| a124a140 | 26-Feb-2026 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| afea3dda | 26-Feb-2026 |
Andreas Gohr <gohr@cosmocode.de> |
fix wrong logical check |
| 02a7a09e | 25-Feb-2026 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 8bfbdf72 | 25-Feb-2026 |
Andreas Gohr <gohr@cosmocode.de> |
Allow token based logins without 2fa for automated access
By default token auth accesses to the API are now always allowed without
2fa. If you need automated access to other endpoints (like a script
Allow token based logins without 2fa for automated access
By default token auth accesses to the API are now always allowed without
2fa. If you need automated access to other endpoints (like a script
provided by a plugin) an option enables that.
show more ...
|
| 5910f2e5 | 27-Mar-2024 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 37f2d586 | 27-Mar-2024 |
Andreas Gohr <andi@splitbrain.org> |
add missing config metadata |
| 0fdb715e | 21-Feb-2024 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 95ed3afa | 21-Feb-2024 |
Andreas Gohr <andi@splitbrain.org> |
allow to skip 2fa for trusted IP addresses |
| 57cbfa8a | 11-Jul-2023 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| f04d92b8 | 11-Jul-2023 |
Andreas Gohr <andi@splitbrain.org> |
avoid rogue 2fa code generations
When a wiki uses rewriting, non-existing files are mapped to doku.php
and interpreted as page names. When using a 2fa provider that transmits
codes (like email) this
avoid rogue 2fa code generations
When a wiki uses rewriting, non-existing files are mapped to doku.php
and interpreted as page names. When using a 2fa provider that transmits
codes (like email) this could lead to sending multiple codes out for
each of these bogus requests. This patch ensures that the 2fa form (and
code sending) is only triggered for document requests as indicated by
the sec-fetch-dest request header.
show more ...
|
| c8525a21 | 11-Jul-2023 |
Andreas Gohr <andi@splitbrain.org> |
protect password reset with 2fa
This needed some internal changes, because now 2fa data needs to be
checked for a user that is not logged in. Providers may need adjustments
if they access user data.
protect password reset with 2fa
This needed some internal changes, because now 2fa data needs to be
checked for a user that is not logged in. Providers may need adjustments
if they access user data. They should use the getUserData() method of
the abstract Provider class to do so.
show more ...
|
| 131a3151 | 12-Jun-2023 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| 09c2ba1a | 11-Jun-2023 |
alexdraconian <78018187+alexdraconian@users.noreply.github.com> |
Add "useinternaluid" option |
| eb073a6e | 24-Jan-2023 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| ccbe238f | 24-Jan-2023 |
Andreas Gohr <andi@splitbrain.org> |
fix error message in admin interface |
| bd0bfa69 | 09-Sep-2022 |
Andreas Gohr <andi@splitbrain.org> |
Version upped |
| ac40c366 | 05-Sep-2022 |
Neil Brown <github@neilzone.co.uk> |
Update mandatory.txt
Fix tiny typo |
| 2b19153e | 07-Jul-2022 |
Anna Dabrowska <dabrowska@cosmocode.de> |
Version upped |
| 0d5f8055 | 07-Jul-2022 |
Anna Dabrowska <dabrowska@cosmocode.de> |
Properly handle optional 2fa
Having twofactor enabled but no configured providers broke
authentication in some cases
Fixes #1 |
| 0b066651 | 07-Apr-2022 |
Andreas Gohr <andi@splitbrain.org> |
upped version |
| 588e5659 | 06-Apr-2022 |
Andreas Gohr <andi@splitbrain.org> |
fix search initiated from paginated view |
| 9939401e | 22-Mar-2022 |
Andreas Gohr <andi@splitbrain.org> |
add deleted files |
| 3571ccfc | 22-Mar-2022 |
Andreas Gohr <andi@splitbrain.org> |
remove unused properties |
| db15b76e | 22-Mar-2022 |
Andreas Gohr <andi@splitbrain.org> |
filter case insensitive in user list |
| 6d69ca71 | 22-Mar-2022 |
Andreas Gohr <andi@splitbrain.org> |
do not access attribute plugin directly
We always want to use the Settings class to be able to replace the
attribute plugin in the future. |