FreshRSS (Customized)/app/Models/Auth.php, branch 1.16.0

fix: Make sure to have user conf in hasAccess (#2769)

2020-01-16T13:25:51+00:00

The `FreshRSS_Auth::hasAccess` method is called during auth initialization (`app/FreshRSS.php:78`), only for `user#create` action. However, at this step, the `user` configuration namespace hasn't be initialized yet, and so users weren't able to register because of the exception... quite critical!

Add an admin flag on users (#2709)

2020-01-06T19:28:04+00:00

Now FRSS supports more than one admin. Admins have the same rights as the default user. Admins can promote or demote other users. The default user is considered as an admin even if it does not have the admin flag enabled. See #2096

Require PHP 5.5+ (#2495)

2019-08-20T12:55:43+00:00

* Require PHP 5.5+ https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093 I think it would be reasonable to require PHP 5.5+ for the core of FreshRSS after all. As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the most popular PHP application. We would loose about 20% of the PHP servers according to https://w3techs.com/technologies/details/pl-php/5/all but I expect this number to drop fast after the release of CentOS 8 (CentOS accounts for 17% of Linux servers https://w3techs.com/technologies/details/os-linux/all/all ). Distributions: * no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze, Mageia, as all active versions have PHP > 7 * no impact on OpenSuze, Synology, as all active versions have PHP > 5.5 * we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch (2017-06) - current is Debian 10 Buster * we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05) * we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released soonish) When dropping older versions, I can better like when it is for a good reason, and there is actually one with PHP 5.5, namely generators (yield) https://php.net/language.generators.overview which I consider using. * Version note for JSON.php * hex2bin * Update .travis.yml Co-Authored-By: Frans de Jonge

Rework CSRF interaction with sessions (#2290)

2019-03-22T18:05:38+00:00

* Rework CSRF interaction with sessions Fix https://github.com/FreshRSS/FreshRSS/issues/2288 Improve security in some edge cases Maybe relevant for https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671 * Forgotten mime type

Session fix when form + HTTP auth are used (#2286)

2019-03-20T16:52:31+00:00

https://github.com/Alkarex/FreshRSS/commit/bf51c82d55f6bf1af2a6464ca4f148d6c613d28f https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-473873922

HTTP authenfication fixes (#2204)

2019-01-02T20:43:05+00:00

* Security fixes when HTTP user does not exist in FreshRSS * Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik) * Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202

Fix undefined conf (#2163)

2018-12-04T20:26:10+00:00

Small fix for https://github.com/FreshRSS/FreshRSS/pull/2137

Edit cookie_duration from GUI (#2137)

2018-11-18T18:34:41+00:00

* Use cookie_duration correctly * WIP allow cookie_duration to be modified from GUI * Allow cookie_duration to actually be updated * Update view to properly display cookie_duration * Add new strings in Translation Files * Fix typo * Fix trailing whitespace * I18n: French translation * I18n fr: Forgot todo

Fix bug when using double authentication (#1809)

2018-03-03T09:33:40+00:00

https://github.com/FreshRSS/FreshRSS/issues/1807

Fix login bug when HTTP REMOTE_USER changes

2018-01-01T21:11:15+00:00

https://github.com/YunoHost-Apps/freshrss_ynh/issues/33