43 Commits

Author	SHA1	Message	Date
janis	fc3181ee3b	fixing minor security issues	2026-05-20 19:35:11 +02:00
janis	a540a57efc	fixing a small thing wher eusers could update theyr username to other users usernames	2026-05-15 10:20:47 +02:00
janis	37cf88a06e	fixing potentiall xss in external domains list	2026-05-15 10:13:23 +02:00
janis	10fb66c470	set coockies to secure	2026-05-15 09:59:51 +02:00
janis	6e09214182	fixing session coockie to set to http only and secure	2026-05-15 09:53:18 +02:00
janis	5fdfddb20c	improving user mgmt	2026-05-08 00:21:30 +02:00
janis	ea84742e67	set max loaded logs to 25	2026-05-08 00:00:31 +02:00
janis	8c483b59b6	fix 500 error	2026-05-07 23:56:43 +02:00
janis	d7632748ab	adding password strength meter and session ui	2026-05-07 23:51:33 +02:00
janis	30a5360c68	changing rate limit	2026-05-07 23:18:07 +02:00
janis	ac60587be7	fix webauthn	2026-05-07 23:08:16 +02:00
janis	5be6047574	fix deserialize	2026-05-07 23:06:26 +02:00
janis	24f3baad0a	fixx passkey auth	2026-05-07 23:04:04 +02:00
janis	8dd132369c	fixing issues in passkey auth	2026-05-07 23:01:02 +02:00
janis	38cb9bf81f	adding user confirmation for external domains	2026-05-07 22:45:43 +02:00
janis	f038581c34	adding redirect warnings to external systems	2026-05-07 22:37:44 +02:00
janis	5e0b8a2fe8	setting rate limiting higher	2026-05-06 09:43:10 +02:00
janis	5deb0e1056	adding ratelimiting with reddis db	2026-05-06 09:27:02 +02:00
janis	d82a08f77b	adding enhanced csrf protection	2026-05-06 09:07:48 +02:00
janis	7ae7df0a11	fixing some security issues and harderning service	2026-05-06 08:51:51 +02:00
janis	0587706591	app-code/api/login/redirect.php aktualisiert	2026-04-23 18:45:57 +00:00
Janis Steiner	d0e8f692c6	fix xss in send_to ... fixing a major security vulnerability which allowed attackers to execute javascript via the send_to parameter	2026-04-19 19:00:13 +02:00
janis	025219f9ec	adding qr code on 2fa	2025-03-31 16:14:55 +00:00
janis	bdac5a04bb	fixing vuln where someone could change his username after loging in and therefore login with any account	2025-03-31 15:45:35 +00:00
Janis Steiner	3621a00fc1	new reset email	2025-01-04 16:31:18 +01:00
Janis Steiner	bd35f460db	adding small page to show all users	2025-01-04 16:14:56 +01:00
Janis Steiner	12b56c0683	.	2025-01-01 17:48:31 +01:00
Janis Steiner	6ddbe08a25	.	2025-01-01 17:43:04 +01:00
Janis Steiner	96f4b45a6f	.	2025-01-01 17:38:03 +01:00
Janis Steiner	c5fc190ad6	removing some :444	2025-01-01 17:27:06 +01:00
Janis Steiner	47d009e96f	fixing a bug where password update failed because of htmlspecialchars	2024-12-31 11:29:30 +01:00
Janis Steiner	3dfbd1f8d5	changin domain to auth.jakach.ch	2024-12-28 18:37:32 +01:00
Janis Steiner	5214c96b90	adding keepmeloggedin	2024-12-28 17:15:57 +01:00
Janis Steiner	8be17ce8df	adding functionalitiy to send login messages via telegram and password reset links via telegram/email	2024-12-27 20:36:44 +01:00
Janis Steiner	9e16e6b29a	adding oauth capabilities	2024-12-26 18:18:18 +01:00
Janis Steiner	301c9493b1	finishing touches for passkey auth, oauth and more	2024-12-26 13:12:24 +01:00
Janis Steiner	e8cba3edf6	Adding all the code i changed. It now supports mfa, passkeys and passwords	2024-12-25 23:56:19 +01:00
Janis Steiner	ea743d19e9	adding first auth layer => password	2024-12-18 22:47:23 +01:00
Janis Steiner	1c70fb08d8	Delete app-code/api/login/verify_passkey.php	2024-12-18 18:41:51 +00:00
Janis Steiner	20ad4aafb7	Delete app-code/api/login/create_passkey.php	2024-12-18 18:41:43 +00:00
Janis Steiner	882b447c8e	Delete app-code/api/login/test.html	2024-12-18 18:41:34 +00:00
Janis Steiner	391d7e318d	adding some code, still stesting it	2024-12-18 19:40:09 +01:00
Janis Steiner	42b624dc5a	not traking certs folder	2024-12-13 15:02:02 +01:00