow to choose your language 2018-10-22 23:54:20 +02:00
Luc Didry 25ab7e644d
Fix #78 - Allow to block files by setting an abuse field in DB 2018-10-21 18:24:48 +02:00
Luc Didry c2e9268cc7
Fix #123 - Option to force "Burn after reading" for each uploaded file 2018-10-21 14:49:24 +02:00
Luc Didry 7aae44f6cc Fix #64 2017-09-11 21:30:45 +02:00
Luc Didry d909b8ad70 Add DB abstraction layer 2017-07-22 18:56:13 +02:00
Luc Didry abebf60861 respond_to correction 2017-07-19 20:26:26 +02:00
Luc Didry 1c2cee539d Add instance statistics at /fullstats 2017-07-17 22:23:38 +02:00
Luc Didry 1fbe93a71c Update Mojolicious version (use Mojo::File instead of Mojo::Util spurt/slurp) 2017-07-15 14:25:44 +02:00
Yann dbdaff9421 Add htpasswd file support for user authentication 
Fixes based on merge request discussion by Luc Didry: https://framagit.org/luc/lufi/merge_requests/7

Coding style
 2017-07-14 12:53:27 +02:00
Luc Didry 50b1f00c17 Add ability to protect download with a password 2017-07-14 12:52:03 +02:00
Luc Didry b219064794 Fix delay handling 2016-12-31 14:09:00 +01:00
Luc Didry bd0c26dd2d Handle case where sender doesn't specify delay 2016-12-31 07:45:47 +01:00
Luc Didry d94c2b7f90 Fix XSS bugs 
Thanks to Neil Jomunsi (http://page42.org) to support me on Tipeee :-)
 2016-07-24 18:39:21 +02:00
Luc Didry 3bbe8000d3 Fix #50 Add users infos in log and db if using ldap 2016-07-24 18:39:21 +02:00
Luc Didry 6f3cf342ac Fix #36 2016-07-24 18:39:21 +02:00
Luc Didry ac8d764b06 Add optionnal LDAP authentication for uploading files 2016-07-24 18:39:20 +02:00
Sebastien Duthil aa0c5ac170 fix typos in english translation 2016-07-24 18:32:48 +02:00
Luc Didry f94ae4348b Fix #13 2016-07-24 18:32:48 +02:00
Luc Didry cd104cb512 Fix unnecessary slices write 
It seems that's the culprit for bad response time when sending big
files.
 2016-07-24 18:32:48 +02:00