stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-03 02:09:22 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,254 Commits 4 Branches 0 Tags
f9377bcbd37886f09cfcf72a89f73629825e63dc
Commit Graph

11 Commits

Author SHA1 Message Date
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Tim Almdal
1f51d663a0 Correct missing function name. 2010-02-03 08:18:53 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
d92ee7954e Refactory auth::too_many_failed_logins() out of 
auth::validate_too_many_failed_logins() to conceptually separate the
two.
 2010-01-30 23:15:18 -08:00
Andy Staudacher
1470b99d1f Protect REST login controller from brute force attacks too. 
And make the REST auth token less predictable by using a better source for randomness.
 2010-01-30 21:42:57 -08:00
Bharat Mediratta
2bfcec9620 Prevent brute force login attacks by reducing login attempts to 1 per 
minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
 2010-01-30 19:48:57 -08:00
Bharat Mediratta
70b235e13d In auth::login() make the user active before trying to save it, else 
the validation code fails because it expects there to be an active
user.
 2010-01-28 21:33:01 -08:00
Tim Almdal
11fbcfeb25 Found another broken link for what should have been the user profile 2010-01-28 09:55:41 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
59b5a05496 Rename the login helper to auth. Create a login and logout helper function to allow for programmically login in and out. 2009-10-30 09:32:18 -07:00