Tim Düsterhus [Fri, 2 Oct 2020 08:43:00 +0000 (10:43 +0200)]
Remove obsolete SessionHandler::loadVirtualSession() method
Tim Düsterhus [Fri, 2 Oct 2020 08:38:24 +0000 (10:38 +0200)]
Stop loading virtual sessions when changeUser() is called
As of this commit virtual sessions will no longer be created.
Tim Düsterhus [Fri, 2 Oct 2020 08:37:21 +0000 (10:37 +0200)]
Stop loading virtual sessions when a new session is created
After this change virtual sessions are only created when `changeUser()` is
being called.
Tim Düsterhus [Thu, 1 Oct 2020 09:32:15 +0000 (11:32 +0200)]
Stop loading virtual sessions when a session is being resumed
This change causes the wcf1_session_virtual table to not necessarily contain a
row matching the current userAgent and ipAddress, even if the user has a valid
session. This is not too bad, considered that after the previous commits the
lastActivityTime was not being updated anyway.
Tim Düsterhus [Thu, 1 Oct 2020 09:24:04 +0000 (11:24 +0200)]
Stop maintaining the virtual session's lastActivityTime
Virtual sessions are about to be removed. This change does not affect user
visible behavior, apart from possibly expiring the session faster.
Tim Düsterhus [Wed, 30 Sep 2020 14:42:02 +0000 (16:42 +0200)]
Remove session_enable_virtualization option
This option became useless with the previous commit that removed the support
for disabling virtual sessions.
Tim Düsterhus [Wed, 30 Sep 2020 14:39:52 +0000 (16:39 +0200)]
Always enable virtual sessions
Virtual sessions will be removed shortly, making this commit technically
useless. However it allows us to remove some code paths, allowing this future
commit to be smaller.
Tim Düsterhus [Wed, 30 Sep 2020 14:36:54 +0000 (16:36 +0200)]
Remove loading of the virtual session from SessionHandler::getExistingSession()
The loading will be performed in loadVirtualSession(), so this change does not
result in a visible behavioral change.
Tim Düsterhus [Thu, 1 Oct 2020 14:09:43 +0000 (16:09 +0200)]
Merge pull request #3583 from WoltLab/session-remove-validation
Remove session validation options
Tim Düsterhus [Wed, 30 Sep 2020 14:36:14 +0000 (16:36 +0200)]
Remove SessionHandler::validate()
This method became a no-op since the validation options were removed.
Tim Düsterhus [Wed, 30 Sep 2020 14:34:07 +0000 (16:34 +0200)]
Remove session_validate_user_agent option
This option will not play well with long-lived user sessions and the security
benefit is roughly nil. After all almost anyone is using Google Chrome on
either Windows or Android.
Additionally since the session ID is no longer embedded within the URL losing
the session ID to a 3rd party is hard.
Tim Düsterhus [Wed, 30 Sep 2020 14:32:46 +0000 (16:32 +0200)]
Remove session_validate_ip_address option
This option basically is useless in the age of CGNAT and mobile networks.
Tim Düsterhus [Thu, 1 Oct 2020 11:14:13 +0000 (13:14 +0200)]
Merge pull request #3586 from WoltLab/session-cleanup
Remove dead code in SessionHandler
Tim Düsterhus [Thu, 1 Oct 2020 09:46:55 +0000 (11:46 +0200)]
Remove dead store to `$session` in SessionHandler::create()
This variable is always rewritten before it is read.
Tim Düsterhus [Thu, 1 Oct 2020 09:46:07 +0000 (11:46 +0200)]
Remove `createNewSession` variable in SessionHandler::create()
This always was `true` since the previous commits.
Tim Düsterhus [Thu, 1 Oct 2020 09:45:23 +0000 (11:45 +0200)]
Remove useless condition in SessionHandler::create()
`$session` is always `null` at this point since the previous commit.
Tim Düsterhus [Thu, 1 Oct 2020 09:42:09 +0000 (11:42 +0200)]
Remove obsolete call to getSessionByUserID in SessionHandler::create()
This call will always return `null`, since the user always is a guest at that
point, passing a `null` to the database query selecting rows `WHERE userID = ?`.
Incidentally it took me a while to understand why this would not return
existing guest sessions, until I remembered that `NULL` does not equal anything
in SQL and instead `IS NULL` needs to be used. It's good that this slightly
misleading part of the code is gone.
Tim Düsterhus [Thu, 1 Oct 2020 09:37:35 +0000 (11:37 +0200)]
Remove useless condition in SessionHandler::create()
This condition always was true since the removal of the legacy autologin in
commit
95953c7a4b18c70d569c4bafc9de2726a1727ef9.
Tim Düsterhus [Wed, 30 Sep 2020 13:58:42 +0000 (15:58 +0200)]
Merge pull request #3580 from WoltLab/session-password-refactor
Add new password hashing framework
joshuaruesweg [Wed, 30 Sep 2020 11:36:00 +0000 (13:36 +0200)]
Add explicit namespace for used methods
joshuaruesweg [Wed, 30 Sep 2020 11:16:09 +0000 (13:16 +0200)]
Add 'Smf2' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 11:15:21 +0000 (13:15 +0200)]
Add 'Smf1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:21:29 +0000 (12:21 +0200)]
Add 'CryptMD5' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:03:38 +0000 (12:03 +0200)]
Add 'Phpfox3' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:00:48 +0000 (12:00 +0200)]
Add 'Joomla3' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:59:59 +0000 (11:59 +0200)]
Add 'Joomla2' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:59:07 +0000 (11:59 +0200)]
Add 'Joomla1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:56:42 +0000 (11:56 +0200)]
Add 'Xf12' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:54:45 +0000 (11:54 +0200)]
Add 'Xf1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:51:53 +0000 (11:51 +0200)]
Add 'Wcf2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 17:19:14 +0000 (19:19 +0200)]
Add 'Wcf1e' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:40:25 +0000 (18:40 +0200)]
Add 'Wcf1' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:37:36 +0000 (18:37 +0200)]
Add 'Wbb2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:48:36 +0000 (17:48 +0200)]
Add 'Phpass' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:46:46 +0000 (17:46 +0200)]
Add 'Phpbb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:45:30 +0000 (17:45 +0200)]
Add trait for Phpass algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:50:31 +0000 (13:50 +0200)]
Add 'Mybb1' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:49:13 +0000 (13:49 +0200)]
Add 'Ipb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:43:51 +0000 (13:43 +0200)]
Add 'Ipb2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:31:04 +0000 (18:31 +0200)]
Add 'Vb5' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:29:54 +0000 (18:29 +0200)]
Add 'Vb4' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:46:58 +0000 (13:46 +0200)]
Add 'Vb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 10:56:39 +0000 (12:56 +0200)]
Add 'Argon2' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 10:18:39 +0000 (12:18 +0200)]
Rename IPasswordAlgorithm::needs_rehash() to needsRehash()
Tim Düsterhus [Tue, 29 Sep 2020 10:01:06 +0000 (12:01 +0200)]
Deprecate methods related to DoubleBcrypt in PasswordUtil
Tim Düsterhus [Tue, 29 Sep 2020 09:48:43 +0000 (11:48 +0200)]
Update UserEditor to make use of the new password checking framework
Tim Düsterhus [Tue, 29 Sep 2020 09:32:50 +0000 (11:32 +0200)]
Update User::checkPassword() to make use of the new password algorithm framework
Co-authored-by: Joshua Rüsweg <ruesweg@woltlab.com>
Tim Düsterhus [Tue, 29 Sep 2020 08:50:09 +0000 (10:50 +0200)]
Add PasswordAlgorithmManager
Tim Düsterhus [Tue, 29 Sep 2020 09:31:58 +0000 (11:31 +0200)]
Add 'DoubleBcrypt' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:38:19 +0000 (10:38 +0200)]
Add 'Invalid' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:35:46 +0000 (10:35 +0200)]
Add 'Bcrypt' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:26:08 +0000 (10:26 +0200)]
Add IPasswordAlgorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:51:26 +0000 (10:51 +0200)]
Remove obsolete imports
Tim Düsterhus [Tue, 29 Sep 2020 08:19:18 +0000 (10:19 +0200)]
Merge branch 'master' into session-meta
Most importantly for the argon2 compatibility adjustments.
Tim Düsterhus [Tue, 29 Sep 2020 08:17:44 +0000 (10:17 +0200)]
Merge pull request #3574 from WoltLab/session-remove-autologin
Remove legacy autologin functionality
Tim Düsterhus [Thu, 24 Sep 2020 09:02:21 +0000 (11:02 +0200)]
Remove logic related to automated login in IUserAuthentication
Alexander Ebert [Sun, 27 Sep 2020 22:25:15 +0000 (00:25 +0200)]
`UsersOnlineList::isVisibleObject()` expects a `UserOnline` object
Alexander Ebert [Sun, 27 Sep 2020 19:03:09 +0000 (21:03 +0200)]
Improved the UX of the style color palette
The style compatibility notice is now context sensitive. The boxes for the color selection now show a "hand" cursor and use a distinct hover state to highlight them.
Closes #3576
Alexander Ebert [Sun, 27 Sep 2020 19:01:26 +0000 (21:01 +0200)]
Merge branch 'master' of github.com:WoltLab/WCF
Alexander Ebert [Sun, 27 Sep 2020 13:54:17 +0000 (15:54 +0200)]
Removed the `*_autoscaled` suffix for images
joshuaruesweg [Sun, 27 Sep 2020 11:37:02 +0000 (13:37 +0200)]
Merge branch '5.2'
joshuaruesweg [Sun, 27 Sep 2020 11:35:02 +0000 (13:35 +0200)]
Add missing language variables
Alexander Ebert [Fri, 25 Sep 2020 22:57:51 +0000 (00:57 +0200)]
Release 5.3.0 Beta 1
Alexander Ebert [Thu, 24 Sep 2020 10:38:48 +0000 (12:38 +0200)]
Merge pull request #3571 from WoltLab/argon2
Add support for argon2 to PasswordUtil
Alexander Ebert [Thu, 24 Sep 2020 10:13:50 +0000 (12:13 +0200)]
Defaulting the user password to `invalid:`
Alexander Ebert [Thu, 24 Sep 2020 09:58:45 +0000 (11:58 +0200)]
Modify the password column during the upgrade
Tim Düsterhus [Thu, 24 Sep 2020 08:51:02 +0000 (10:51 +0200)]
Remove obsolete WCF.User.Login JavaScript
This JavaScript was required back when the login form allowed selecting whether
a login should be performed or whether a new account should be registered.
This select was removed in
5ea921192a4b9759c390ccf5c9378d714e3a2d62 (during
development of 3.0).
Tim Düsterhus [Thu, 24 Sep 2020 08:48:04 +0000 (10:48 +0200)]
Remove checkbox for persistent login (“useCookies”)
Tim Düsterhus [Thu, 24 Sep 2020 09:17:07 +0000 (11:17 +0200)]
Refactor Session Handling: Integration branch
Alexander Ebert [Thu, 24 Sep 2020 09:06:34 +0000 (11:06 +0200)]
Missing update of the version number
woltlab.com [Wed, 23 Sep 2020 19:43:33 +0000 (19:43 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 23 Sep 2020 19:41:30 +0000 (21:41 +0200)]
Removed debug code
Alexander Ebert [Wed, 23 Sep 2020 19:37:44 +0000 (21:37 +0200)]
Internal release 5.3.0 Beta 1
woltlab.com [Wed, 23 Sep 2020 16:44:17 +0000 (16:44 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 23 Sep 2020 16:37:50 +0000 (18:37 +0200)]
Merge branch '5.2'
woltlab.com [Wed, 23 Sep 2020 16:31:37 +0000 (16:31 +0000)]
Updating minified JavaScript files
Alexander Ebert [Wed, 23 Sep 2020 16:20:52 +0000 (18:20 +0200)]
New implementation for message preview for i18n editor instances
Alexander Ebert [Tue, 22 Sep 2020 17:49:43 +0000 (19:49 +0200)]
Incorrect handling of array indices for the list of active package servers
Alexander Ebert [Tue, 22 Sep 2020 17:17:14 +0000 (19:17 +0200)]
Cleaned up the default package servers
Alexander Ebert [Tue, 22 Sep 2020 13:26:09 +0000 (15:26 +0200)]
Apply the sort order for the list of users in the birthday list
Alexander Ebert [Tue, 22 Sep 2020 11:34:33 +0000 (13:34 +0200)]
Merge branch '5.2'
Alexander Ebert [Tue, 22 Sep 2020 11:34:16 +0000 (13:34 +0200)]
Increased the z-index of the reaction popover
This prevents the reactions from being overlapped by an adjacent tab menu on mobile devices.
Alexander Ebert [Tue, 22 Sep 2020 11:28:29 +0000 (13:28 +0200)]
Merge branch '5.2'
Alexander Ebert [Tue, 22 Sep 2020 11:28:12 +0000 (13:28 +0200)]
Do not block the installation of not yet installed projects
Fixes #3572
This commit rectifies the change in
d70a577df3662d168612e40035a4237c19bed5b0
Alexander Ebert [Tue, 22 Sep 2020 10:30:44 +0000 (12:30 +0200)]
Restored the 'mark as read' button for notifications
woltlab.com [Tue, 22 Sep 2020 10:04:51 +0000 (10:04 +0000)]
Updating minified JavaScript files
Tim Düsterhus [Mon, 21 Sep 2020 14:59:53 +0000 (16:59 +0200)]
Change wcf1_user.password to VARCHAR(255)
Tim Düsterhus [Mon, 21 Sep 2020 12:56:34 +0000 (14:56 +0200)]
Add support for argon2 to PasswordUtil
Alexander Ebert [Mon, 21 Sep 2020 10:06:29 +0000 (12:06 +0200)]
Merge branch '5.2'
Alexander Ebert [Mon, 21 Sep 2020 10:06:00 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2
Alexander Ebert [Mon, 21 Sep 2020 10:05:45 +0000 (12:05 +0200)]
Prevent data being pasted twice in Chromium on Android
Alexander Ebert [Sun, 20 Sep 2020 14:09:02 +0000 (16:09 +0200)]
Merge branch '5.2'
Alexander Ebert [Sun, 20 Sep 2020 14:08:39 +0000 (16:08 +0200)]
Use the `selectionchange` event to suppress the selection of the quote tooltip
Alexander Ebert [Sun, 20 Sep 2020 11:33:57 +0000 (13:33 +0200)]
Unified appeareance of links in interactive dropdowns
Alexander Ebert [Sun, 20 Sep 2020 10:33:20 +0000 (12:33 +0200)]
Raise an exceptions if a phrase name contains leading or trailing whitespace
Alexander Ebert [Sun, 20 Sep 2020 10:25:42 +0000 (12:25 +0200)]
Merge branch '5.2'
Alexander Ebert [Sun, 20 Sep 2020 10:25:30 +0000 (12:25 +0200)]
Prevent the read access to devtools projects without a valid path
Matthias Schmidt [Sun, 20 Sep 2020 06:59:44 +0000 (08:59 +0200)]
Fix property documentation
Matthias Schmidt [Sun, 20 Sep 2020 06:57:47 +0000 (08:57 +0200)]
Remove unused imports
Matthias Schmidt [Sat, 19 Sep 2020 16:08:46 +0000 (18:08 +0200)]
Fix ArticleCommentManager::isContentAuthor()
The comments belong to article contents, not the article itself.