FreshRSS (Customized)/app/Controllers/authController.php, branch 1.28.1-custom Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.28.1-custom 2025-12-04T19:10:20+00:00 Move unsafe autologin to an extension (#7958) 2025-12-04T19:10:20+00:00 Inverle inverle@proton.me 2025-12-04T19:10:20+00:00 urn:sha1:6d2bb24b3772a7b839d6911c1e1fe27151d29bfa Completes the following TODO https://github.com/FreshRSS/FreshRSS/issues/7923: https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/authController.php#L105 Extension PR: https://github.com/FreshRSS/Extensions/pull/364 https://github.com/FreshRSS/Extensions/tree/main/xExtension-UnsafeAutologin Housekeeping lib_rss.php (#8193) 2025-11-11T07:17:12+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-11-11T07:17:12+00:00 urn:sha1:a18c35046daee15e7ac5f85db290d54541a03e3c * Housekeeping lib_rss.php `lib_rss.php` had become much too large, especially after https://github.com/FreshRSS/FreshRSS/pull/7924 Moved most functions to other places. Mostly no change of code otherwise (see comments). * Extension: composer run-script phpstan-third-party configurable notification timeout (#7942) 2025-10-01T08:48:07+00:00 maTh 1645099+math-GH@users.noreply.github.com 2025-10-01T08:48:07+00:00 urn:sha1:2bcc090622c0e62dbff94e52bb6892a51b40ba2a Ref #7931 Ref #5466 Ref #6409 added configuration in "Display" <img width="636" height="167" alt="grafik" src="https://github.com/user-attachments/assets/7bbc9f26-d91b-4dd2-b715-1d3f9b7a9ad3" /> * i18n: fr * Update app/i18n/pl/conf.php Co-authored-by: Inverle <inverle@proton.me> * make fix-all * max() * Minor whitespace (I am not a fan of excessive vertical indenting) --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: Inverle <inverle@proton.me> Prevent logout CSRFs (#7999) 2025-09-25T19:52:29+00:00 Inverle inverle@proton.me 2025-09-25T19:52:29+00:00 urn:sha1:f8b2b8c4153f8acdb4267a269ada27f8af22d7d9 By avoiding `FreshRSS_Context::initUser()` calls Regenerate session ID on login (#7829) 2025-08-30T19:40:00+00:00 Inverle inverle@proton.me 2025-08-30T19:40:00+00:00 urn:sha1:200eafb352f807bd70592b2ccc06745017328a85 Follow-up to #7762 * Regenerate session ID on login * Send only one cookie * Improvements * Delete old session file * Simplify * Make function consistent with others Implement sudo mode / reauthentication (#7753) 2025-07-31T11:53:14+00:00 Inverle inverle@proton.me 2025-07-31T11:53:14+00:00 urn:sha1:3ce64d271b2b470bd6c9f7294946347dcdfed9b9 * Implement sudo mode / reauthentication * i18n: fr * generate flags * Improvements * Remove HMAC check * Don't require reauth to access logs when signed in as admin * Notify user of bad login via notification instead --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Regenerate cookie ID after logging out (#7762) 2025-07-29T12:44:14+00:00 Inverle inverle@proton.me 2025-07-29T12:44:14+00:00 urn:sha1:e967b07589f687fcd2f71e2df265fcb7c4f15c07 To make the session cookie no longer usable if hijacked and put in another browser after user logs out Use HTTP POST for logout (#7489) 2025-04-05T21:15:37+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-05T21:15:37+00:00 urn:sha1:d858053a7c70b3fee0fe407420ff8bd1466d5de2 * Use HTTP POST for logout To avoid potential CSRF risks * Fixed button font issue * Minor whitespace Update bcrypt.js from 2.4.4 to 3.0.2 (#7449) 2025-03-25T09:19:51+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-03-25T09:19:51+00:00 urn:sha1:d0b961131939800a119801bfce7411ad2e429e9e https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0 Can be updated to the latest version with: `curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js` fix: Update the user's last activity on login action (#7406) 2025-03-05T21:36:41+00:00 berumuron dev@marienfressinaud.fr 2025-03-05T21:36:41+00:00 urn:sha1:40cdeb86874296b090dfb48ce4d0d6c41455405b