GitHub/WoltLab/WCF.git
4 years agoRemove obsolete SessionHandler::loadVirtualSession() method
Tim Düsterhus [Fri, 2 Oct 2020 08:43:00 +0000 (10:43 +0200)]
Remove obsolete SessionHandler::loadVirtualSession() method

4 years agoStop loading virtual sessions when changeUser() is called
Tim Düsterhus [Fri, 2 Oct 2020 08:38:24 +0000 (10:38 +0200)]
Stop loading virtual sessions when changeUser() is called

As of this commit virtual sessions will no longer be created.

4 years agoStop loading virtual sessions when a new session is created
Tim Düsterhus [Fri, 2 Oct 2020 08:37:21 +0000 (10:37 +0200)]
Stop loading virtual sessions when a new session is created

After this change virtual sessions are only created when `changeUser()` is
being called.

4 years agoStop loading virtual sessions when a session is being resumed
Tim Düsterhus [Thu, 1 Oct 2020 09:32:15 +0000 (11:32 +0200)]
Stop loading virtual sessions when a session is being resumed

This change causes the wcf1_session_virtual table to not necessarily contain a
row matching the current userAgent and ipAddress, even if the user has a valid
session. This is not too bad, considered that after the previous commits the
lastActivityTime was not being updated anyway.

4 years agoStop maintaining the virtual session's lastActivityTime
Tim Düsterhus [Thu, 1 Oct 2020 09:24:04 +0000 (11:24 +0200)]
Stop maintaining the virtual session's lastActivityTime

Virtual sessions are about to be removed. This change does not affect user
visible behavior, apart from possibly expiring the session faster.

4 years agoRemove session_enable_virtualization option
Tim Düsterhus [Wed, 30 Sep 2020 14:42:02 +0000 (16:42 +0200)]
Remove session_enable_virtualization option

This option became useless with the previous commit that removed the support
for disabling virtual sessions.

4 years agoAlways enable virtual sessions
Tim Düsterhus [Wed, 30 Sep 2020 14:39:52 +0000 (16:39 +0200)]
Always enable virtual sessions

Virtual sessions will be removed shortly, making this commit technically
useless. However it allows us to remove some code paths, allowing this future
commit to be smaller.

4 years agoRemove loading of the virtual session from SessionHandler::getExistingSession()
Tim Düsterhus [Wed, 30 Sep 2020 14:36:54 +0000 (16:36 +0200)]
Remove loading of the virtual session from SessionHandler::getExistingSession()

The loading will be performed in loadVirtualSession(), so this change does not
result in a visible behavioral change.

4 years agoMerge pull request #3583 from WoltLab/session-remove-validation
Tim Düsterhus [Thu, 1 Oct 2020 14:09:43 +0000 (16:09 +0200)]
Merge pull request #3583 from WoltLab/session-remove-validation

Remove session validation options

4 years agoRemove SessionHandler::validate()
Tim Düsterhus [Wed, 30 Sep 2020 14:36:14 +0000 (16:36 +0200)]
Remove SessionHandler::validate()

This method became a no-op since the validation options were removed.

4 years agoRemove session_validate_user_agent option
Tim Düsterhus [Wed, 30 Sep 2020 14:34:07 +0000 (16:34 +0200)]
Remove session_validate_user_agent option

This option will not play well with long-lived user sessions and the security
benefit is roughly nil. After all almost anyone is using Google Chrome on
either Windows or Android.

Additionally since the session ID is no longer embedded within the URL losing
the session ID to a 3rd party is hard.

4 years agoRemove session_validate_ip_address option
Tim Düsterhus [Wed, 30 Sep 2020 14:32:46 +0000 (16:32 +0200)]
Remove session_validate_ip_address option

This option basically is useless in the age of CGNAT and mobile networks.

4 years agoMerge pull request #3586 from WoltLab/session-cleanup
Tim Düsterhus [Thu, 1 Oct 2020 11:14:13 +0000 (13:14 +0200)]
Merge pull request #3586 from WoltLab/session-cleanup

Remove dead code in SessionHandler

4 years agoRemove dead store to `$session` in SessionHandler::create()
Tim Düsterhus [Thu, 1 Oct 2020 09:46:55 +0000 (11:46 +0200)]
Remove dead store to `$session` in SessionHandler::create()

This variable is always rewritten before it is read.

4 years agoRemove `createNewSession` variable in SessionHandler::create()
Tim Düsterhus [Thu, 1 Oct 2020 09:46:07 +0000 (11:46 +0200)]
Remove `createNewSession` variable in SessionHandler::create()

This always was `true` since the previous commits.

4 years agoRemove useless condition in SessionHandler::create()
Tim Düsterhus [Thu, 1 Oct 2020 09:45:23 +0000 (11:45 +0200)]
Remove useless condition in SessionHandler::create()

`$session` is always `null` at this point since the previous commit.

4 years agoRemove obsolete call to getSessionByUserID in SessionHandler::create()
Tim Düsterhus [Thu, 1 Oct 2020 09:42:09 +0000 (11:42 +0200)]
Remove obsolete call to getSessionByUserID in SessionHandler::create()

This call will always return `null`, since the user always is a guest at that
point, passing a `null` to the database query selecting rows `WHERE userID = ?`.

Incidentally it took me a while to understand why this would not return
existing guest sessions, until I remembered that `NULL` does not equal anything
in SQL and instead `IS NULL` needs to be used. It's good that this slightly
misleading part of the code is gone.

4 years agoRemove useless condition in SessionHandler::create()
Tim Düsterhus [Thu, 1 Oct 2020 09:37:35 +0000 (11:37 +0200)]
Remove useless condition in SessionHandler::create()

This condition always was true since the removal of the legacy autologin in
commit 95953c7a4b18c70d569c4bafc9de2726a1727ef9.

4 years agoMerge pull request #3580 from WoltLab/session-password-refactor
Tim Düsterhus [Wed, 30 Sep 2020 13:58:42 +0000 (15:58 +0200)]
Merge pull request #3580 from WoltLab/session-password-refactor

Add new password hashing framework

4 years agoAdd explicit namespace for used methods
joshuaruesweg [Wed, 30 Sep 2020 11:36:00 +0000 (13:36 +0200)]
Add explicit namespace for used methods

4 years agoAdd 'Smf2' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 11:16:09 +0000 (13:16 +0200)]
Add 'Smf2' password algorithm

4 years agoAdd 'Smf1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 11:15:21 +0000 (13:15 +0200)]
Add 'Smf1' password algorithm

4 years agoAdd 'CryptMD5' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:21:29 +0000 (12:21 +0200)]
Add 'CryptMD5' password algorithm

4 years agoAdd 'Phpfox3' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:03:38 +0000 (12:03 +0200)]
Add 'Phpfox3' password algorithm

4 years agoAdd 'Joomla3' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 10:00:48 +0000 (12:00 +0200)]
Add 'Joomla3' password algorithm

4 years agoAdd 'Joomla2' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:59:59 +0000 (11:59 +0200)]
Add 'Joomla2' password algorithm

4 years agoAdd 'Joomla1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:59:07 +0000 (11:59 +0200)]
Add 'Joomla1' password algorithm

4 years agoAdd 'Xf12' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:56:42 +0000 (11:56 +0200)]
Add 'Xf12' password algorithm

4 years agoAdd 'Xf1' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:54:45 +0000 (11:54 +0200)]
Add 'Xf1' password algorithm

4 years agoAdd 'Wcf2' password algorithm
joshuaruesweg [Wed, 30 Sep 2020 09:51:53 +0000 (11:51 +0200)]
Add 'Wcf2' password algorithm

4 years agoAdd 'Wcf1e' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 17:19:14 +0000 (19:19 +0200)]
Add 'Wcf1e' password algorithm

4 years agoAdd 'Wcf1' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:40:25 +0000 (18:40 +0200)]
Add 'Wcf1' password algorithm

4 years agoAdd 'Wbb2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:37:36 +0000 (18:37 +0200)]
Add 'Wbb2' password algorithm

4 years agoAdd 'Phpass' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:48:36 +0000 (17:48 +0200)]
Add 'Phpass' password algorithm

4 years agoAdd 'Phpbb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:46:46 +0000 (17:46 +0200)]
Add 'Phpbb3' password algorithm

4 years agoAdd trait for Phpass algorithm
joshuaruesweg [Tue, 29 Sep 2020 15:45:30 +0000 (17:45 +0200)]
Add trait for Phpass algorithm

4 years agoAdd 'Mybb1' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:50:31 +0000 (13:50 +0200)]
Add 'Mybb1' password algorithm

4 years agoAdd 'Ipb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:49:13 +0000 (13:49 +0200)]
Add 'Ipb3' password algorithm

4 years agoAdd 'Ipb2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:43:51 +0000 (13:43 +0200)]
Add 'Ipb2' password algorithm

4 years agoAdd 'Vb5' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:31:04 +0000 (18:31 +0200)]
Add 'Vb5' password algorithm

4 years agoAdd 'Vb4' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 16:29:54 +0000 (18:29 +0200)]
Add 'Vb4' password algorithm

4 years agoAdd 'Vb3' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 11:46:58 +0000 (13:46 +0200)]
Add 'Vb3' password algorithm

4 years agoAdd 'Argon2' password algorithm
joshuaruesweg [Tue, 29 Sep 2020 10:56:39 +0000 (12:56 +0200)]
Add 'Argon2' password algorithm

4 years agoRename IPasswordAlgorithm::needs_rehash() to needsRehash()
Tim Düsterhus [Tue, 29 Sep 2020 10:18:39 +0000 (12:18 +0200)]
Rename IPasswordAlgorithm::needs_rehash() to needsRehash()

4 years agoDeprecate methods related to DoubleBcrypt in PasswordUtil
Tim Düsterhus [Tue, 29 Sep 2020 10:01:06 +0000 (12:01 +0200)]
Deprecate methods related to DoubleBcrypt in PasswordUtil

4 years agoUpdate UserEditor to make use of the new password checking framework
Tim Düsterhus [Tue, 29 Sep 2020 09:48:43 +0000 (11:48 +0200)]
Update UserEditor to make use of the new password checking framework

4 years agoUpdate User::checkPassword() to make use of the new password algorithm framework
Tim Düsterhus [Tue, 29 Sep 2020 09:32:50 +0000 (11:32 +0200)]
Update User::checkPassword() to make use of the new password algorithm framework

Co-authored-by: Joshua Rüsweg <ruesweg@woltlab.com>
4 years agoAdd PasswordAlgorithmManager
Tim Düsterhus [Tue, 29 Sep 2020 08:50:09 +0000 (10:50 +0200)]
Add PasswordAlgorithmManager

4 years agoAdd 'DoubleBcrypt' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 09:31:58 +0000 (11:31 +0200)]
Add 'DoubleBcrypt' password algorithm

4 years agoAdd 'Invalid' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:38:19 +0000 (10:38 +0200)]
Add 'Invalid' password algorithm

4 years agoAdd 'Bcrypt' password algorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:35:46 +0000 (10:35 +0200)]
Add 'Bcrypt' password algorithm

4 years agoAdd IPasswordAlgorithm
Tim Düsterhus [Tue, 29 Sep 2020 08:26:08 +0000 (10:26 +0200)]
Add IPasswordAlgorithm

4 years agoRemove obsolete imports
Tim Düsterhus [Tue, 29 Sep 2020 08:51:26 +0000 (10:51 +0200)]
Remove obsolete imports

4 years agoMerge branch 'master' into session-meta
Tim Düsterhus [Tue, 29 Sep 2020 08:19:18 +0000 (10:19 +0200)]
Merge branch 'master' into session-meta

Most importantly for the argon2 compatibility adjustments.

4 years agoMerge pull request #3574 from WoltLab/session-remove-autologin
Tim Düsterhus [Tue, 29 Sep 2020 08:17:44 +0000 (10:17 +0200)]
Merge pull request #3574 from WoltLab/session-remove-autologin

Remove legacy autologin functionality

4 years agoRemove logic related to automated login in IUserAuthentication
Tim Düsterhus [Thu, 24 Sep 2020 09:02:21 +0000 (11:02 +0200)]
Remove logic related to automated login in IUserAuthentication

4 years ago`UsersOnlineList::isVisibleObject()` expects a `UserOnline` object
Alexander Ebert [Sun, 27 Sep 2020 22:25:15 +0000 (00:25 +0200)]
`UsersOnlineList::isVisibleObject()` expects a `UserOnline` object

4 years agoImproved the UX of the style color palette
Alexander Ebert [Sun, 27 Sep 2020 19:03:09 +0000 (21:03 +0200)]
Improved the UX of the style color palette

The style compatibility notice is now context sensitive. The boxes for the color selection now show a "hand" cursor and use a distinct hover state to highlight them.

Closes #3576

4 years agoMerge branch 'master' of github.com:WoltLab/WCF
Alexander Ebert [Sun, 27 Sep 2020 19:01:26 +0000 (21:01 +0200)]
Merge branch 'master' of github.com:WoltLab/WCF

4 years agoRemoved the `*_autoscaled` suffix for images
Alexander Ebert [Sun, 27 Sep 2020 13:54:17 +0000 (15:54 +0200)]
Removed the `*_autoscaled` suffix for images

4 years agoMerge branch '5.2'
joshuaruesweg [Sun, 27 Sep 2020 11:37:02 +0000 (13:37 +0200)]
Merge branch '5.2'

4 years agoAdd missing language variables
joshuaruesweg [Sun, 27 Sep 2020 11:35:02 +0000 (13:35 +0200)]
Add missing language variables

4 years agoRelease 5.3.0 Beta 1 5.3.0_Beta_1
Alexander Ebert [Fri, 25 Sep 2020 22:57:51 +0000 (00:57 +0200)]
Release 5.3.0 Beta 1

4 years agoMerge pull request #3571 from WoltLab/argon2
Alexander Ebert [Thu, 24 Sep 2020 10:38:48 +0000 (12:38 +0200)]
Merge pull request #3571 from WoltLab/argon2

Add support for argon2 to PasswordUtil

4 years agoDefaulting the user password to `invalid:`
Alexander Ebert [Thu, 24 Sep 2020 10:13:50 +0000 (12:13 +0200)]
Defaulting the user password to `invalid:`

4 years agoModify the password column during the upgrade
Alexander Ebert [Thu, 24 Sep 2020 09:58:45 +0000 (11:58 +0200)]
Modify the password column during the upgrade

4 years agoRemove obsolete WCF.User.Login JavaScript
Tim Düsterhus [Thu, 24 Sep 2020 08:51:02 +0000 (10:51 +0200)]
Remove obsolete WCF.User.Login JavaScript

This JavaScript was required back when the login form allowed selecting whether
a login should be performed or whether a new account should be registered.

This select was removed in 5ea921192a4b9759c390ccf5c9378d714e3a2d62 (during
development of 3.0).

4 years agoRemove checkbox for persistent login (“useCookies”)
Tim Düsterhus [Thu, 24 Sep 2020 08:48:04 +0000 (10:48 +0200)]
Remove checkbox for persistent login (“useCookies”)

4 years agoRefactor Session Handling: Integration branch
Tim Düsterhus [Thu, 24 Sep 2020 09:17:07 +0000 (11:17 +0200)]
Refactor Session Handling: Integration branch

4 years agoMissing update of the version number
Alexander Ebert [Thu, 24 Sep 2020 09:06:34 +0000 (11:06 +0200)]
Missing update of the version number

4 years agoUpdating minified JavaScript files
woltlab.com [Wed, 23 Sep 2020 19:43:33 +0000 (19:43 +0000)]
Updating minified JavaScript files

4 years agoRemoved debug code
Alexander Ebert [Wed, 23 Sep 2020 19:41:30 +0000 (21:41 +0200)]
Removed debug code

4 years agoInternal release 5.3.0 Beta 1
Alexander Ebert [Wed, 23 Sep 2020 19:37:44 +0000 (21:37 +0200)]
Internal release 5.3.0 Beta 1

4 years agoUpdating minified JavaScript files
woltlab.com [Wed, 23 Sep 2020 16:44:17 +0000 (16:44 +0000)]
Updating minified JavaScript files

4 years agoMerge branch '5.2'
Alexander Ebert [Wed, 23 Sep 2020 16:37:50 +0000 (18:37 +0200)]
Merge branch '5.2'

4 years agoUpdating minified JavaScript files
woltlab.com [Wed, 23 Sep 2020 16:31:37 +0000 (16:31 +0000)]
Updating minified JavaScript files

4 years agoNew implementation for message preview for i18n editor instances
Alexander Ebert [Wed, 23 Sep 2020 16:20:52 +0000 (18:20 +0200)]
New implementation for message preview for i18n editor instances

4 years agoIncorrect handling of array indices for the list of active package servers
Alexander Ebert [Tue, 22 Sep 2020 17:49:43 +0000 (19:49 +0200)]
Incorrect handling of array indices for the list of active package servers

4 years agoCleaned up the default package servers
Alexander Ebert [Tue, 22 Sep 2020 17:17:14 +0000 (19:17 +0200)]
Cleaned up the default package servers

4 years agoApply the sort order for the list of users in the birthday list
Alexander Ebert [Tue, 22 Sep 2020 13:26:09 +0000 (15:26 +0200)]
Apply the sort order for the list of users in the birthday list

4 years agoMerge branch '5.2'
Alexander Ebert [Tue, 22 Sep 2020 11:34:33 +0000 (13:34 +0200)]
Merge branch '5.2'

4 years agoIncreased the z-index of the reaction popover
Alexander Ebert [Tue, 22 Sep 2020 11:34:16 +0000 (13:34 +0200)]
Increased the z-index of the reaction popover

This prevents the reactions from being overlapped by an adjacent tab menu on mobile devices.

4 years agoMerge branch '5.2'
Alexander Ebert [Tue, 22 Sep 2020 11:28:29 +0000 (13:28 +0200)]
Merge branch '5.2'

4 years agoDo not block the installation of not yet installed projects
Alexander Ebert [Tue, 22 Sep 2020 11:28:12 +0000 (13:28 +0200)]
Do not block the installation of not yet installed projects

Fixes #3572

This commit rectifies the change in d70a577df3662d168612e40035a4237c19bed5b0

4 years agoRestored the 'mark as read' button for notifications
Alexander Ebert [Tue, 22 Sep 2020 10:30:44 +0000 (12:30 +0200)]
Restored the 'mark as read' button for notifications

4 years agoUpdating minified JavaScript files
woltlab.com [Tue, 22 Sep 2020 10:04:51 +0000 (10:04 +0000)]
Updating minified JavaScript files

4 years agoChange wcf1_user.password to VARCHAR(255)
Tim Düsterhus [Mon, 21 Sep 2020 14:59:53 +0000 (16:59 +0200)]
Change wcf1_user.password to VARCHAR(255)

4 years agoAdd support for argon2 to PasswordUtil
Tim Düsterhus [Mon, 21 Sep 2020 12:56:34 +0000 (14:56 +0200)]
Add support for argon2 to PasswordUtil

4 years agoMerge branch '5.2'
Alexander Ebert [Mon, 21 Sep 2020 10:06:29 +0000 (12:06 +0200)]
Merge branch '5.2'

4 years agoMerge branch '3.1' into 5.2
Alexander Ebert [Mon, 21 Sep 2020 10:06:00 +0000 (12:06 +0200)]
Merge branch '3.1' into 5.2

4 years agoPrevent data being pasted twice in Chromium on Android
Alexander Ebert [Mon, 21 Sep 2020 10:05:45 +0000 (12:05 +0200)]
Prevent data being pasted twice in Chromium on Android

4 years agoMerge branch '5.2'
Alexander Ebert [Sun, 20 Sep 2020 14:09:02 +0000 (16:09 +0200)]
Merge branch '5.2'

4 years agoUse the `selectionchange` event to suppress the selection of the quote tooltip
Alexander Ebert [Sun, 20 Sep 2020 14:08:39 +0000 (16:08 +0200)]
Use the `selectionchange` event to suppress the selection of the quote tooltip

4 years agoUnified appeareance of links in interactive dropdowns
Alexander Ebert [Sun, 20 Sep 2020 11:33:57 +0000 (13:33 +0200)]
Unified appeareance of links in interactive dropdowns

4 years agoRaise an exceptions if a phrase name contains leading or trailing whitespace
Alexander Ebert [Sun, 20 Sep 2020 10:33:20 +0000 (12:33 +0200)]
Raise an exceptions if a phrase name contains leading or trailing whitespace

4 years agoMerge branch '5.2'
Alexander Ebert [Sun, 20 Sep 2020 10:25:42 +0000 (12:25 +0200)]
Merge branch '5.2'

4 years agoPrevent the read access to devtools projects without a valid path
Alexander Ebert [Sun, 20 Sep 2020 10:25:30 +0000 (12:25 +0200)]
Prevent the read access to devtools projects without a valid path

4 years agoFix property documentation
Matthias Schmidt [Sun, 20 Sep 2020 06:59:44 +0000 (08:59 +0200)]
Fix property documentation

4 years agoRemove unused imports
Matthias Schmidt [Sun, 20 Sep 2020 06:57:47 +0000 (08:57 +0200)]
Remove unused imports

4 years agoFix ArticleCommentManager::isContentAuthor()
Matthias Schmidt [Sat, 19 Sep 2020 16:08:46 +0000 (18:08 +0200)]
Fix ArticleCommentManager::isContentAuthor()

The comments belong to article contents, not the article itself.