Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218,585 Commits 3,986 Branches 0 Tags
Commit Graph

125 Commits

Author SHA1 Message Date
bzrmirror%bugzilla.org
200d60ec4d Remove docs changes by jwilmoth@starbucks.com. 
git-svn-id: svn://10.0.0.236/trunk@265700 18797224-902f-48f8-a5cc-f745e15eee43
 2014-12-03 22:02:31 +00:00
bzrmirror%bugzilla.org
160f533567 Bug 1071317: Remove unused variables 
r=gerv a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265591 18797224-902f-48f8-a5cc-f745e15eee43
 2014-09-29 11:00:49 +00:00
bzrmirror%bugzilla.org
d53c6de213 Bug 1009013 - Require a user to change their password if they log in and their current password does not meet the password complexity rules 
r=glob, a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265566 18797224-902f-48f8-a5cc-f745e15eee43
 2014-09-11 00:00:53 +00:00
bzrmirror%bugzilla.org
84c5be6eb5 Bug 996893: Perl 5.18 and newer throw tons of warnings about deprecated modules 
r=dkl a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265490 18797224-902f-48f8-a5cc-f745e15eee43
 2014-08-13 11:01:07 +00:00
bzrmirror%bugzilla.org
6d369bd4e4 Bug 1044701: "Uninitialized value $token_type" when passing an invalid Bugzilla_api_token value 
r=sgreen,a=glob


git-svn-id: svn://10.0.0.236/trunk@265484 18797224-902f-48f8-a5cc-f745e15eee43
 2014-07-31 17:30:50 +00:00
bzrmirror%bugzilla.org
5a9c131bd0 Bug 726696 - All authenticated WebServices methods should require username/pass, token or a valid API key for authentication 
r=dkl, a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265478 18797224-902f-48f8-a5cc-f745e15eee43
 2014-07-27 09:00:54 +00:00
bzrmirror%bugzilla.org
650d813242 Bug 1009017: users are unable to log in if their password needs to be 
re-encrypted and their password does not match the current complexity
rule
r=dkl, a=glob


git-svn-id: svn://10.0.0.236/trunk@265406 18797224-902f-48f8-a5cc-f745e15eee43
 2014-05-20 06:00:48 +00:00
bzrmirror%bugzilla.org
7d666f6afc Bug 1001497: User.login incorrectly returns id = 0 when the login or password is missing 
r=dkl a=justdave


git-svn-id: svn://10.0.0.236/trunk@265359 18797224-902f-48f8-a5cc-f745e15eee43
 2014-04-25 20:30:48 +00:00
bzrmirror%bugzilla.org
550894d547 Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection 
r=dkl a=justdave


git-svn-id: svn://10.0.0.236/trunk@265332 18797224-902f-48f8-a5cc-f745e15eee43
 2014-04-17 16:30:48 +00:00
bzrmirror%bugzilla.org
c9bdaf3776 Bug 987205: Bugzilla crashes because it tries to import a non-exported login_token() subroutine from Bugzilla::Auth::Login::Cookie 
r=dkl a=justdave


git-svn-id: svn://10.0.0.236/trunk@265317 18797224-902f-48f8-a5cc-f745e15eee43
 2014-04-14 19:45:48 +00:00
bzrmirror%bugzilla.org
a3d4ea4500 Bug 947823: Replace gender-specific pronouns with gender-neutral pronouns 
r=gerv a=justdave


git-svn-id: svn://10.0.0.236/trunk@265260 18797224-902f-48f8-a5cc-f745e15eee43
 2014-02-27 09:00:54 +00:00
bzrmirror%bugzilla.org
41a21e2898 Bug 956233: enable USE_MEMCACHE on most objects 
r=dkl, a=glob


git-svn-id: svn://10.0.0.236/trunk@265222 18797224-902f-48f8-a5cc-f745e15eee43
 2014-01-31 07:30:50 +00:00
bzrmirror%bugzilla.org
1bffdbd0cf Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method 
r=dkl a=justdave


git-svn-id: svn://10.0.0.236/trunk@265151 18797224-902f-48f8-a5cc-f745e15eee43
 2013-12-21 16:45:41 +00:00
bzrmirror%bugzilla.org
71b4a797bc Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total entropy and allowing easier brute force 
r=LpSolit,a=sgreen


git-svn-id: svn://10.0.0.236/trunk@265057 18797224-902f-48f8-a5cc-f745e15eee43
 2013-10-16 17:01:24 +00:00
bzrmirror%bugzilla.org
3dcb5f6e7e Bug 917669 - invalid or expired authentication tokens and cookies should throw errors, not be silently ignored 
r/a=glob


git-svn-id: svn://10.0.0.236/trunk@265036 18797224-902f-48f8-a5cc-f745e15eee43
 2013-09-26 15:18:15 +00:00
bzrmirror%bugzilla.org
c83ee562ea Bug 893195 - Allow token based authentication for webservices 
r=glob,a=sgreen


git-svn-id: svn://10.0.0.236/trunk@264987 18797224-902f-48f8-a5cc-f745e15eee43
 2013-08-27 04:06:36 +00:00
mkanat%bugzilla.org
a53fa92e42 Bug 785283 - Support increased values for PASSWORD_SALT_LENGTH without breaking compat with old hashes 
[r=LpSolit a=LpSolit]


git-svn-id: svn://10.0.0.236/trunk@264599 18797224-902f-48f8-a5cc-f745e15eee43
 2012-12-31 22:00:44 +00:00
mkanat%bugzilla.org
1764f0df90 Bug 787668: Use |use parent| instead of |use base| 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@264508 18797224-902f-48f8-a5cc-f745e15eee43
 2012-12-01 01:31:00 +00:00
mkanat%bugzilla.org
f6af30d002 Bug 816747 - Add dummy POD for unPODded methods. 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@264502 18797224-902f-48f8-a5cc-f745e15eee43
 2012-11-30 14:45:59 +00:00
mkanat%bugzilla.org
8e47ba629a Bug 787529: Use |use 5.10.1| everywhere 
r=wicked a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@264195 18797224-902f-48f8-a5cc-f745e15eee43
 2012-09-01 21:45:59 +00:00
mkanat%bugzilla.org
04c6886fc0 Bug 785470: (CVE-2012-3981) [SECURITY] Missing escaping of the username can lead to LDAP injection 
r/a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@264179 18797224-902f-48f8-a5cc-f745e15eee43
 2012-08-30 18:33:26 +00:00
mkanat%bugzilla.org
3b5e8524aa Bug 680131: Replace the MPL 1.1 license by the MPL 2.0 one in all files, and add it to files which miss one 
r=kiko r=mkanat r=mrbball a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@263258 18797224-902f-48f8-a5cc-f745e15eee43
 2012-01-11 22:48:45 +00:00
mkanat%bugzilla.org
e06e3ecae7 Make Login/Stack.pm refuse to continue down the stack if an Auth method returns an explicit failure. r=dkl, a=mkanat. 
git-svn-id: svn://10.0.0.236/trunk@263083 18797224-902f-48f8-a5cc-f745e15eee43
 2011-11-18 10:31:31 +00:00
mkanat%bugzilla.org
5bc56f4890 Bug 653713: editusers.cgi crashes when editing a user profile 
r/a=mkanat


git-svn-id: svn://10.0.0.236/trunk@262299 18797224-902f-48f8-a5cc-f745e15eee43
 2011-05-06 21:05:43 +00:00
mkanat%bugzilla.org
d811d0f3ac Bug 423612 - Allow editing extern_id for users from the admin interface 
r=mkanat, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@262246 18797224-902f-48f8-a5cc-f745e15eee43
 2011-04-27 22:32:21 +00:00
mkanat%bugzilla.org
5af9c75cfe Bug 604522: t/012throwables.t doesn't catch new user errors correctly 
r/a=mkanat


git-svn-id: svn://10.0.0.236/trunk@261404 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-15 00:21:59 +00:00
mkanat%bugzilla.org
9be0c2c2f4 Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer 
r/a=mkanat


git-svn-id: svn://10.0.0.236/trunk@261395 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-14 00:53:22 +00:00
mkanat%bugzilla.org
9285e338dd Bug 602165: Change sql_interval to sql_date_math, in preparation for 
MS-SQL and SQLite support.


git-svn-id: svn://10.0.0.236/trunk@261360 18797224-902f-48f8-a5cc-f745e15eee43
 2010-10-07 11:02:21 +00:00
mkanat%bugzilla.org
594bcd76eb Bug 550732: Allow read-only JSON-RPC methods to be called with GET 
r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@260221 18797224-902f-48f8-a5cc-f745e15eee43
 2010-04-22 19:01:59 +00:00
mkanat%bugzilla.org
c723e8517c Bug 553770: Make the JSON-RPC WebService throw a proper error when you don't 
provide login credentials on a LOGIN_REQUIRED page. (Before this, it was
attempting to display the HTML login page to JSON-RPC clients.)
r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@260024 18797224-902f-48f8-a5cc-f745e15eee43
 2010-03-23 23:21:19 +00:00
lpsolit%gmail.com
b9168f54ae Bug 467992: Login fails if the user's LDAP account is denied search in LDAP - Patch by Adam Batkin <adam@batkin.net> r/a=mkanat 
git-svn-id: svn://10.0.0.236/trunk@259335 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-05 08:32:54 +00:00
mkanat%bugzilla.org
0cc827bc54 Bug 527586: Use X-Forwarded-For instead of REMOTE_ADDR for trusted proxies 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@259326 18797224-902f-48f8-a5cc-f745e15eee43
 2009-12-31 12:53:21 +00:00
lpsolit%gmail.com
e945361ed0 Bug 385606: Logincookies are recreated at each HTTP request when using the 'Env' auth method - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat 
git-svn-id: svn://10.0.0.236/trunk@259322 18797224-902f-48f8-a5cc-f745e15eee43
 2009-12-31 12:18:06 +00:00
mkanat%bugzilla.org
15546c7c25 Bug 355283: Lock out a user account on a particular IP for 30 minutes if they fail to log in 5 times from that IP. 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@259208 18797224-902f-48f8-a5cc-f745e15eee43
 2009-12-13 20:46:28 +00:00
mkanat%bugzilla.org
98a5bbf59c Bug 430014: Re-write the code hooks system so that it uses modules instead of individual .pl files 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> (module owner) a=mkanat


git-svn-id: svn://10.0.0.236/trunk@259069 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-24 06:09:55 +00:00
mkanat%bugzilla.org
0dfd6e55e2 Bug 525734: Allow WebService clients to authenticate using Bugzilla_login and Bugzilla_password 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@258941 18797224-902f-48f8-a5cc-f745e15eee43
 2009-11-09 19:15:30 +00:00
lpsolit%gmail.com
c89b589751 Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat 
git-svn-id: svn://10.0.0.236/trunk@258717 18797224-902f-48f8-a5cc-f745e15eee43
 2009-10-18 23:35:01 +00:00
mkanat%bugzilla.org
c70c2cf9ff Bug 514913: Eliminate ssl="authenticated sessions" 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=dkl, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@258645 18797224-902f-48f8-a5cc-f745e15eee43
 2009-10-09 04:31:13 +00:00
mkanat%bugzilla.org
e417a47487 Bug 488467: Verify and Login auth methods were being called in a random order, causing sudo sessions to frequently not need the user to re-enter their password. 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@256954 18797224-902f-48f8-a5cc-f745e15eee43
 2009-04-17 21:57:19 +00:00
mkanat%bugzilla.org
2845ec790e Bug 121601: Have logout display index.cgi, not just a message on relogin.cgi. 
Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@256377 18797224-902f-48f8-a5cc-f745e15eee43
 2009-03-01 23:42:55 +00:00
mkanat%bugzilla.org
3c1cae0914 Bug 134022: PERFORMANCE: deleting old login cookies locks login checks 
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@255864 18797224-902f-48f8-a5cc-f745e15eee43
 2009-01-20 20:10:08 +00:00
mkanat%bugzilla.org
36dafcc096 Bug 211006: Make Bugzilla use SHA-256 instead of crypt() to store hashed passwords in the database 
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@255694 18797224-902f-48f8-a5cc-f745e15eee43
 2009-01-02 09:11:51 +00:00
dkl%redhat.com
d2cc34e014 Bug 455584 - Use bz_crypt everywhere instead of the crypt() function 
Patch by David Lawrence <dkl@redhat.com> = r/a=LpSolit


git-svn-id: svn://10.0.0.236/trunk@254732 18797224-902f-48f8-a5cc-f745e15eee43
 2008-10-22 21:54:59 +00:00
lpsolit%gmail.com
eec25e0428 Bug 460770: Incorrect regexp when parsing the list of LDAP servers - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat 
git-svn-id: svn://10.0.0.236/trunk@254682 18797224-902f-48f8-a5cc-f745e15eee43
 2008-10-20 18:37:38 +00:00
lpsolit%gmail.com
79e1610288 Partial backout of bug 183665. It's responsible for bug 457719 
git-svn-id: svn://10.0.0.236/trunk@254530 18797224-902f-48f8-a5cc-f745e15eee43
 2008-10-04 20:04:50 +00:00
dkl%redhat.com
36109e6138 Bug 453767 - Passwords containing wide characters causes system error 
Patch by David Lawrence <dkl@redhat.com> - a/r=mkanat


git-svn-id: svn://10.0.0.236/trunk@254181 18797224-902f-48f8-a5cc-f745e15eee43
 2008-09-12 15:10:14 +00:00
lpsolit%gmail.com
e62e028333 Bug 449984: Login cookies should be created as SSL-only on installations that require SSL - Patch by Frédéric Buclin <LpSolit@gmail.com> r/a=mkanat 
git-svn-id: svn://10.0.0.236/trunk@253851 18797224-902f-48f8-a5cc-f745e15eee43
 2008-08-27 01:10:33 +00:00
reed%reedloden.com
d379f34dfc Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" [p=reed r+a=mkanat] 
git-svn-id: svn://10.0.0.236/trunk@253792 18797224-902f-48f8-a5cc-f745e15eee43
 2008-08-22 23:39:41 +00:00
dkl%redhat.com
f51ff717a8 Bug 428659 – Setting SSL param to 'authenticated sessions' only protects logins and param 
doesn't protect WebService calls at all
Patch by David Lawrence <dkl@redhat.com> - r/a=LpSolit/mkanat


git-svn-id: svn://10.0.0.236/trunk@253665 18797224-902f-48f8-a5cc-f745e15eee43
 2008-08-18 04:16:14 +00:00
mkanat%bugzilla.org
fd276d6f66 Bug 438435: Need code hooks for authentication 
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, a=mkanat


git-svn-id: svn://10.0.0.236/trunk@253408 18797224-902f-48f8-a5cc-f745e15eee43
 2008-08-06 23:38:31 +00:00